CVE-2024-57823
Severity: important
Released on: 10/01/2025
Advisory:
Bugzilla: 2336921
Bugzilla Description:
raptor: integer underflow when normalizing a URI with the turtle parser
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-57822
Severity: moderate
Released on: 10/01/2025
Advisory:
Bugzilla: 2336922
Bugzilla Description:
raptor: heap-based buffer over-read vulnerability
CVSS Score:
CVSSv3 Score: 4.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2025-23022
Severity: moderate
Released on: 10/01/2025
Advisory:
Bugzilla: 2336955
Bugzilla Description:
freetype: signed integer overflow in cf2_doFlex
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat build of OpenJDK 11,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 21,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2025-22445
Severity: low
Released on: 09/01/2025
Advisory:
Bugzilla: 2336671
Bugzilla Description:
mattermost: Misleading UI for undefined admin console settings in Calls causes security confusion
CVSS Score:
CVSSv3 Score: 3.5
Vector:
CWE: CWE-754
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 8,Red Hat OpenShift GitOps,
Full Details
CVE document
CVE-2025-20033
Severity: moderate
Released on: 09/01/2025
Advisory:
Bugzilla: 2336629
Bugzilla Description:
mattermost: DoS via custom post type for sysconsole plugin readers
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-1287
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 8,Red Hat OpenShift GitOps,
Full Details
CVE document
CVE-2025-22449
Severity: low
Released on: 09/01/2025
Advisory:
Bugzilla: 2336638
Bugzilla Description:
mattermost: Access control flaw for team admins allows unauthorized team additions
CVSS Score:
CVSSv3 Score: 3.8
Vector:
CWE: CWE-863
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 8,Red Hat OpenShift GitOps,
Full Details
CVE document
CVE-2024-37372
Severity: low
Released on: 09/01/2025
Advisory:
Bugzilla: 2336663
Bugzilla Description:
nodejs: Permission model improperly processes UNC paths
CVSS Score:
CVSSv3 Score: 3.6
Vector:
CWE: CWE-754
Affected Packages:
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2024-55459
Severity: moderate
Released on: 08/01/2025
Advisory:
Bugzilla: 2336426
Bugzilla Description:
keras: arbitrary file write via get_file function
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2024-56770
Severity: moderate
Released on: 08/01/2025
Advisory:
Bugzilla: 2336429
Bugzilla Description:
kernel: net/sched: netem: account for backlog updates from child qdisc
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56787
Severity: low
Released on: 08/01/2025
Advisory:
Bugzilla: 2336540
Bugzilla Description:
kernel: soc: imx8m: Probe the SoC driver as platform driver
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56786
Severity: low
Released on: 08/01/2025
Advisory:
Bugzilla: 2336541
Bugzilla Description:
kernel: bpf: put bpf_link's program when link is safe to be deallocated
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56785
Severity: moderate
Released on: 08/01/2025
Advisory:
Bugzilla: 2336543
Bugzilla Description:
kernel: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56784
Severity: moderate
Released on: 08/01/2025
Advisory:
Bugzilla: 2336544
Bugzilla Description:
kernel: drm/amd/display: Adding array index check to prevent memory corruption
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56783
Severity: moderate
Released on: 08/01/2025
Advisory:
Bugzilla: 2336546
Bugzilla Description:
kernel: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56781
Severity: low
Released on: 08/01/2025
Advisory:
Bugzilla: 2336547
Bugzilla Description:
kernel: powerpc/prom_init: Fixup missing powermac #size-cells
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56782
Severity: low
Released on: 08/01/2025
Advisory:
Bugzilla: 2336548
Bugzilla Description:
kernel: ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56780
Severity: low
Released on: 08/01/2025
Advisory:
Bugzilla: 2336549
Bugzilla Description:
kernel: quota: flush quota_release_work upon quota writeback
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56779
Severity: low
Released on: 08/01/2025
Advisory:
Bugzilla: 2336550
Bugzilla Description:
kernel: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56778
Severity: moderate
Released on: 08/01/2025
Advisory:
Bugzilla: 2336551
Bugzilla Description:
kernel: drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56777
Severity: moderate
Released on: 08/01/2025
Advisory:
Bugzilla: 2336552
Bugzilla Description:
kernel: drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56776
Severity: moderate
Released on: 08/01/2025
Advisory:
Bugzilla: 2336553
Bugzilla Description:
kernel: drm/sti: avoid potential dereference of error pointers
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56775
Severity: low
Released on: 08/01/2025
Advisory:
Bugzilla: 2336554
Bugzilla Description:
kernel: drm/amd/display: Fix handling of plane refcount
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56774
Severity: low
Released on: 08/01/2025
Advisory:
Bugzilla: 2336556
Bugzilla Description:
kernel: btrfs: add a sanity check for btrfs root in btrfs_search_slot()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56773
Severity: low
Released on: 08/01/2025
Advisory:
Bugzilla: 2336558
Bugzilla Description:
kernel: kunit: Fix potential null dereference in kunit_device_driver_test()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56771
Severity: low
Released on: 08/01/2025
Advisory:
Bugzilla: 2336559
Bugzilla Description:
kernel: mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56772
Severity: low
Released on: 08/01/2025
Advisory:
Bugzilla: 2336560
Bugzilla Description:
kernel: kunit: string-stream: Fix a UAF bug in kunit_init_suite()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2025-0243
Severity: moderate
Released on: 07/01/2025
Advisory: RHSA-2025:0138, RHSA-2025:0137, RHSA-2025:0134, RHSA-2025:0167, RHSA-2025:0144, RHSA-2025:0133, RHSA-2025:0166, RHSA-2025:0136, RHSA-2025:0147, RHSA-2025:0135, RHSA-2025:0162, RHSA-2025:0132, RHSA-2025:0165, RHSA-2025:0080,
Bugzilla: 2336175
Bugzilla Description:
firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-120
Affected Packages: firefox-0:128.6.0-1.el9_0,firefox-0:128.6.0-1.el8_4,firefox-0:128.6.0-1.el9_4,firefox-0:128.6.0-1.el8_2,firefox-0:128.6.0-1.el8_10,firefox-0:128.6.0-1.el9_2,firefox-0:128.6.0-1.el7_9,firefox-0:128.6.0-1.el8_8,thunderbird-0:128.6.0-3.el9_4,firefox-0:128.6.0-1.el8_6,firefox-0:128.6.0-1.el9_5,thunderbird-0:128.6.0-3.el9_5,thunderbird-0:128.6.0-3.el9_0,thunderbird-0:128.6.0-3.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2025-0247
Severity: important
Released on: 07/01/2025
Advisory:
Bugzilla: 2336176
Bugzilla Description:
firefox: thunderbird: Memory safety bugs fixed in Firefox 134 and Thunderbird 134
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2025-0242
Severity: important
Released on: 07/01/2025
Advisory: RHSA-2025:0138, RHSA-2025:0137, RHSA-2025:0134, RHSA-2025:0167, RHSA-2025:0144, RHSA-2025:0133, RHSA-2025:0166, RHSA-2025:0136, RHSA-2025:0147, RHSA-2025:0135, RHSA-2025:0162, RHSA-2025:0132, RHSA-2025:0165, RHSA-2025:0080,
Bugzilla: 2336181
Bugzilla Description:
firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: firefox-0:128.6.0-1.el9_0,firefox-0:128.6.0-1.el8_4,firefox-0:128.6.0-1.el9_4,firefox-0:128.6.0-1.el8_2,firefox-0:128.6.0-1.el8_10,firefox-0:128.6.0-1.el9_2,firefox-0:128.6.0-1.el7_9,firefox-0:128.6.0-1.el8_8,thunderbird-0:128.6.0-3.el9_4,firefox-0:128.6.0-1.el8_6,firefox-0:128.6.0-1.el9_5,thunderbird-0:128.6.0-3.el9_5,thunderbird-0:128.6.0-3.el9_0,thunderbird-0:128.6.0-3.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2025-0238
Severity: moderate
Released on: 07/01/2025
Advisory: RHSA-2025:0162, RHSA-2025:0132, RHSA-2025:0138, RHSA-2025:0137, RHSA-2025:0080, RHSA-2025:0134, RHSA-2025:0144, RHSA-2025:0133, RHSA-2025:0136, RHSA-2025:0135,
Bugzilla: 2336165
Bugzilla Description:
firefox: Use-after-free when breaking lines in text
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-416
Affected Packages: firefox-0:128.6.0-1.el7_9,firefox-0:128.6.0-1.el8_8,firefox-0:128.6.0-1.el8_6,firefox-0:128.6.0-1.el9_5,firefox-0:128.6.0-1.el9_0,firefox-0:128.6.0-1.el8_4,firefox-0:128.6.0-1.el9_4,firefox-0:128.6.0-1.el8_2,firefox-0:128.6.0-1.el8_10,firefox-0:128.6.0-1.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2025-0241
Severity: moderate
Released on: 07/01/2025
Advisory: RHSA-2025:0162, RHSA-2025:0132, RHSA-2025:0138, RHSA-2025:0137, RHSA-2025:0080, RHSA-2025:0134, RHSA-2025:0144, RHSA-2025:0133, RHSA-2025:0136, RHSA-2025:0135,
Bugzilla: 2336168
Bugzilla Description:
firefox: Memory corruption when using JavaScript Text Segmentation
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-119
Affected Packages: firefox-0:128.6.0-1.el7_9,firefox-0:128.6.0-1.el8_8,firefox-0:128.6.0-1.el8_6,firefox-0:128.6.0-1.el9_5,firefox-0:128.6.0-1.el9_0,firefox-0:128.6.0-1.el8_4,firefox-0:128.6.0-1.el9_4,firefox-0:128.6.0-1.el8_2,firefox-0:128.6.0-1.el8_10,firefox-0:128.6.0-1.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2025-0239
Severity: moderate
Released on: 07/01/2025
Advisory: RHSA-2025:0162, RHSA-2025:0132, RHSA-2025:0138, RHSA-2025:0137, RHSA-2025:0080, RHSA-2025:0134, RHSA-2025:0144, RHSA-2025:0133, RHSA-2025:0136, RHSA-2025:0135,
Bugzilla: 2336170
Bugzilla Description:
firefox: Alt-Svc ALPN validation failure when redirected
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-601
Affected Packages: firefox-0:128.6.0-1.el7_9,firefox-0:128.6.0-1.el8_8,firefox-0:128.6.0-1.el8_6,firefox-0:128.6.0-1.el9_5,firefox-0:128.6.0-1.el9_0,firefox-0:128.6.0-1.el8_4,firefox-0:128.6.0-1.el9_4,firefox-0:128.6.0-1.el8_2,firefox-0:128.6.0-1.el8_10,firefox-0:128.6.0-1.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2025-0240
Severity: moderate
Released on: 07/01/2025
Advisory: RHSA-2025:0162, RHSA-2025:0132, RHSA-2025:0138, RHSA-2025:0137, RHSA-2025:0080, RHSA-2025:0134, RHSA-2025:0144, RHSA-2025:0133, RHSA-2025:0136, RHSA-2025:0135,
Bugzilla: 2336188
Bugzilla Description:
firefox: Compartment mismatch when parsing JavaScript JSON module
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-416
Affected Packages: firefox-0:128.6.0-1.el7_9,firefox-0:128.6.0-1.el8_8,firefox-0:128.6.0-1.el8_6,firefox-0:128.6.0-1.el9_5,firefox-0:128.6.0-1.el9_0,firefox-0:128.6.0-1.el8_4,firefox-0:128.6.0-1.el9_4,firefox-0:128.6.0-1.el8_2,firefox-0:128.6.0-1.el8_10,firefox-0:128.6.0-1.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2025-0245
Severity: moderate
Released on: 07/01/2025
Advisory:
Bugzilla: 2336172
Bugzilla Description:
firefox: Lock screen setting bypass in Firefox Focus for Android
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-288
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2025-0237
Severity: moderate
Released on: 07/01/2025
Advisory: RHSA-2025:0162, RHSA-2025:0132, RHSA-2025:0138, RHSA-2025:0137, RHSA-2025:0080, RHSA-2025:0134, RHSA-2025:0144, RHSA-2025:0133, RHSA-2025:0136, RHSA-2025:0135,
Bugzilla: 2336182
Bugzilla Description:
firefox: WebChannel APIs susceptible to confused deputy attack
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-441
Affected Packages: firefox-0:128.6.0-1.el7_9,firefox-0:128.6.0-1.el8_8,firefox-0:128.6.0-1.el8_6,firefox-0:128.6.0-1.el9_5,firefox-0:128.6.0-1.el9_0,firefox-0:128.6.0-1.el8_4,firefox-0:128.6.0-1.el9_4,firefox-0:128.6.0-1.el8_2,firefox-0:128.6.0-1.el8_10,firefox-0:128.6.0-1.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2025-0246
Severity: moderate
Released on: 07/01/2025
Advisory:
Bugzilla: 2336183
Bugzilla Description:
firefox: Address bar spoofing using an invalid protocol scheme on Firefox for Android
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-451
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2025-0244
Severity: important
Released on: 07/01/2025
Advisory:
Bugzilla: 2336187
Bugzilla Description:
firefox: Address bar spoofing using an invalid protocol scheme on Firefox for Android
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-451
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-12426
Severity: moderate
Released on: 07/01/2025
Advisory:
Bugzilla: 2336117
Bugzilla Description:
LibreOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-200
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-12425
Severity: low
Released on: 07/01/2025
Advisory:
Bugzilla: 2336110
Bugzilla Description:
LibreOffice: Path traversal leading to arbitrary .ttf file write
CVSS Score:
CVSSv3 Score: 2.8
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-51741
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2336007
Bugzilla Description:
redis: Redis allows denial-of-service due to malformed ACL selectors
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-20
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Ansible Automation Platform 1.2,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Fuse 7,Red Hat Quay 3,
Full Details
CVE document
CVE-2024-46981
Severity: important
Released on: 06/01/2025
Advisory:
Bugzilla: 2336004
Bugzilla Description:
redis: Redis' Lua library commands may lead to remote code execution
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-416
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Ansible Automation Platform 1.2,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Fuse 7,Red Hat Quay 3,
Full Details
CVE document
CVE-2025-21614
Severity: important
Released on: 06/01/2025
Advisory:
Bugzilla: 2335901
Bugzilla Description:
go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: (CWE-400|CWE-770)
Affected Packages:
Package States: OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ceph Storage 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,
Full Details
CVE document
CVE-2025-21613
Severity: important
Released on: 06/01/2025
Advisory:
Bugzilla: 2335888
Bugzilla Description:
go-git: argument injection via the URL field
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-88
Affected Packages:
Package States: OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ceph Storage 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,
Full Details
CVE document
CVE-2024-56766
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335889
Bugzilla Description:
kernel: mtd: rawnand: fix double free in atmel_pmecc_create_user()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56761
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335890
Bugzilla Description:
kernel: x86/fred: Clear WFE in missing-ENDBRANCH #CPs
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56759
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335891
Bugzilla Description:
kernel: btrfs: fix use-after-free when COWing tree bock and tracing is enabled
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56769
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335893
Bugzilla Description:
kernel: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56768
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335896
Bugzilla Description:
kernel: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56762
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335897
Bugzilla Description:
kernel: io_uring/sqpoll: fix sqpoll error handling races
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56763
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335898
Bugzilla Description:
kernel: tracing: Prevent bad count for tracing_cpumask_write
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56757
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335899
Bugzilla Description:
kernel: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56765
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335900
Bugzilla Description:
kernel: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56767
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335902
Bugzilla Description:
kernel: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56764
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335903
Bugzilla Description:
kernel: ublk: detach gendisk from ublk device if add_disk() fails
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56758
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335904
Bugzilla Description:
kernel: btrfs: check folio mapping after unlock in relocate_one_folio()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56760
Severity: moderate
Released on: 06/01/2025
Advisory:
Bugzilla: 2335906
Bugzilla Description:
kernel: PCI/MSI: Handle lack of irqdomain gracefully
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-55553
Severity: important
Released on: 06/01/2025
Advisory:
Bugzilla: 2336038
Bugzilla Description:
frr: DoS via repeated RIB revalidation
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-400
Affected Packages:
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56332
Severity: moderate
Released on: 03/01/2025
Advisory:
Bugzilla: 2335479
Bugzilla Description:
next.js: Next.js Vulnerable to Denial of Service (DoS) with Server Actions
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Trusted Artifact Signer,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-36613
Severity: low
Released on: 03/01/2025
Advisory:
Bugzilla: 2335448
Bugzilla Description:
ffmpeg: Integer overflow in ffmpeg
CVSS Score:
CVSSv3 Score: 3.9
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document
CVE-2024-35365
Severity: moderate
Released on: 03/01/2025
Advisory:
Bugzilla: 2335450
Bugzilla Description:
ffmpeg: double-free vulnerability in FFMPEG
CVSS Score:
CVSSv3 Score: 4.6
Vector:
CWE: CWE-415
Affected Packages:
Package States:
Full Details
CVE document
CVE-2025-22376
Severity: moderate
Released on: 03/01/2025
Advisory:
Bugzilla: 2335488
Bugzilla Description:
perl-Net-OAuth: Default nonce for Net::OAuth package for perl is not cryptographically strong
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-338
Affected Packages:
Package States:
Full Details
CVE document
CVE-2022-49035
Severity: moderate
Released on: 02/01/2025
Advisory:
Bugzilla: 2335291
Bugzilla Description:
kernel: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56738
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334771
Bugzilla Description:
grub2: Observable Timing Discrepancy resulting side-channel attacks
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-208
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-56737
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334772
Bugzilla Description:
grub2: heap-based buffer overflow
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-56712
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334788
Bugzilla Description:
kernel: udmabuf: fix memory leak on last export_udmabuf() error path
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56716
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334789
Bugzilla Description:
kernel: netdevsim: prevent bad user input in nsim_dev_health_break_write()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56711
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334790
Bugzilla Description:
kernel: drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56717
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334791
Bugzilla Description:
kernel: net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56710
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334792
Bugzilla Description:
kernel: ceph: fix memory leak in ceph_direct_read_write()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56718
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334793
Bugzilla Description:
kernel: net/smc: protect link down work from execute after lgr freed
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56709
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334795
Bugzilla Description:
kernel: io_uring: check if iowq is killed before queuing
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56714
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334796
Bugzilla Description:
kernel: ionic: no double destroy workqueue
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56715
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334797
Bugzilla Description:
kernel: ionic: Fix netdev notifier unregister on failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56719
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334798
Bugzilla Description:
kernel: net: stmmac: fix TSO DMA API usage causing oops
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56713
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334799
Bugzilla Description:
kernel: net: netdevsim: fix nsim_pp_hold_write()
CVSS Score:
CVSSv3 Score: 4.1
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56752
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334804
Bugzilla Description:
kernel: drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56756
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334805
Bugzilla Description:
kernel: nvme-pci: fix freeing of the HMB descriptor table
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56728
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334806
Bugzilla Description:
kernel: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56743
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334807
Bugzilla Description:
kernel: nfs_common: must not hold RCU while calling nfsd_file_put_local
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56741
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334808
Bugzilla Description:
kernel: apparmor: test: Fix memory leak for aa_unpack_strdup()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56729
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334809
Bugzilla Description:
kernel: smb: Initialize cfid->tcon before performing network ops
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56724
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334810
Bugzilla Description:
kernel: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56720
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334811
Bugzilla Description:
kernel: bpf, sockmap: Several fixes to bpf_msg_pop_data
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56754
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334812
Bugzilla Description:
kernel: crypto: caam - Fix the pointer passed to caam_qi_shutdown()
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56727
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334813
Bugzilla Description:
kernel: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56747
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334814
Bugzilla Description:
kernel: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56746
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334815
Bugzilla Description:
kernel: fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56725
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334816
Bugzilla Description:
kernel: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56751
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334817
Bugzilla Description:
kernel: ipv6: release nexthop on device removal
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-404
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56753
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334818
Bugzilla Description:
kernel: drm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in gfx_v9_0 Module
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56742
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334819
Bugzilla Description:
kernel: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56721
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334820
Bugzilla Description:
kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56744
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334821
Bugzilla Description:
kernel: f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56730
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334822
Bugzilla Description:
kernel: net/9p/usbg: fix handling of the failed kzalloc() memory allocation
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56740
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334823
Bugzilla Description:
kernel: nfs/localio: must clear res.replen in nfs_local_read_done
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56726
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334824
Bugzilla Description:
kernel: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56745
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334825
Bugzilla Description:
kernel: PCI: Fix reset_method_store() memory leak
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56748
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334826
Bugzilla Description:
kernel: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56755
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334827
Bugzilla Description:
kernel: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56722
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334828
Bugzilla Description:
kernel: RDMA/hns: Fix cpu stuck caused by printings during reset
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56739
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334829
Bugzilla Description:
kernel: rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56723
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334830
Bugzilla Description:
kernel: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56749
Severity: low
Released on: 29/12/2025
Advisory:
Bugzilla: 2334831
Bugzilla Description:
kernel: dlm: fix dlm_recover_members refcount on error
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56750
Severity: moderate
Released on: 29/12/2025
Advisory:
Bugzilla: 2334832
Bugzilla Description:
kernel: erofs: fix blksize < PAGE_SIZE for file-backed mounts
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56679
Severity: moderate
Released on: 28/12/2024
Advisory:
Bugzilla: 2334661
Bugzilla Description:
kernel: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56706
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334662
Bugzilla Description:
kernel: s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56696
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334663
Bugzilla Description:
kernel: ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56700
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334664
Bugzilla Description:
kernel: media: wl128x: Fix atomicity violation in fmc_send_cmd()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56681
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334665
Bugzilla Description:
kernel: crypto: bcm - add error check in the ahash_hmac_init function
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56701
Severity: moderate
Released on: 28/12/2024
Advisory:
Bugzilla: 2334666
Bugzilla Description:
kernel: powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56688
Severity: moderate
Released on: 28/12/2024
Advisory:
Bugzilla: 2334667
Bugzilla Description:
kernel: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56677
Severity: moderate
Released on: 28/12/2024
Advisory:
Bugzilla: 2334668
Bugzilla Description:
kernel: powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56687
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334669
Bugzilla Description:
kernel: usb: musb: Fix hardware lockup on first Rx endpoint request
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56702
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334670
Bugzilla Description:
kernel: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56697
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334671
Bugzilla Description:
kernel: drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56708
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334672
Bugzilla Description:
kernel: EDAC/igen6: Avoid segmentation fault on module unload
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56682
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334674
Bugzilla Description:
kernel: irqchip/riscv-aplic: Prevent crash when MSI domain is missing
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56680
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334675
Bugzilla Description:
kernel: media: intel/ipu6: do not handle interrupts when device is disabled
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56690
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334676
Bugzilla Description:
kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56699
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334677
Bugzilla Description:
kernel: s390/pci: Fix potential double remove of hotplug slot
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56686
Severity: moderate
Released on: 28/12/2024
Advisory:
Bugzilla: 2334678
Bugzilla Description:
kernel: ext4: fix race in buffer_head read fault injection
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56703
Severity: moderate
Released on: 28/12/2024
Advisory:
Bugzilla: 2334679
Bugzilla Description:
kernel: ipv6: Fix soft lockups in fib6_select_path under high next hop churn
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56698
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334680
Bugzilla Description:
kernel: usb: dwc3: gadget: Fix looping of queued SG entries
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56685
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334681
Bugzilla Description:
kernel: ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56684
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334682
Bugzilla Description:
kernel: mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56693
Severity: moderate
Released on: 28/12/2024
Advisory:
Bugzilla: 2334683
Bugzilla Description:
kernel: brd: defer automatic disk creation until module initialization succeeds
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56691
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334684
Bugzilla Description:
kernel: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56689
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334685
Bugzilla Description:
kernel: PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio'
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56683
Severity: moderate
Released on: 28/12/2024
Advisory:
Bugzilla: 2334686
Bugzilla Description:
kernel: drm/vc4: hdmi: Avoid hang with debug registers when suspended
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56704
Severity: moderate
Released on: 28/12/2024
Advisory:
Bugzilla: 2334687
Bugzilla Description:
kernel: 9p/xen: fix release of IRQ
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56695
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334688
Bugzilla Description:
kernel: drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()'
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56705
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334689
Bugzilla Description:
kernel: media: atomisp: Add check for rgby_data memory allocation failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56692
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334690
Bugzilla Description:
kernel: f2fs: fix to do sanity check on node blkaddr in truncate_node()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56676
Severity: moderate
Released on: 28/12/2024
Advisory:
Bugzilla: 2334691
Bugzilla Description:
kernel: thermal: testing: Initialize some variables annoteded with _free()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56678
Severity: moderate
Released on: 28/12/2024
Advisory:
Bugzilla: 2334692
Bugzilla Description:
kernel: powerpc/mm/fault: Fix kfence page fault reporting
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56707
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334693
Bugzilla Description:
kernel: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56694
Severity: low
Released on: 28/12/2024
Advisory:
Bugzilla: 2334694
Bugzilla Description:
kernel: bpf: fix recursive lock when verdict program return SK_PASS
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53180
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334348
Bugzilla Description:
kernel: ALSA: pcm: Add sanity NULL check for the default mmap fault handler
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53182
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334349
Bugzilla Description:
kernel: Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()"
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53164
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334350
Bugzilla Description:
kernel: net: sched: fix ordering of qlen adjustment
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53223
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334351
Bugzilla Description:
kernel: clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53226
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334352
Bugzilla Description:
kernel: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53235
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334353
Bugzilla Description:
kernel: erofs: fix file-backed mounts over FUSE
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53207
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334354
Bugzilla Description:
kernel: Bluetooth: MGMT: Fix possible deadlocks
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53176
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334355
Bugzilla Description:
kernel: smb: During unmount, ensure all cached dir instances drop their dentry
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53212
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334356
Bugzilla Description:
kernel: netlink: fix false positive warning in extack during dumps
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53229
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334357
Bugzilla Description:
kernel: RDMA/rxe: Fix the qp flush warnings in req
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53172
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334358
Bugzilla Description:
kernel: ubi: fastmap: Fix duplicate slab cache names while attaching
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53177
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334359
Bugzilla Description:
kernel: smb: prevent use-after-free due to open_cached_dir error paths
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53178
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334360
Bugzilla Description:
kernel: smb: Don't leak cfid when reconnect races with open_cached_dir
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53210
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334361
Bugzilla Description:
kernel: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53191
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334362
Bugzilla Description:
kernel: wifi: ath12k: fix warning when unbinding
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53228
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334363
Bugzilla Description:
kernel: riscv: kvm: Fix out-of-bounds array access
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53201
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334364
Bugzilla Description:
kernel: drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53187
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334365
Bugzilla Description:
kernel: io_uring: check for overflows in io_pin_pages
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2022-49034
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334366
Bugzilla Description:
kernel: sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53194
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334367
Bugzilla Description:
kernel: PCI: Fix use-after-free of slot->bus on hot remove
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53205
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334368
Bugzilla Description:
kernel: phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53167
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334369
Bugzilla Description:
kernel: nfs/blocklayout: Don't attempt unregister for invalid block device
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53175
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334370
Bugzilla Description:
kernel: ipc: fix memleak if msg_init_ns failed in create_ipc_ns
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53171
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334371
Bugzilla Description:
kernel: ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53218
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334372
Bugzilla Description:
kernel: f2fs: fix race in concurrent f2fs_stop_gc_thread
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53222
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334373
Bugzilla Description:
kernel: zram: fix NULL pointer in comp_algorithm_show()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53168
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334374
Bugzilla Description:
kernel: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53221
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334375
Bugzilla Description:
kernel: f2fs: fix null-ptr-deref in f2fs_submit_page_bio()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53233
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334376
Bugzilla Description:
kernel: unicode: Fix utf8_load() error path
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53169
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334377
Bugzilla Description:
kernel: nvme-fabrics: fix kernel crash while shutting down controller
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53186
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334378
Bugzilla Description:
kernel: ksmbd: fix use-after-free in SMB request handling
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53199
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334379
Bugzilla Description:
kernel: ASoC: imx-audmix: Add NULL check in imx_audmix_probe
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53225
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334380
Bugzilla Description:
kernel: iommu/tegra241-cmdqv: Fix alignment failure at max_n_shift
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53227
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334381
Bugzilla Description:
kernel: scsi: bfa: Fix use-after-free in bfad_im_module_exit()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53211
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334382
Bugzilla Description:
kernel: net/l2tp: fix warning in l2tp_exit_net found by syzbot
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53195
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334383
Bugzilla Description:
kernel: KVM: arm64: Get rid of userspace_irqchip_in_use
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53166
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334384
Bugzilla Description:
kernel: block, bfq: fix bfqq uaf in bfq_limit_depth()
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53230
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334385
Bugzilla Description:
kernel: cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53237
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334386
Bugzilla Description:
kernel: Bluetooth: fix use-after-free in device_for_each_child()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53214
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334387
Bugzilla Description:
kernel: vfio/pci: Properly hide first-in-list PCIe extended capability
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53213
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334388
Bugzilla Description:
kernel: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53183
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334389
Bugzilla Description:
kernel: um: net: Do not use drvdata in release
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53165
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334390
Bugzilla Description:
kernel: sh: intc: Fix use-after-free bug in register_intc_controller()
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53192
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334391
Bugzilla Description:
kernel: clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53208
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334392
Bugzilla Description:
kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53185
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334393
Bugzilla Description:
kernel: smb: client: fix NULL ptr deref in crypto_aead_setkey()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53204
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334394
Bugzilla Description:
kernel: phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53236
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334395
Bugzilla Description:
kernel: xsk: Free skb when TX metadata options are invalid
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53170
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334396
Bugzilla Description:
kernel: block: fix uaf for flush rq while iterating tags
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53193
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334397
Bugzilla Description:
kernel: clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53173
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334398
Bugzilla Description:
kernel: NFSv4.0: Fix a use-after-free problem in the asynchronous open()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53224
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334399
Bugzilla Description:
kernel: RDMA/mlx5: Move events notifier registration to be after device registration
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53184
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334400
Bugzilla Description:
kernel: um: ubd: Do not use drvdata in release
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53179
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334401
Bugzilla Description:
kernel: smb: client: fix use-after-free of signing key
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53217
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334402
Bugzilla Description:
kernel: NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53239
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334403
Bugzilla Description:
kernel: ALSA: 6fire: Release resources at card release
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53238
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334404
Bugzilla Description:
kernel: Bluetooth: btmtk: adjust the position to init iso data anchor
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53231
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334405
Bugzilla Description:
kernel: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53189
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334406
Bugzilla Description:
kernel: wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53219
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334407
Bugzilla Description:
kernel: virtiofs: use pages instead of pointer for kernel direct IO
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53190
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334408
Bugzilla Description:
kernel: wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53203
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334409
Bugzilla Description:
kernel: usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53232
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334410
Bugzilla Description:
kernel: iommu/s390: Implement blocking domain
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53181
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334411
Bugzilla Description:
kernel: um: vector: Do not use drvdata in release
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53197
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334412
Bugzilla Description:
kernel: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53220
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334413
Bugzilla Description:
kernel: f2fs: fix to account dirty data in __get_secs_required()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53200
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334414
Bugzilla Description:
kernel: drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53216
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334415
Bugzilla Description:
kernel: nfsd: release svc_expkey/svc_export with rcu_work
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53202
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334416
Bugzilla Description:
kernel: firmware_loader: Fix possible resource leak in fw_log_firmware_info()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53196
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334417
Bugzilla Description:
kernel: KVM: arm64: Don't retire aborted MMIO instruction
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53234
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334418
Bugzilla Description:
kernel: erofs: handle NONHEAD !delta[1] lclusters gracefully
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53174
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334419
Bugzilla Description:
kernel: SUNRPC: make sure cache entry active before cache_show
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53198
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334420
Bugzilla Description:
kernel: xen: Fix the issue of resource not being properly released in xenbus_dev_probe()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53188
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334421
Bugzilla Description:
kernel: wifi: ath12k: fix crash when unbinding
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53209
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334422
Bugzilla Description:
kernel: bnxt_en: Fix receive ring space parameters when XDP is active
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53206
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334423
Bugzilla Description:
kernel: tcp: Fix use-after-free of nreq in reqsk_timer_handler().
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53215
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334424
Bugzilla Description:
kernel: svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56591
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334426
Bugzilla Description:
kernel: Bluetooth: hci_conn: Use disable_delayed_work_sync
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-99
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56577
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334427
Bugzilla Description:
kernel: media: mtk-jpeg: Fix null-ptr-deref during unload module
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56544
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334428
Bugzilla Description:
kernel: udmabuf: change folios array from kmalloc to kvmalloc
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56628
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334429
Bugzilla Description:
kernel: LoongArch: Add architecture specific huge_pte_clear()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56562
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334430
Bugzilla Description:
kernel: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56531
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334431
Bugzilla Description:
kernel: ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56611
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334432
Bugzilla Description:
kernel: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56552
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334433
Bugzilla Description:
kernel: drm/xe/guc_submit: fix race around suspend_pending
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56534
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334434
Bugzilla Description:
kernel: isofs: avoid memory leak in iocharset
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56598
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334435
Bugzilla Description:
kernel: jfs: array-index-out-of-bounds fix in dtReadFirst
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56630
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334436
Bugzilla Description:
kernel: ocfs2: free inode when ocfs2_get_init_inode() fails
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56618
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334437
Bugzilla Description:
kernel: pmdomain: imx: gpcv2: Adjust delay after power up handshake
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56550
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334438
Bugzilla Description:
kernel: s390/stacktrace: Use break instead of return statement
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56603
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334439
Bugzilla Description:
kernel: net: af_can: do not leave a dangling sk pointer in can_create()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56572
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334440
Bugzilla Description:
kernel: media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56535
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334441
Bugzilla Description:
kernel: wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56606
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334442
Bugzilla Description:
kernel: af_packet: avoid erroring out after sock_init_data() in packet_create()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56624
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334443
Bugzilla Description:
kernel: iommufd: Fix out_fput in iommufd_fault_alloc()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56554
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334444
Bugzilla Description:
kernel: binder: fix freeze UAF in binder_release_work()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56556
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334445
Bugzilla Description:
kernel: binder: fix node UAF in binder_add_freeze_work()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56579
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334446
Bugzilla Description:
kernel: media: amphion: Set video drvdata before register video device
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56565
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334447
Bugzilla Description:
kernel: f2fs: fix to drop all discards after creating snapshot on lvm device
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56595
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334448
Bugzilla Description:
kernel: jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56548
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334449
Bugzilla Description:
kernel: hfsplus: don't query the device logical block size multiple times
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56571
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334450
Bugzilla Description:
kernel: media: uvcvideo: Require entities to have a non-zero unique ID
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56561
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334451
Bugzilla Description:
kernel: PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56546
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334452
Bugzilla Description:
kernel: drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56593
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334453
Bugzilla Description:
kernel: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56607
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334454
Bugzilla Description:
kernel: wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56599
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334455
Bugzilla Description:
kernel: wifi: ath10k: avoid NULL pointer error during sdio remove
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56541
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334456
Bugzilla Description:
kernel: wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56589
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334457
Bugzilla Description:
kernel: scsi: hisi_sas: Add cond_resched() for no forced preemption model
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56600
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334458
Bugzilla Description:
kernel: net: inet6: do not leave a dangling sk pointer in inet6_create()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56594
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334459
Bugzilla Description:
kernel: drm/amdgpu: set the right AMDGPU sg segment limitation
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56581
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334460
Bugzilla Description:
kernel: btrfs: ref-verify: fix use-after-free after invalid ref action
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56623
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334461
Bugzilla Description:
kernel: scsi: qla2xxx: Fix use after free on unload
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56612
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334462
Bugzilla Description:
kernel: mm/gup: handle NULL pages in unpin_user_pages()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56566
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334463
Bugzilla Description:
kernel: mm/slub: Avoid list corruption when removing a slab from the full list
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56608
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334464
Bugzilla Description:
kernel: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56573
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334465
Bugzilla Description:
kernel: efi/libstub: Free correct pointer on failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56557
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334466
Bugzilla Description:
kernel: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56596
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334467
Bugzilla Description:
kernel: jfs: fix array-index-out-of-bounds in jfs_readdir
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56621
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334468
Bugzilla Description:
kernel: scsi: ufs: core: Cancel RTC work during ufshcd_remove()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56570
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334469
Bugzilla Description:
kernel: ovl: Filter invalid inodes with missing lookup function
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56620
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334471
Bugzilla Description:
kernel: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56601
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334472
Bugzilla Description:
kernel: net: inet: do not leave a dangling sk pointer in inet_create()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56576
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334474
Bugzilla Description:
kernel: media: i2c: tc358743: Fix crash in the probe error path when using polling
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56564
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334475
Bugzilla Description:
kernel: ceph: pass cred pointer to ceph_mds_auth_match()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56609
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334476
Bugzilla Description:
kernel: wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56559
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334477
Bugzilla Description:
kernel: mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation
CVSS Score:
CVSSv3 Score: 4.1
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56549
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334478
Bugzilla Description:
kernel: cachefiles: Fix NULL pointer dereference in object->file
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56551
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334479
Bugzilla Description:
kernel: drm/amdgpu: fix usage slab after free
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56585
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334480
Bugzilla Description:
kernel: LoongArch: Fix sleeping in atomic context for PREEMPT_RT
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56542
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334481
Bugzilla Description:
kernel: drm/amd/display: fix a memleak issue when driver is removed
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56553
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334482
Bugzilla Description:
kernel: binder: fix memleak of proc->delivered_freeze
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56616
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334483
Bugzilla Description:
kernel: drm/dp_mst: Fix MST sideband message body length check
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56539
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334484
Bugzilla Description:
kernel: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56583
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334485
Bugzilla Description:
kernel: sched/deadline: Fix warning in migrate_enable for boosted tasks
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56590
Severity: important
Released on: 27/12/2024
Advisory:
Bugzilla: 2334486
Bugzilla Description:
kernel: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1050
Affected Packages:
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56532
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334487
Bugzilla Description:
kernel: ALSA: us122l: Use snd_card_free_when_closed() at disconnection
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56545
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334488
Bugzilla Description:
kernel: HID: hyperv: streamline driver probe to avoid devres issues
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56586
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334489
Bugzilla Description:
kernel: f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56582
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334490
Bugzilla Description:
kernel: btrfs: fix use-after-free in btrfs_encoded_read_endio()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56613
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334491
Bugzilla Description:
kernel: sched/numa: fix memory leak due to the overwritten vma->numab_state
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56560
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334492
Bugzilla Description:
kernel: slab: Fix too strict alignment check in create_cache()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56615
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334493
Bugzilla Description:
kernel: bpf: fix OOB devmap writes when deleting elements
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56592
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334494
Bugzilla Description:
kernel: bpf: Call free_htab_elem() after htab_unlock_bucket()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56604
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334495
Bugzilla Description:
kernel: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56580
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334496
Bugzilla Description:
kernel: media: qcom: camss: fix error path on configuration of power domains
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56578
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334497
Bugzilla Description:
kernel: media: imx-jpeg: Set video drvdata before register video device
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56533
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334498
Bugzilla Description:
kernel: ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56569
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334499
Bugzilla Description:
kernel: ftrace: Fix regression with module command in stack_trace_filter
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56619
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334500
Bugzilla Description:
kernel: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56602
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334501
Bugzilla Description:
kernel: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56626
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334502
Bugzilla Description:
kernel: ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56605
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334503
Bugzilla Description:
kernel: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56597
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334504
Bugzilla Description:
kernel: jfs: fix shift-out-of-bounds in dbSplit
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56587
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334505
Bugzilla Description:
kernel: leds: class: Protect brightness_show() with led_cdev->led_access mutex
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56555
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334506
Bugzilla Description:
kernel: binder: fix OOB in binder_add_freeze_work()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56540
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334507
Bugzilla Description:
kernel: accel/ivpu: Prevent recovery invocation during probe and resume
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56538
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334508
Bugzilla Description:
kernel: drm: zynqmp_kms: Unplug DRM device before removal
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56574
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334509
Bugzilla Description:
kernel: media: ts2020: fix null-ptr-deref in ts2020_probe()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56584
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334510
Bugzilla Description:
kernel: io_uring/tctx: work around xa_store() allocation error issue
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56543
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334511
Bugzilla Description:
kernel: wifi: ath12k: Skip Rx TID cleanup for self peer
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56625
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334512
Bugzilla Description:
kernel: can: dev: can_set_termination(): allow sleeping GPIOs
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56575
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334513
Bugzilla Description:
kernel: media: imx-jpeg: Ensure power suppliers be suspended before detach them
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56563
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334514
Bugzilla Description:
kernel: ceph: fix cred leak in ceph_mds_check_access()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56568
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334515
Bugzilla Description:
kernel: iommu/arm-smmu: Defer probe of clients after smmu device bound
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56536
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334516
Bugzilla Description:
kernel: wifi: cw1200: Fix potential NULL dereference
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56627
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334517
Bugzilla Description:
kernel: ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56567
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334518
Bugzilla Description:
kernel: ad7780: fix division by zero in ad7780_write_raw()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56610
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334519
Bugzilla Description:
kernel: kcsan: Turn report_filterlist_lock into a raw_spinlock
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56629
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334520
Bugzilla Description:
kernel: HID: wacom: fix when get product name maybe null pointer
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56547
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334521
Bugzilla Description:
kernel: rcu/nocb: Fix missed RCU barrier on deoffloading
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56588
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334522
Bugzilla Description:
kernel: scsi: hisi_sas: Create all dump files during debugfs initialization
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56634
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334527
Bugzilla Description:
kernel: gpio: grgpio: Add NULL check in grgpio_probe
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56631
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334528
Bugzilla Description:
kernel: scsi: sg: Fix slab-use-after-free read in sg_release()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56636
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334531
Bugzilla Description:
kernel: geneve: do not assume mac header is set in geneve_xmit_skb()
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-241
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56640
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334532
Bugzilla Description:
kernel: net/smc: fix LGR and link use-after-free issue
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56639
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334533
Bugzilla Description:
kernel: net: hsr: must allocate more bytes for RedBox support
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56665
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334534
Bugzilla Description:
kernel: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56656
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334535
Bugzilla Description:
kernel: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56652
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334536
Bugzilla Description:
kernel: drm/xe/reg_sr: Remove register pool
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56672
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334537
Bugzilla Description:
kernel: blk-cgroup: Fix UAF in blkcg_unpin_online()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56653
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334538
Bugzilla Description:
kernel: Bluetooth: btmtk: avoid UAF in btmtk_process_coredump
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56663
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334539
Bugzilla Description:
kernel: wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56649
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334540
Bugzilla Description:
kernel: net: enetc: Do not configure preemptible TCs if SIs do not support
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56638
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334541
Bugzilla Description:
kernel: netfilter: nft_inner: incorrect percpu area handling under softirq
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56667
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334542
Bugzilla Description:
kernel: drm/i915: Fix NULL pointer dereference in capture_engine
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56673
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334543
Bugzilla Description:
kernel: riscv: mm: Do not call pmd dtor on vmemmap page table teardown
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56661
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334545
Bugzilla Description:
kernel: tipc: fix NULL deref in cleanup_bearer()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56659
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334546
Bugzilla Description:
kernel: net: lapb: increase LAPB_HEADER_LEN
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56662
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334547
Bugzilla Description:
kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56675
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334548
Bugzilla Description:
kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56633
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334549
Bugzilla Description:
kernel: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56637
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334550
Bugzilla Description:
kernel: netfilter: ipset: Hold module reference while requesting a module
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56644
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334551
Bugzilla Description:
kernel: net/ipv6: release expired exception dst cached in socket
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56657
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334552
Bugzilla Description:
kernel: ALSA: control: Avoid WARN() for symlink errors
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56674
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334553
Bugzilla Description:
kernel: virtio_net: correct netdev_tx_reset_queue() invocation point
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56650
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334554
Bugzilla Description:
kernel: netfilter: x_tables: fix LED ID check in led_tg_check()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56648
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334555
Bugzilla Description:
kernel: net: hsr: avoid potential out-of-bound access in fill_frame_info()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56671
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334556
Bugzilla Description:
kernel: gpio: graniterapids: Fix vGPIO driver crash
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56658
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334557
Bugzilla Description:
kernel: net: defer final 'struct net' free in netns dismantle
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56641
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334558
Bugzilla Description:
kernel: net/smc: initialize close_work early to avoid warning
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56655
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334559
Bugzilla Description:
kernel: netfilter: nf_tables: do not defer rule destruction via call_rcu
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56645
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334560
Bugzilla Description:
kernel: can: j1939: j1939_session_new(): fix skb reference counting
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56647
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334561
Bugzilla Description:
kernel: net: Fix icmp host relookup triggering ip_rt_bug
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56642
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334562
Bugzilla Description:
kernel: tipc: Fix use-after-free of kernel socket in cleanup_bearer().
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56654
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334563
Bugzilla Description:
kernel: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56669
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334564
Bugzilla Description:
kernel: iommu/vt-d: Remove cache tags before disabling ATS
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56668
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334565
Bugzilla Description:
kernel: iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56646
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334566
Bugzilla Description:
kernel: ipv6: avoid possible NULL deref in modify_prefix_route()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56651
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334567
Bugzilla Description:
kernel: can: hi311x: hi3110_can_ist(): fix potential use-after-free
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56632
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334568
Bugzilla Description:
kernel: nvme-tcp: fix the memleak while create new ctrl failed
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56670
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334569
Bugzilla Description:
kernel: usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56635
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334570
Bugzilla Description:
kernel: net: avoid potential UAF in default_operstate()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56660
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334571
Bugzilla Description:
kernel: net/mlx5: DR, prevent potential error pointer dereference
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56666
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334572
Bugzilla Description:
kernel: drm/amdkfd: Dereference null return value
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56614
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334573
Bugzilla Description:
kernel: xsk: fix OOB map writes when deleting elements
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-99
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56617
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334574
Bugzilla Description:
kernel: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56558
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334575
Bugzilla Description:
kernel: nfsd: make sure exp active before svc_export_show
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56537
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334576
Bugzilla Description:
kernel: drm: xlnx: zynqmp_disp: layer may be null while releasing
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56664
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334577
Bugzilla Description:
kernel: bpf, sockmap: Fix race between element replace and close()
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56622
Severity: moderate
Released on: 27/12/2024
Advisory:
Bugzilla: 2334578
Bugzilla Description:
kernel: scsi: ufs: core: sysfs: Prevent div by zero
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56643
Severity: low
Released on: 27/12/2024
Advisory:
Bugzilla: 2334579
Bugzilla Description:
kernel: dccp: Fix memory leak in dccp_feat_change_recv
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56433
Severity: low
Released on: 26/12/2024
Advisory:
Bugzilla: 2334165
Bugzilla Description:
shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise
CVSS Score:
CVSSv3 Score: 3.6
Vector:
CWE: CWE-1188
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-52046
Severity: important
Released on: 25/12/2024
Advisory:
Bugzilla: 2334067
Bugzilla Description:
mina-core: Apache MINA: applications using unbounded deserialization may allow RCE
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-94
Affected Packages:
Package States: A-MQ Clients 2,Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO,Red Hat Build of Keycloak,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Single Sign-On 7,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-56431
Severity: low
Released on: 25/12/2024
Advisory:
Bugzilla: 2334093
Bugzilla Description:
libtheora: incorrect bitwise shift in huffdec.c
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-1335
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53154
Severity: low
Released on: 24/12/2024
Advisory:
Bugzilla: 2333967
Bugzilla Description:
kernel: clk: clk-apple-nco: Add NULL check in applnco_probe
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53157
Severity: low
Released on: 24/12/2024
Advisory:
Bugzilla: 2333968
Bugzilla Description:
kernel: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53151
Severity: low
Released on: 24/12/2024
Advisory:
Bugzilla: 2333969
Bugzilla Description:
kernel: svcrdma: Address an integer overflow
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53148
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333970
Bugzilla Description:
kernel: comedi: Flush partial mappings in error case
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53150
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333971
Bugzilla Description:
kernel: ALSA: usb-audio: Fix out of bounds reads when finding clock sources
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53153
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333972
Bugzilla Description:
kernel: PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53146
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333973
Bugzilla Description:
kernel: NFSD: Prevent a potential integer overflow
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53152
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333974
Bugzilla Description:
kernel: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert()
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53145
Severity: low
Released on: 24/12/2024
Advisory:
Bugzilla: 2333975
Bugzilla Description:
kernel: um: Fix potential integer overflow during physmem setup
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53156
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333976
Bugzilla Description:
kernel: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-129
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53161
Severity: low
Released on: 24/12/2024
Advisory:
Bugzilla: 2333977
Bugzilla Description:
kernel: EDAC/bluefield: Fix potential integer overflow
CVSS Score:
CVSSv3 Score: 3.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53163
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333979
Bugzilla Description:
kernel: crypto: qat/qat_420xx - fix off by one in uof_get_name()
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53149
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333980
Bugzilla Description:
kernel: usb: typec: ucsi: glink: fix off-by-one in connector_status
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53162
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333981
Bugzilla Description:
kernel: crypto: qat/qat_4xxx - fix off by one in uof_get_name()
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53160
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333982
Bugzilla Description:
kernel: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53158
Severity: low
Released on: 24/12/2024
Advisory:
Bugzilla: 2333983
Bugzilla Description:
kernel: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-124
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53159
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333984
Bugzilla Description:
kernel: hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53147
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333985
Bugzilla Description:
kernel: exfat: fix out-of-bounds access of directory entries
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-119
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53155
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2333986
Bugzilla Description:
kernel: ocfs2: fix uninitialized value in ocfs2_file_read_iter()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56826
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2335172
Bugzilla Description:
openjpeg: heap buffer overflow in bin/common/color.c
CVSS Score:
CVSSv3 Score: 5.6
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56827
Severity: moderate
Released on: 24/12/2024
Advisory:
Bugzilla: 2335174
Bugzilla Description:
openjpeg: heap buffer overflow in lib/openjp2/j2k.c
CVSS Score:
CVSSv3 Score: 5.6
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56326
Severity: important
Released on: 23/12/2024
Advisory:
Bugzilla: 2333856
Bugzilla Description:
jinja2: Jinja has a sandbox breakout through indirect reference to format method
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: (CWE-1336|CWE-693)
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 17.1,Red Hat Quay 3,
Full Details
CVE document
CVE-2024-56201
Severity: important
Released on: 23/12/2024
Advisory:
Bugzilla: 2333854
Bugzilla Description:
jinja2: Jinja has a sandbox breakout through malicious filenames
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-150
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Update Infrastructure 4 for Cloud Providers,
Full Details
CVE document
CVE-2024-40896
Severity: critical
Released on: 23/12/2024
Advisory:
Bugzilla: 2333871
Bugzilla Description:
libxml2: XXE vulnerability
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-611
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-56378
Severity: moderate
Released on: 22/12/2024
Advisory:
Bugzilla: 2333794
Bugzilla Description:
Poppler: out-of-bounds read
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-56334
Severity: important
Released on: 20/12/2024
Advisory:
Bugzilla: 2333587
Bugzilla Description:
systeminformation: Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation
CVSS Score:
CVSSv3 Score: 8.0
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Developer Hub,Red Hat Developer Hub,
Full Details
CVE document
CVE-2024-56337
Severity: important
Released on: 20/12/2024
Advisory:
Bugzilla: 2333521
Bugzilla Description:
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 6,
Full Details
CVE document
CVE-2024-12840
Severity: moderate
Released on: 20/12/2024
Advisory:
Bugzilla: 2333494
Bugzilla Description:
http proxies: Satellite: Service side request forgery in http proxies
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat Satellite 6,
Full Details
CVE document
CVE-2024-12678
Severity: moderate
Released on: 20/12/2024
Advisory:
Bugzilla: 2333453
Bugzilla Description:
github.com/hashicorp/nomad: Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-266
Affected Packages:
Package States: Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,
Full Details
CVE document
CVE-2024-12582
Severity: important
Released on: 20/12/2024
Advisory:
Bugzilla: 2333540
Bugzilla Description:
skupper: skupper-cli: Flawed authentication method may lead to arbitrary file read or Denial of Service
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-305
Affected Packages:
Package States: Red Hat Service Interconnect 1,
Full Details
CVE document
CVE-2024-12801
Severity: low
Released on: 19/12/2024
Advisory:
Bugzilla: 2333370
Bugzilla Description:
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-918
Affected Packages:
Package States: AMQ Clients,A-MQ Clients 2,Logging Subsystem for Red Hat OpenShift,Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO,Red Hat build of Debezium,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Web Server 6,Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-12798
Severity: moderate
Released on: 19/12/2024
Advisory:
Bugzilla: 2333351
Bugzilla Description:
logback-core: arbitrary code execution via JaninoEventEvaluator
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-917
Affected Packages:
Package States: AMQ Clients,A-MQ Clients 2,Logging Subsystem for Red Hat OpenShift,Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO,Red Hat build of Debezium,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Web Server 6,Red Hat Process Automation 7,Red Hat Single Sign-On 7,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-45338
Severity: important
Released on: 18/12/2024
Advisory: RHSA-2025:0224, RHSA-2025:0048,
Bugzilla: 2333122
Bugzilla Description:
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: cryostat-tech-preview/cryostat-rhel8:3.0.1-10,cryostat-tech-preview/jfr-datasource-rhel8:3.0.1-10,cryostat-tech-preview/cryostat-reports-rhel8:3.0.1-10,cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8:3.0.1-17,container-native-virtualization/kubevirt-template-validator-rhel9:v4.17.3-3,container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9:v4.17.3-3,cryostat-tech-preview/cryostat-storage-rhel8:3.0.1-17,cryostat-tech-preview/cryostat-operator-bundle:3.0.1-10,container-native-virtualization/kubevirt-ssp-operator-rhel9:v4.17.3-5,cryostat-tech-preview/cryostat-rhel8-operator:3.0.1-16,container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9:v4.17.3-12,cryostat-tech-preview/cryostat-db-rhel8:3.0.1-16,cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:3.0.1-15,
Package States: Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,Custom Metric Autoscaler operator for Red Hat Openshift,Custom Metric Autoscaler operator for Red Hat Openshift,Custom Metric Autoscaler operator for Red Hat Openshift,Fence Agents Remediation Operator,Fence Agents Remediation Operator,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Logical Volume Manager Storage,Migration Toolkit for Applications 7,Migration Toolkit for Applications 7,Migration Toolkit for Applications 7,Migration Toolkit for Applications 7,Migration Toolkit for Applications 7,Migration Toolkit for Applications 7,Migration Toolkit for Applications 7,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Node HealthCheck Operator,Node HealthCheck Operator,Node Maintenance Operator,Node Maintenance Operator,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 1.2,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 8,Red Hat Ceph Storage 8,Red Hat Connectivity Link,Red Hat Connectivity Link,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Insights for Runtimes Operator,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift on AWS,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Self Node Remediation Operator,Self Node Remediation Operator,
Full Details
CVE document
CVE-2024-53271
Severity: important
Released on: 18/12/2024
Advisory:
Bugzilla: 2333078
Bugzilla Description:
envoy: HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-670
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,
Full Details
CVE document
CVE-2024-53270
Severity: important
Released on: 18/12/2024
Advisory:
Bugzilla: 2333091
Bugzilla Description:
envoy: HTTP/1: sending overload crashes when the request is reset beforehand in envoy
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-670
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,
Full Details
CVE document
CVE-2024-53269
Severity: moderate
Released on: 18/12/2024
Advisory:
Bugzilla: 2333088
Bugzilla Description:
envoy: Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy
CVSS Score:
CVSSv3 Score: 4.5
Vector:
CWE: CWE-670
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,
Full Details
CVE document
CVE-2024-56128
Severity: important
Released on: 18/12/2024
Advisory:
Bugzilla: 2333013
Bugzilla Description:
kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-303
Affected Packages:
Package States: Red Hat build of Debezium,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-53580
Severity: important
Released on: 18/12/2024
Advisory: RHSA-2025:0161, RHSA-2025:0168,
Bugzilla: 2333146
Bugzilla Description:
iperf: Denial of Service in iperf Due to Improper JSON Handling
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-476
Affected Packages: iperf3-0:3.9-13.el9_5.1,iperf3-0:3.5-11.el8_10,
Package States: Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-12539
Severity: moderate
Released on: 17/12/2024
Advisory:
Bugzilla: 2332909
Bugzilla Description:
elasticsearch: improper auth controls can allow circumvention of Document Level Security
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-863
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Quay 3,
Full Details
CVE document
CVE-2024-51479
Severity: moderate
Released on: 17/12/2024
Advisory:
Bugzilla: 2332884
Bugzilla Description:
next.js: next: authorization bypass in Next.js
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-285
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Trusted Artifact Signer,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-54677
Severity: low
Released on: 17/12/2024
Advisory:
Bugzilla: 2332815
Bugzilla Description:
tomcat: Apache Tomcat: DoS in examples web application
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-400
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 6,
Full Details
CVE document
CVE-2024-50379
Severity: important
Released on: 17/12/2024
Advisory:
Bugzilla: 2332817
Bugzilla Description:
tomcat: RCE due to TOCTOU issue in JSP compilation
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 6,
Full Details
CVE document
CVE-2024-53240
Severity: moderate
Released on: 17/12/2024
Advisory:
Bugzilla: 2331325
Bugzilla Description:
kernel: xen: netfront: Backend can crash Linux netfront (Xen Security Advisory 465)
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-53241
Severity: moderate
Released on: 17/12/2024
Advisory:
Bugzilla: 2331326
Bugzilla Description:
kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466)
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-119
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-11614
Severity: important
Released on: 17/12/2024
Advisory: RHSA-2025:0220, RHSA-2025:0208, RHSA-2025:0209, RHSA-2025:0222, RHSA-2025:0211, RHSA-2025:0221, RHSA-2025:0210,
Bugzilla: 2327955
Bugzilla Description:
dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-125
Affected Packages: dpdk-2:21.11-3.el9_0,dpdk-2:22.11-4.el9_2,dpdk-0:23.11-2.el8_10,dpdk-0:21.11-4.el8_8,dpdk-0:21.11-3.el8_6,dpdk-2:23.11-2.el9_4,dpdk-2:23.11-2.el9_5,
Package States: Fast Datapath for RHEL 7,Fast Datapath for RHEL 7,Fast Datapath for RHEL 7,Fast Datapath for RHEL 7,Fast Datapath for RHEL 7,Fast Datapath for RHEL 8,Fast Datapath for RHEL 8,Fast Datapath for RHEL 8,Fast Datapath for RHEL 8,Fast Datapath for RHEL 8,Fast Datapath for RHEL 8,Fast Datapath for RHEL 8,Fast Datapath for RHEL 9,Fast Datapath for RHEL 9,Fast Datapath for RHEL 9,Fast Datapath for RHEL 9,Fast Datapath for RHEL 9,Fast Datapath for RHEL 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-53144
Severity: moderate
Released on: 17/12/2024
Advisory:
Bugzilla: 2332853
Bugzilla Description:
kernel: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-12698
Severity: moderate
Released on: 16/12/2024
Advisory:
Bugzilla: 2332674
Bugzilla Description:
ose-olm-catalogd-container: incomplete fix for rapid reset (CVE-2023-39325/CVE-2023-44487)
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-400
Affected Packages:
Package States: Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-55949
Severity: important
Released on: 16/12/2024
Advisory:
Bugzilla: 2332681
Bugzilla Description:
minio: Privilege escalation in IAM import API in MinIO
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-269
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat Ceph Storage 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document
CVE-2024-52949
Severity: moderate
Released on: 16/12/2024
Advisory:
Bugzilla: 2332702
Bugzilla Description:
iptraf-ng: buffer overflow via ifaces.c
CVSS Score:
CVSSv3 Score: 6.6
Vector:
CWE: CWE-121
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-45497
Severity: moderate
Released on: 15/12/2024
Advisory:
Bugzilla: 2308673
Bugzilla Description:
openshift-api: Build Process in OpenShift Allows Overwriting of Node Pull Credentials
CVSS Score:
CVSSv3 Score: 7.6
Vector:
CWE: CWE-732
Affected Packages:
Package States: Red Hat Fuse 7,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-55887
Severity: important
Released on: 13/12/2024
Advisory:
Bugzilla: 2332304
Bugzilla Description:
ucum: Ucum-java has an XXE vulnerability in XML parsing
CVSS Score:
CVSSv3 Score: 8.6
Vector:
CWE: CWE-611
Affected Packages:
Package States: Red Hat Fuse 7,Red Hat Integration Camel K,
Full Details
CVE document
CVE-2024-12455
Severity: moderate
Released on: 12/12/2024
Advisory:
Bugzilla: 2332111
Bugzilla Description:
glibc: glibc in Fedora 41 ships a broken getrandom/arc4random for ppc64le platform
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-372
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-54502
Severity: moderate
Released on: 11/12/2024
Advisory: RHSA-2025:0226, RHSA-2025:0145, RHSA-2025:0146,
Bugzilla: 2333843
Bugzilla Description:
webkit: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages: webkit2gtk3-0:2.46.5-1.el8_10,webkit2gtk3-0:2.46.5-1.el9_4,webkit2gtk3-0:2.46.5-1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-54534
Severity: important
Released on: 11/12/2024
Advisory:
Bugzilla: 2333846
Bugzilla Description:
webkit: Processing maliciously crafted web content may lead to memory corruption
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-54505
Severity: important
Released on: 11/12/2024
Advisory: RHSA-2025:0226, RHSA-2025:0145, RHSA-2025:0146,
Bugzilla: 2333844
Bugzilla Description:
webkit: Processing maliciously crafted web content may lead to memory corruption
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-843
Affected Packages: webkit2gtk3-0:2.46.5-1.el8_10,webkit2gtk3-0:2.46.5-1.el9_4,webkit2gtk3-0:2.46.5-1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-54508
Severity: moderate
Released on: 11/12/2024
Advisory: RHSA-2025:0226, RHSA-2025:0145, RHSA-2025:0146,
Bugzilla: 2333845
Bugzilla Description:
webkit: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-20
Affected Packages: webkit2gtk3-0:2.46.5-1.el8_10,webkit2gtk3-0:2.46.5-1.el9_4,webkit2gtk3-0:2.46.5-1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-54479
Severity: important
Released on: 11/12/2024
Advisory: RHSA-2025:0226, RHSA-2025:0145, RHSA-2025:0146,
Bugzilla: 2333841
Bugzilla Description:
WebKitGTK: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-404
Affected Packages: webkit2gtk3-0:2.46.5-1.el8_10,webkit2gtk3-0:2.46.5-1.el9_4,webkit2gtk3-0:2.46.5-1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-47834
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331749
Bugzilla Description:
gstreamer1-plugins-good: Use-After-Free read in Matroska CodecPrivate
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47835
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331742
Bugzilla Description:
gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47778
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331743
Bugzilla Description:
gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47777
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331741
Bugzilla Description:
gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47776
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331750
Bugzilla Description:
gstreamer1-plugins-good: OOB-read in gst_wavparse_cue_chunk
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47775
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331744
Bugzilla Description:
gstreamer1-plugins-good: OOB-read in parse_ds64
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47774
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331739
Bugzilla Description:
gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47613
Severity: moderate
Released on: 11/12/2024
Advisory: RHSA-2024:11299, RHSA-2024:11344, RHSA-2024:11148, RHSA-2024:11346, RHSA-2024:11149, RHSA-2024:11348, RHSA-2024:11119, RHSA-2024:11121, RHSA-2024:11122, RHSA-2024:11298,
Bugzilla: 2331753
Bugzilla Description:
gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-476
Affected Packages: gstreamer1-plugins-good-0:1.10.4-3.el7_9,gstreamer1-plugins-good-0:1.16.1-3.el8_6,gstreamer1-plugins-good-0:1.16.1-4.el8_8,gstreamer1-plugins-good-0:1.22.1-3.el9_5,gstreamer1-plugins-good-0:1.22.1-3.el9_4,gstreamer1-plugins-good-0:1.16.1-2.el8_2,gstreamer1-plugins-good-0:1.16.1-5.el8_10,gstreamer1-plugins-good-0:1.18.4-7.el9_2,gstreamer1-plugins-base-0:1.10.4-3.el7_9,gstreamer1-plugins-good-0:1.18.4-6.el9_0,gstreamer1-plugins-good-0:1.16.1-3.el8_4,
Package States:
Full Details
CVE document
CVE-2024-47615
Severity: important
Released on: 11/12/2024
Advisory: RHSA-2024:11123, RHSA-2024:11344, RHSA-2024:11345, RHSA-2024:11117, RHSA-2024:11118, RHSA-2024:11130, RHSA-2024:11141, RHSA-2024:11142, RHSA-2024:11120, RHSA-2024:11143,
Bugzilla: 2331740
Bugzilla Description:
gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer
CVSS Score:
CVSSv3 Score: 9.8
Vector:
CWE: CWE-787
Affected Packages: gstreamer1-plugins-good-0:1.10.4-3.el7_9,gstreamer1-plugins-base-0:1.22.1-3.el9_4,gstreamer1-plugins-base-0:1.18.4-7.el9_0,gstreamer1-plugins-base-0:1.16.1-2.el8_2,gstreamer1-plugins-base-0:1.18.4-7.el9_2,gstreamer1-plugins-base-0:1.16.1-3.el8_6,gstreamer1-plugins-base-0:1.10.4-3.el7_9,gstreamer1-plugins-base-0:1.16.1-5.el8_10,gstreamer1-plugins-base-0:1.16.1-3.el8_8,gstreamer1-plugins-base-0:1.22.1-3.el9_5,gstreamer1-plugins-base-0:1.16.1-3.el8_4,
Package States:
Full Details
CVE document
CVE-2024-47607
Severity: important
Released on: 11/12/2024
Advisory: RHSA-2024:11123, RHSA-2024:11344, RHSA-2024:11345, RHSA-2024:11117, RHSA-2024:11118, RHSA-2024:11130, RHSA-2024:11141, RHSA-2024:11142, RHSA-2024:11120, RHSA-2024:11143,
Bugzilla: 2331754
Bugzilla Description:
gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header
CVSS Score:
CVSSv3 Score: 9.8
Vector:
CWE: CWE-121
Affected Packages: gstreamer1-plugins-good-0:1.10.4-3.el7_9,gstreamer1-plugins-base-0:1.22.1-3.el9_4,gstreamer1-plugins-base-0:1.18.4-7.el9_0,gstreamer1-plugins-base-0:1.16.1-2.el8_2,gstreamer1-plugins-base-0:1.18.4-7.el9_2,gstreamer1-plugins-base-0:1.16.1-3.el8_6,gstreamer1-plugins-base-0:1.10.4-3.el7_9,gstreamer1-plugins-base-0:1.16.1-5.el8_10,gstreamer1-plugins-base-0:1.16.1-3.el8_8,gstreamer1-plugins-base-0:1.22.1-3.el9_5,gstreamer1-plugins-base-0:1.16.1-3.el8_4,
Package States:
Full Details
CVE document
CVE-2024-47606
Severity: important
Released on: 11/12/2024
Advisory: RHSA-2024:11299, RHSA-2024:11344, RHSA-2024:11148, RHSA-2024:11346, RHSA-2024:11149, RHSA-2024:11348, RHSA-2024:11119, RHSA-2024:11121, RHSA-2024:11122, RHSA-2024:11298,
Bugzilla: 2331760
Bugzilla Description:
gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-190
Affected Packages: gstreamer1-plugins-good-0:1.10.4-3.el7_9,gstreamer1-plugins-good-0:1.16.1-3.el8_6,gstreamer1-plugins-good-0:1.16.1-4.el8_8,gstreamer1-plugins-good-0:1.22.1-3.el9_5,gstreamer1-plugins-good-0:1.22.1-3.el9_4,gstreamer1-plugins-good-0:1.16.1-2.el8_2,gstreamer1-plugins-good-0:1.16.1-5.el8_10,gstreamer1-plugins-good-0:1.18.4-7.el9_2,gstreamer1-plugins-base-0:1.10.4-3.el7_9,gstreamer1-plugins-good-0:1.18.4-6.el9_0,gstreamer1-plugins-good-0:1.16.1-3.el8_4,
Package States:
Full Details
CVE document
CVE-2024-47603
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331762
Bugzilla Description:
gstreamer1-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47602
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331759
Bugzilla Description:
gstreamer1-plugins-good: NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: (CWE-125|CWE-476)
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47601
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331752
Bugzilla Description:
gstreamer1-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47600
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331738
Bugzilla Description:
gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47599
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331748
Bugzilla Description:
gstreamer1-plugins-good: insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47598
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331761
Bugzilla Description:
gstreamer1-plugins-good: OOB-read in qtdemux_merge_sample_table
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47597
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331755
Bugzilla Description:
gstreamer1-plugins-good: OOB-read in qtdemux_parse_samples
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47596
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331747
Bugzilla Description:
gstreamer1-plugins-good: OOB-read in FOURCC_SMI_ parsing
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47546
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331756
Bugzilla Description:
gstreamer1-plugins-good: integer underflow in extract_cc_from_data leading to OOB-read
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47545
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331763
Bugzilla Description:
gstreamer1-plugins-good: integer underflow in FOURCC_strf parsing leading to OOB-read
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47544
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331751
Bugzilla Description:
gstreamer1-plugins-good: NULL-pointer dereferences in MP4/MOV demuxer CENC handling
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-45337
Severity: important
Released on: 11/12/2024
Advisory:
Bugzilla: 2331720
Bugzilla Description:
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-285
Affected Packages:
Package States: Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ceph Storage 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift on AWS,Red Hat Openshift Sandboxed Containers,Red Hat Openshift Sandboxed Containers,Red Hat Openshift Sandboxed Containers,Red Hat Openshift Sandboxed Containers,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Storage 3,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,
Full Details
CVE document
CVE-2024-47543
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331723
Bugzilla Description:
gstreamer1-plugins-good: OOB-read in qtdemux_parse_container
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47542
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331717
Bugzilla Description:
gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: (CWE-125|CWE-476)
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47541
Severity: moderate
Released on: 11/12/2024
Advisory:
Bugzilla: 2331724
Bugzilla Description:
gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47540
Severity: important
Released on: 11/12/2024
Advisory: RHSA-2024:11299, RHSA-2024:11344, RHSA-2024:11148, RHSA-2024:11346, RHSA-2024:11149, RHSA-2024:11348, RHSA-2024:11119, RHSA-2024:11121, RHSA-2024:11122, RHSA-2024:11298,
Bugzilla: 2331719
Bugzilla Description:
gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-457
Affected Packages: gstreamer1-plugins-good-0:1.10.4-3.el7_9,gstreamer1-plugins-good-0:1.16.1-3.el8_6,gstreamer1-plugins-good-0:1.16.1-4.el8_8,gstreamer1-plugins-good-0:1.22.1-3.el9_5,gstreamer1-plugins-good-0:1.22.1-3.el9_4,gstreamer1-plugins-good-0:1.16.1-2.el8_2,gstreamer1-plugins-good-0:1.16.1-5.el8_10,gstreamer1-plugins-good-0:1.18.4-7.el9_2,gstreamer1-plugins-base-0:1.10.4-3.el7_9,gstreamer1-plugins-good-0:1.18.4-6.el9_0,gstreamer1-plugins-good-0:1.16.1-3.el8_4,
Package States:
Full Details
CVE document
CVE-2024-47539
Severity: important
Released on: 11/12/2024
Advisory: RHSA-2024:11299, RHSA-2024:11148, RHSA-2024:11346, RHSA-2024:11149, RHSA-2024:11348, RHSA-2024:11119, RHSA-2024:11121, RHSA-2024:11122, RHSA-2024:11298,
Bugzilla: 2331726
Bugzilla Description:
gstreamer1-plugins-good: OOB-write in convert_to_s334_1a
CVSS Score:
CVSSv3 Score: 9.8
Vector:
CWE: CWE-787
Affected Packages: gstreamer1-plugins-good-0:1.16.1-3.el8_6,gstreamer1-plugins-good-0:1.16.1-4.el8_8,gstreamer1-plugins-good-0:1.22.1-3.el9_5,gstreamer1-plugins-good-0:1.22.1-3.el9_4,gstreamer1-plugins-good-0:1.16.1-2.el8_2,gstreamer1-plugins-good-0:1.16.1-5.el8_10,gstreamer1-plugins-good-0:1.18.4-7.el9_2,gstreamer1-plugins-good-0:1.18.4-6.el9_0,gstreamer1-plugins-good-0:1.16.1-3.el8_4,
Package States: Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-47538
Severity: important
Released on: 11/12/2024
Advisory: RHSA-2024:11123, RHSA-2024:11344, RHSA-2024:11345, RHSA-2024:11117, RHSA-2024:11118, RHSA-2024:11130, RHSA-2024:11141, RHSA-2024:11142, RHSA-2024:11120, RHSA-2024:11143,
Bugzilla: 2331727
Bugzilla Description:
gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-121
Affected Packages: gstreamer1-plugins-good-0:1.10.4-3.el7_9,gstreamer1-plugins-base-0:1.22.1-3.el9_4,gstreamer1-plugins-base-0:1.18.4-7.el9_0,gstreamer1-plugins-base-0:1.16.1-2.el8_2,gstreamer1-plugins-base-0:1.18.4-7.el9_2,gstreamer1-plugins-base-0:1.16.1-3.el8_6,gstreamer1-plugins-base-0:1.10.4-3.el7_9,gstreamer1-plugins-base-0:1.16.1-5.el8_10,gstreamer1-plugins-base-0:1.16.1-3.el8_8,gstreamer1-plugins-base-0:1.22.1-3.el9_5,gstreamer1-plugins-base-0:1.16.1-3.el8_4,
Package States:
Full Details
CVE document
CVE-2024-47537
Severity: important
Released on: 11/12/2024
Advisory: RHSA-2024:11299, RHSA-2024:11344, RHSA-2024:11148, RHSA-2024:11346, RHSA-2024:11149, RHSA-2024:11348, RHSA-2024:11119, RHSA-2024:11121, RHSA-2024:11122, RHSA-2024:11298,
Bugzilla: 2331722
Bugzilla Description:
gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c
CVSS Score:
CVSSv3 Score: 8.4
Vector:
CWE: (CWE-190|CWE-787)
Affected Packages: gstreamer1-plugins-good-0:1.10.4-3.el7_9,gstreamer1-plugins-good-0:1.16.1-3.el8_6,gstreamer1-plugins-good-0:1.16.1-4.el8_8,gstreamer1-plugins-good-0:1.22.1-3.el9_5,gstreamer1-plugins-good-0:1.22.1-3.el9_4,gstreamer1-plugins-good-0:1.16.1-2.el8_2,gstreamer1-plugins-good-0:1.16.1-5.el8_10,gstreamer1-plugins-good-0:1.18.4-7.el9_2,gstreamer1-plugins-base-0:1.10.4-3.el7_9,gstreamer1-plugins-good-0:1.18.4-6.el9_0,gstreamer1-plugins-good-0:1.16.1-3.el8_4,
Package States:
Full Details
CVE document
CVE-2024-53677
Severity: critical
Released on: 11/12/2024
Advisory:
Bugzilla: 2331686
Bugzilla Description:
struts: org.apache.struts: mixing setters for uploaded files and normal fields can allow bypass file upload checks
CVSS Score:
CVSSv3 Score: 9.0
Vector:
CWE: CWE-552
Affected Packages:
Package States: A-MQ Clients 2,A-MQ Clients 2,A-MQ Clients 2,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Debezium,Red Hat build of Debezium,Red Hat build of Debezium,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat build of OptaPlanner 8,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Data Grid 8,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Integration Camel K,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Data Grid 7,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Fuse Service Works 6,Red Hat JBoss Fuse Service Works 6,Red Hat JBoss Fuse Service Works 6,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 6,Red Hat JBoss Web Server 6,Red Hat JBoss Web Server 6,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,streams for Apache Kafka,streams for Apache Kafka,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-11053
Severity: low
Released on: 11/12/2024
Advisory:
Bugzilla: 2331191
Bugzilla Description:
curl: curl netrc password leak
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-200
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-54133
Severity: low
Released on: 10/12/2024
Advisory:
Bugzilla: 2331619
Bugzilla Description:
actionpack: Possible Content Security Policy bypass in Action Dispatch
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2024-4109
Severity: moderate
Released on: 10/12/2024
Advisory: RHSA-2024:11559, RHSA-2024:10933, RHSA-2024:11570, RHSA-2024:10927, RHSA-2024:11560, RHSA-2024:10928, RHSA-2024:10929,
Bugzilla: 2272325
Bugzilla Description:
undertow: information leakage via HTTP/2 request header reuse
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-200
Affected Packages: eap8-ecj-1:3.31.0-2.redhat_00001.1.el8eap,eap8-wildfly-elytron-0:2.2.7-1.Final_redhat_00001.1.el8eap,eap7-activemq-artemis-0:2.16.0-19.redhat_00053.1.el7eap,eap7-jbossws-cxf-0:5.4.13-1.Final_redhat_00001.1.el7eap,eap8-jakarta-activation-0:2.1.3-1.redhat_00001.1.el8eap,eap8-jctools-0:4.0.5-1.redhat_00001.1.el8eap,eap8-yasson-0:3.0.4-1.redhat_00002.1.el9eap,eap8-undertow-0:2.3.18-1.SP1_redhat_00001.1.el9eap,eap8-eap-product-conf-parent-0:800.5.0-1.GA_redhat_00001.1.el9eap,eap7-wildfly-0:7.4.20-2.GA_redhat_00001.1.el9eap,eap8-hornetq-0:2.4.10-1.Final_redhat_00001.1.el8eap,eap8-netty-0:4.1.114-1.Final_redhat_00001.1.el8eap,eap8-wildfly-elytron-ee-0:3.0.3-2.Final_redhat_00001.1.el9eap,eap7-byte-buddy-0:1.11.12-3.redhat_00003.1.el7eap,eap7-jboss-server-migration-0:1.10.0-40.Final_redhat_00040.1.el9eap,eap7-undertow-0:2.2.37-1.SP2_redhat_00001.1.el8eap,eap8-atinject-0:2.0.1-3.redhat_00006.1.el8eap,eap8-vdx-0:1.1.6-3.redhat_1.1.el8eap,eap8-javaee-security-soteria-0:3.0.0-3.redhat_00001.1.el8eap,eap7-resteasy-0:3.15.10-1.Final_redhat_00001.1.el7eap,eap8-commons-logging-jboss-logging-0:1.0.0-2.Final_redhat_1.1.el9eap,eap8-jbossws-cxf-0:7.3.0-1.Final_redhat_00001.1.el8eap,eap7-jaxen-0:1.1.6-15.redhat_00003.1.el9eap,eap8-wildfly-0:8.0.5-3.GA_redhat_00002.1.el8eap,eap8-parsson-0:1.1.7-1.redhat_00002.1.el8eap,eap7-woodstox-core-0:6.4.0-2.redhat_00003.1.el8eap,eap7-log4j-jboss-logmanager-0:1.3.1-2.Final_redhat_00003.1.el8eap,eap8-expressly-0:5.0.0-5.redhat_00001.1.el9eap,eap8-jansi-0:1.18.0-2.redhat_00001.1.el8eap,eap8-atinject-0:2.0.1-3.redhat_00006.1.el9eap,eap8-vdx-0:1.1.6-3.redhat_1.1.el9eap,eap8-narayana-0:6.0.4-1.Final_redhat_00001.1.el9eap,eap7-jbossws-cxf-0:5.4.13-1.Final_redhat_00001.1.el9eap,eap7-resteasy-0:3.15.10-1.Final_redhat_00001.1.el8eap,eap8-jboss-weld-api-0:5.0.0-4.SP3_redhat_00001.1.el8eap,eap8-jboss-marshalling-0:2.1.6-1.Final_redhat_00001.1.el8eap,eap7-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el7eap,eap7-jaxen-0:1.1.6-15.redhat_00003.1.el8eap,eap8-activemq-artemis-0:2.33.0-2.redhat_00016.1.el9eap,eap8-parsson-0:1.1.7-1.redhat_00002.1.el9eap,eap7-jboss-ejb-client-0:4.0.56-1.Final_redhat_00001.1.el8eap,eap7-wildfly-0:7.4.20-2.GA_redhat_00001.1.el7eap,eap7-byte-buddy-0:1.11.12-3.redhat_00003.1.el9eap,eap7-picketlink-bindings-0:2.5.5-28.SP12_redhat_00017.1.el7eap,eap8-apache-commons-lang-0:3.14.0-3.redhat_00007.1.el8eap,eap8-expressly-0:5.0.0-5.redhat_00001.1.el8eap,eap8-ecj-1:3.31.0-2.redhat_00001.1.el9eap,eap7-wildfly-http-client-0:1.1.18-1.Final_redhat_00001.1.el7eap,eap8-jctools-0:4.0.5-1.redhat_00001.1.el9eap,eap8-resteasy-0:6.2.11-1.Final_redhat_00001.1.el9eap,eap8-undertow-0:2.3.18-1.SP1_redhat_00001.1.el8eap,eap8-jakarta-xml-bind-api-0:4.0.2-1.redhat_00001.1.el8eap,eap8-netty-transport-native-epoll-0:4.1.114-1.Final_redhat_00001.1.el9eap,eap8-yasson-0:3.0.4-1.redhat_00002.1.el8eap,eap8-wildfly-elytron-ee-0:3.0.3-2.Final_redhat_00001.1.el8eap,eap8-jboss-ejb-client-0:5.0.8-1.Final_redhat_00001.1.el9eap,eap8-jsonb-spec-0:3.0.1-1.redhat_00002.1.el9eap,eap8-hal-console-0:3.6.20-1.Final_redhat_00001.1.el8eap,eap8-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el8eap,eap7-jboss-server-migration-0:1.10.0-40.Final_redhat_00040.1.el8eap,eap7-undertow-0:2.2.37-1.SP2_redhat_00001.1.el7eap,eap8-angus-activation-0:2.0.2-1.redhat_00001.1.el8eap,eap8-javaee-security-soteria-0:3.0.0-3.redhat_00001.1.el9eap,eap7-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el9eap,eap8-azure-storage-0:8.6.6-4.redhat_00001.1.el8eap,eap8-commons-logging-jboss-logging-0:1.0.0-2.Final_redhat_1.1.el8eap,eap8-netty-transport-native-epoll-0:4.1.114-1.Final_redhat_00001.1.el8eap,eap8-wildfly-0:8.0.5-3.GA_redhat_00002.1.el9eap,eap7-woodstox-core-0:6.4.0-2.redhat_00003.1.el9eap,eap7-log4j-jboss-logmanager-0:1.3.1-2.Final_redhat_00003.1.el9eap,eap8-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el9eap,eap8-jboss-ejb-client-0:5.0.8-1.Final_redhat_00001.1.el8eap,eap8-undertow-jastow-0:2.2.8-1.Final_redhat_00001.1.el8eap,eap7-picketlink-bindings-0:2.5.5-28.SP12_redhat_00017.1.el9eap,eap7-wildfly-http-client-0:1.1.18-1.Final_redhat_00001.1.el9eap,eap8-jansi-0:1.18.0-2.redhat_00001.1.el9eap,eap7-jbossws-cxf-0:5.4.13-1.Final_redhat_00001.1.el8eap,eap7-activemq-artemis-0:2.16.0-19.redhat_00053.1.el8eap,eap8-eap-product-conf-parent-0:800.5.0-1.GA_redhat_00001.1.el8eap,eap7-byte-buddy-0:1.11.12-3.redhat_00003.1.el8eap,eap8-hibernate-0:6.2.32-1.Final_redhat_00001.1.el9eap,eap7-undertow-0:2.2.37-1.SP2_redhat_00001.1.el9eap,eap7-jboss-ejb-client-0:4.0.56-1.Final_redhat_00001.1.el7eap,eap7-activemq-artemis-0:2.16.0-19.redhat_00053.1.el9eap,eap7-wildfly-http-client-0:1.1.18-1.Final_redhat_00001.1.el8eap,eap8-resteasy-0:6.2.11-1.Final_redhat_00001.1.el8eap,eap8-jbossws-cxf-0:7.3.0-1.Final_redhat_00001.1.el9eap,eap7-jboss-server-migration-0:1.10.0-40.Final_redhat_00040.1.el7eap,eap8-jakarta-xml-bind-api-0:4.0.2-1.redhat_00001.1.el9eap,eap8-hibernate-0:6.2.32-1.Final_redhat_00001.1.el8eap,eap7-woodstox-core-0:6.4.0-2.redhat_00003.1.el7eap,eap8-jsonb-spec-0:3.0.1-1.redhat_00002.1.el8eap,eap8-angus-activation-0:2.0.2-1.redhat_00001.1.el9eap,eap7-log4j-jboss-logmanager-0:1.3.1-2.Final_redhat_00003.1.el7eap,eap8-hal-console-0:3.6.20-1.Final_redhat_00001.1.el9eap,undertow,eap8-narayana-0:6.0.4-1.Final_redhat_00001.1.el8eap,eap8-jboss-weld-api-0:5.0.0-4.SP3_redhat_00001.1.el9eap,eap7-resteasy-0:3.15.10-1.Final_redhat_00001.1.el9eap,eap8-wildfly-elytron-0:2.2.7-1.Final_redhat_00001.1.el9eap,eap8-azure-storage-0:8.6.6-4.redhat_00001.1.el9eap,eap8-jboss-marshalling-0:2.1.6-1.Final_redhat_00001.1.el9eap,eap8-jakarta-activation-0:2.1.3-1.redhat_00001.1.el9eap,eap7-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el8eap,eap8-activemq-artemis-0:2.33.0-2.redhat_00016.1.el8eap,eap7-jaxen-0:1.1.6-15.redhat_00003.1.el7eap,eap8-hornetq-0:2.4.10-1.Final_redhat_00001.1.el9eap,eap7-wildfly-0:7.4.20-2.GA_redhat_00001.1.el8eap,eap8-netty-0:4.1.114-1.Final_redhat_00001.1.el9eap,eap8-undertow-jastow-0:2.2.8-1.Final_redhat_00001.1.el9eap,eap7-picketlink-bindings-0:2.5.5-28.SP12_redhat_00017.1.el8eap,eap8-apache-commons-lang-0:3.14.0-3.redhat_00007.1.el9eap,eap7-jboss-ejb-client-0:4.0.56-1.Final_redhat_00001.1.el9eap,
Package States: Red Hat build of Apache Camel for Spring Boot 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO,Red Hat Build of Keycloak,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2024-12397
Severity: moderate
Released on: 10/12/2024
Advisory:
Bugzilla: 2331298
Bugzilla Description:
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-444
Affected Packages:
Package States: Cryostat 3,Red Hat build of Apache Camel for Quarkus,Red Hat build of Apache Camel for Quarkus,Red Hat build of Apache Camel - HawtIO,Red Hat build of Apicurio Registry,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat build of Quarkus,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-55601
Severity: moderate
Released on: 09/12/2024
Advisory:
Bugzilla: 2331275
Bugzilla Description:
hugo: some attributes not escaped in internal templates
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,
Full Details
CVE document
CVE-2024-55565
Severity: moderate
Released on: 09/12/2024
Advisory: RHSA-2025:0082, RHSA-2025:0079,
Bugzilla: 2331063
Bugzilla Description:
nanoid: nanoid mishandles non-integer values
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-835
Affected Packages: odf4/odf-console-rhel9:v4.16.5-2,odf4/odf-multicluster-console-rhel9:v4.17.2-1,odf4/ocs-client-console-rhel9:v4.17.2-1,odf4/odf-multicluster-console-rhel9:v4.16.5-2,odf4/ocs-client-console-rhel9:v4.16.5-2,odf4/odf-console-rhel9:v4.17.2-1,
Package States: Cryostat 3,Logging Subsystem for Red Hat OpenShift,Migration Toolkit for Applications 7,Migration Toolkit for Applications 7,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO,Red Hat build of Apicurio Registry,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat Connectivity Link,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-12369
Severity: moderate
Released on: 09/12/2024
Advisory:
Bugzilla: 2331178
Bugzilla Description:
elytron-oidc-client: OIDC Authorization Code Injection
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-345
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,
Full Details
CVE document
CVE-2024-53143
Severity: moderate
Released on: 07/12/2024
Advisory:
Bugzilla: 2330957
Bugzilla Description:
kernel: fsnotify: Fix ordering of iput() and watched_objects decrement
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-54137
Severity: important
Released on: 06/12/2024
Advisory:
Bugzilla: 2330843
Bugzilla Description:
liboqs: liboqs has a correctness error in HQC decapsulation
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-200
Affected Packages:
Package States:
Full Details
CVE document
CVE-2024-12254
Severity: important
Released on: 06/12/2024
Advisory: RHSA-2024:10980, RHSA-2024:11035, RHSA-2024:10978,
Bugzilla: 2330804
Bugzilla Description:
python: Unbounded memory buffering in SelectorSocketTransport.writelines()
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: (CWE-400|CWE-770)
Affected Packages: python3.12-0:3.12.1-4.el9_4.5,python3.12-0:3.12.5-2.el9_5.2,python3.12-0:3.12.8-1.el8_10,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),
Full Details
CVE document
CVE-2024-53141
Severity: moderate
Released on: 06/12/2024
Advisory:
Bugzilla: 2330763
Bugzilla Description:
kernel: netfilter: ipset: add missing range check in bitmap_ip_uadt
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-20
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53142
Severity: moderate
Released on: 06/12/2024
Advisory:
Bugzilla: 2330765
Bugzilla Description:
kernel: initramfs: avoid filename buffer overrun
CVSS Score:
CVSSv3 Score: 6.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-52798
Severity: moderate
Released on: 05/12/2024
Advisory:
Bugzilla: 2330689
Bugzilla Description:
path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Cryostat 3,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Migration Toolkit for Applications 7,Migration Toolkit for Applications 7,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO,Red Hat build of Apicurio Registry,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat Connectivity Link,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-11148
Severity: important
Released on: 05/12/2024
Advisory:
Bugzilla: 2330647
Bugzilla Description:
httpd: OpenBSD httpd(8) null dereference
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat JBoss Core Services,Red Hat JBoss Core Services,
Full Details
CVE document
CVE-2024-53846
Severity: moderate
Released on: 05/12/2024
Advisory:
Bugzilla: 2330624
Bugzilla Description:
erlang: ssl fails to validate incorrect extened key usage
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-295
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document
CVE-2024-53589
Severity: moderate
Released on: 05/12/2024
Advisory:
Bugzilla: 2330669
Bugzilla Description:
binutils: objdump: buffer Overflow in the BFD library's handling of tekhex format files
CVSS Score:
CVSSv3 Score: 6.6
Vector:
CWE: CWE-125
Affected Packages:
Package States: Migration Toolkit for Containers,Migration Toolkit for Virtualization,OpenShift API for Data Protection,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-38829
Severity: low
Released on: 04/12/2024
Advisory:
Bugzilla: 2330449
Bugzilla Description:
spring-ldap: Spring LDAP sensitive data exposure for case-sensitive comparisons
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-178
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2024-53908
Severity: important
Released on: 04/12/2024
Advisory: RHSA-2024:11146, RHSA-2024:11144,
Bugzilla: 2329287
Bugzilla Description:
django: Potential SQL injection in HasKey(lhs, rhs) on Oracle
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-89
Affected Packages: ansible-automation-platform-24/de-minimal-rhel8:1.0.7-53,ansible-automation-platform-24/eda-controller-rhel8:1.0.7-30,ansible-automation-platform-24/platform-resource-runner-rhel8:2.4-198,ansible-automation-platform-25/aap-cloud-ui-rhel8-operator:1.0.4-135,ansible-automation-platform-25/ansible-python-toolkit-rhel9:1.0.0-645,ansible-automation-platform-25/de-minimal-rhel9:1.1.2-6,ansible-automation-platform-25/ee-minimal-rhel8:1.0.0-791,ansible-automation-platform/ee-containerized-installer-rhel8:1.3.3-44,ansible-automation-platform/cloud-addons-operator-bundle:2.5-514,ansible-automation-platform-25/gateway-rhel8-operator:2.5-172,ansible-automation-platform-25/ansible-dev-tools-rhel8:24.9.0-23,ansible-automation-platform-25/de-supported-rhel8:1.1.2-6,ansible-automation-platform-25/ansible-python-base-rhel9:1.0.0-688,ansible-automation-platform-25/gateway-proxy-rhel8:2.5.0-35,ansible-automation-platform-25/hub-rhel8-operator:2.5-144,ansible-automation-platform-24/aap-must-gather-rhel8:0.0.1-504,ansible-automation-platform-25/eda-controller-ui-rhel8:1.1.3-2,ansible-automation-platform/platform-operator-bundle:2.5-990,ansible-automation-platform-25/ee-supported-rhel8:1.0.0-862,ansible-automation-platform-24/de-supported-rhel8:1.0.7-63,ansible-automation-platform-25/hub-rhel8:4.10.1-17,ansible-automation-platform-24/ee-supported-rhel8:1.0.0-859,ansible-automation-platform-24/aap-cloud-metrics-collector-rhel8:1.0.2-138,ansible-automation-platform/platform-operator-bundle:2.4-2215,ansible-automation-platform-24/hub-web-rhel8:4.9.2-32,ansible-automation-platform-24/lightspeed-rhel8:2.4.241210-1,ansible-automation-platform-25/controller-rhel8-operator:2.5-142,ansible-automation-platform-25/de-supported-rhel9:1.1.2-5,ansible-automation-platform-25/gateway-rhel8:2.5.20241218-3,ansible-automation-platform-24/controller-rhel8:4.5.15-2,ansible-automation-platform-24/eda-controller-ui-rhel8:1.0.7-29,ansible-automation-platform-24/lightspeed-rhel8-operator:2.4-31,ansible-automation-platform-25/aap-cloud-billing-rhel8-operator:1.0.4-53,ansible-automation-platform-24/aap-cloud-billing-rhel8:0.3.0-51,ansible-automation-platform/cloud-addons-operator-bundle:2.4-855,ansible-automation-platform-24/aap-cloud-billing-rhel8-operator:1.0.4-50,ansible-automation-platform-25/lightspeed-rhel8:2.5.241210-2,ansible-automation-platform-25/ee-cloud-services-rhel9:1.0.0-291,ansible-automation-platform-25/eda-controller-rhel8:1.1.3-9,ansible-automation-platform-25/ee-supported-rhel9:1.0.0-861,ansible-automation-platform-24/ansible-python-toolkit-rhel9:1.0.0-642,ansible-automation-platform-25/ansible-builder-rhel9:3.1.0-197,ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8:1.0.2-139,ansible-automation-platform-25/aap-cloud-ui-rhel8:1.0.5-100,ansible-automation-platform-24/aap-cloud-ui-rhel8-operator:1.0.4-132,ansible-automation-platform-25/controller-rhel8:4.6.3-22,ansible-automation-platform-24/ansible-python-base-rhel8:1.0.0-681,ansible-automation-platform-24/de-supported-rhel9:1.0.7-62,ansible-automation-platform-24/hub-rhel8:4.9.2-34,ansible-automation-platform-24/ee-minimal-rhel8:1.0.0-789,ansible-automation-platform-25/de-minimal-rhel8:1.1.2-7,ansible-automation-platform-25/ee-minimal-rhel9:1.0.0-790,ansible-automation-platform-24/ansible-builder-rhel9:3.0.1-110,ansible-automation-platform-25/ansible-python-toolkit-rhel8:1.0.0-646,ansible-automation-platform-24/hub-rhel8-operator:2.4-164,ansible-automation-platform-24/ansible-builder-rhel8:3.0.1-109,ansible-automation-platform-24/ee-29-rhel8:1.0.0-432,ansible-automation-platform-25/ansible-builder-rhel8:3.1.0-196,ansible-automation-platform-24/controller-rhel8-operator:2.4-165,ansible-automation-platform-25/platform-resource-runner-rhel8:2.5-126,ansible-automation-platform-24/ansible-python-toolkit-rhel8:1.0.0-641,ansible-automation-platform-25/receptor-rhel8:1.5.1-6,ansible-automation-platform-25/platform-resource-rhel8-operator:2.5-96,ansible-automation-platform-24/de-minimal-rhel9:1.0.7-54,ansible-automation-platform-24/eda-controller-rhel8-operator:2.4-165,ansible-automation-platform-24/platform-resource-rhel8-operator:2.4-157,ansible-automation-platform-24/aap-cloud-ui-rhel8:1.0.5-98,ansible-automation-platform-25/hub-web-rhel8:4.10.1-14,ansible-automation-platform-25/aap-cloud-billing-rhel8:0.3.0-54,ansible-automation-platform-25/aap-must-gather-rhel8:0.0.1-507,ansible-automation-platform-25/lightspeed-rhel8-operator:2.5-102,ansible-automation-platform-24/ee-minimal-rhel9:1.0.0-788,ansible-automation-platform-24/ansible-python-base-rhel9:1.0.0-682,ansible-automation-platform-24/ee-supported-rhel9:1.0.0-860,ansible-automation-platform-25/ansible-python-base-rhel8:1.0.0-687,ansible-automation-platform-24/ee-cloud-services-rhel8:1.0.0-290,ansible-automation-platform-25/eda-controller-rhel8-operator:2.5-141,
Package States: Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Discovery,
Full Details
CVE document
CVE-2024-53907
Severity: moderate
Released on: 04/12/2024
Advisory: RHSA-2024:11146, RHSA-2024:11144,
Bugzilla: 2329288
Bugzilla Description:
django: Potential denial-of-service in django.utils.html.strip_tags()
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1169
Affected Packages: ansible-automation-platform-24/de-minimal-rhel8:1.0.7-53,ansible-automation-platform-24/eda-controller-rhel8:1.0.7-30,ansible-automation-platform-24/platform-resource-runner-rhel8:2.4-198,ansible-automation-platform-25/aap-cloud-ui-rhel8-operator:1.0.4-135,ansible-automation-platform-25/ansible-python-toolkit-rhel9:1.0.0-645,ansible-automation-platform-25/de-minimal-rhel9:1.1.2-6,ansible-automation-platform-25/ee-minimal-rhel8:1.0.0-791,ansible-automation-platform/ee-containerized-installer-rhel8:1.3.3-44,ansible-automation-platform/cloud-addons-operator-bundle:2.5-514,ansible-automation-platform-25/gateway-rhel8-operator:2.5-172,ansible-automation-platform-25/ansible-dev-tools-rhel8:24.9.0-23,ansible-automation-platform-25/de-supported-rhel8:1.1.2-6,ansible-automation-platform-25/ansible-python-base-rhel9:1.0.0-688,ansible-automation-platform-25/gateway-proxy-rhel8:2.5.0-35,ansible-automation-platform-25/hub-rhel8-operator:2.5-144,ansible-automation-platform-24/aap-must-gather-rhel8:0.0.1-504,ansible-automation-platform-25/eda-controller-ui-rhel8:1.1.3-2,ansible-automation-platform/platform-operator-bundle:2.5-990,ansible-automation-platform-25/ee-supported-rhel8:1.0.0-862,ansible-automation-platform-24/de-supported-rhel8:1.0.7-63,ansible-automation-platform-25/hub-rhel8:4.10.1-17,ansible-automation-platform-24/ee-supported-rhel8:1.0.0-859,ansible-automation-platform-24/aap-cloud-metrics-collector-rhel8:1.0.2-138,ansible-automation-platform/platform-operator-bundle:2.4-2215,ansible-automation-platform-24/hub-web-rhel8:4.9.2-32,ansible-automation-platform-24/lightspeed-rhel8:2.4.241210-1,ansible-automation-platform-25/controller-rhel8-operator:2.5-142,ansible-automation-platform-25/de-supported-rhel9:1.1.2-5,ansible-automation-platform-25/gateway-rhel8:2.5.20241218-3,ansible-automation-platform-24/controller-rhel8:4.5.15-2,ansible-automation-platform-24/eda-controller-ui-rhel8:1.0.7-29,ansible-automation-platform-24/lightspeed-rhel8-operator:2.4-31,ansible-automation-platform-25/aap-cloud-billing-rhel8-operator:1.0.4-53,ansible-automation-platform-24/aap-cloud-billing-rhel8:0.3.0-51,ansible-automation-platform/cloud-addons-operator-bundle:2.4-855,ansible-automation-platform-24/aap-cloud-billing-rhel8-operator:1.0.4-50,ansible-automation-platform-25/lightspeed-rhel8:2.5.241210-2,ansible-automation-platform-25/ee-cloud-services-rhel9:1.0.0-291,ansible-automation-platform-25/eda-controller-rhel8:1.1.3-9,ansible-automation-platform-25/ee-supported-rhel9:1.0.0-861,ansible-automation-platform-24/ansible-python-toolkit-rhel9:1.0.0-642,ansible-automation-platform-25/ansible-builder-rhel9:3.1.0-197,ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8:1.0.2-139,ansible-automation-platform-25/aap-cloud-ui-rhel8:1.0.5-100,ansible-automation-platform-24/aap-cloud-ui-rhel8-operator:1.0.4-132,ansible-automation-platform-25/controller-rhel8:4.6.3-22,ansible-automation-platform-24/ansible-python-base-rhel8:1.0.0-681,ansible-automation-platform-24/de-supported-rhel9:1.0.7-62,ansible-automation-platform-24/hub-rhel8:4.9.2-34,ansible-automation-platform-24/ee-minimal-rhel8:1.0.0-789,ansible-automation-platform-25/de-minimal-rhel8:1.1.2-7,ansible-automation-platform-25/ee-minimal-rhel9:1.0.0-790,ansible-automation-platform-24/ansible-builder-rhel9:3.0.1-110,ansible-automation-platform-25/ansible-python-toolkit-rhel8:1.0.0-646,ansible-automation-platform-24/hub-rhel8-operator:2.4-164,ansible-automation-platform-24/ansible-builder-rhel8:3.0.1-109,ansible-automation-platform-24/ee-29-rhel8:1.0.0-432,ansible-automation-platform-25/ansible-builder-rhel8:3.1.0-196,ansible-automation-platform-24/controller-rhel8-operator:2.4-165,ansible-automation-platform-25/platform-resource-runner-rhel8:2.5-126,ansible-automation-platform-24/ansible-python-toolkit-rhel8:1.0.0-641,ansible-automation-platform-25/receptor-rhel8:1.5.1-6,ansible-automation-platform-25/platform-resource-rhel8-operator:2.5-96,ansible-automation-platform-24/de-minimal-rhel9:1.0.7-54,ansible-automation-platform-24/eda-controller-rhel8-operator:2.4-165,ansible-automation-platform-24/platform-resource-rhel8-operator:2.4-157,ansible-automation-platform-24/aap-cloud-ui-rhel8:1.0.5-98,ansible-automation-platform-25/hub-web-rhel8:4.10.1-14,ansible-automation-platform-25/aap-cloud-billing-rhel8:0.3.0-54,ansible-automation-platform-25/aap-must-gather-rhel8:0.0.1-507,ansible-automation-platform-25/lightspeed-rhel8-operator:2.5-102,ansible-automation-platform-24/ee-minimal-rhel9:1.0.0-788,ansible-automation-platform-24/ansible-python-base-rhel9:1.0.0-682,ansible-automation-platform-24/ee-supported-rhel9:1.0.0-860,ansible-automation-platform-25/ansible-python-base-rhel8:1.0.0-687,ansible-automation-platform-24/ee-cloud-services-rhel8:1.0.0-290,ansible-automation-platform-25/eda-controller-rhel8-operator:2.5-141,
Package States: Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Discovery,
Full Details
CVE document
CVE-2024-54661
Severity: moderate
Released on: 04/12/2024
Advisory:
Bugzilla: 2330297
Bugzilla Description:
socat: arbitrary file overwrite via predictable /tmp directory
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-377
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-53128
Severity: low
Released on: 04/12/2024
Advisory:
Bugzilla: 2330340
Bugzilla Description:
kernel: sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-843
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53135
Severity: moderate
Released on: 04/12/2024
Advisory:
Bugzilla: 2330341
Bugzilla Description:
kernel: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53133
Severity: moderate
Released on: 04/12/2024
Advisory:
Bugzilla: 2330342
Bugzilla Description:
kernel: drm/amd/display: Handle dml allocation failure to avoid crash
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53130
Severity: low
Released on: 04/12/2024
Advisory:
Bugzilla: 2330343
Bugzilla Description:
kernel: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53138
Severity: moderate
Released on: 04/12/2024
Advisory:
Bugzilla: 2330344
Bugzilla Description:
kernel: net/mlx5e: kTLS, Fix incorrect page refcounting
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53140
Severity: moderate
Released on: 04/12/2024
Advisory:
Bugzilla: 2330345
Bugzilla Description:
kernel: netlink: terminate outstanding dump on socket close
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53136
Severity: moderate
Released on: 04/12/2024
Advisory:
Bugzilla: 2330346
Bugzilla Description:
kernel: mm: revert "mm: shmem: fix data-race in shmem_getattr()"
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53139
Severity: moderate
Released on: 04/12/2024
Advisory:
Bugzilla: 2330347
Bugzilla Description:
kernel: sctp: fix possible UAF in sctp_v6_available()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53127
Severity: low
Released on: 04/12/2024
Advisory:
Bugzilla: 2330348
Bugzilla Description:
kernel: Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-755
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53131
Severity: low
Released on: 04/12/2024
Advisory:
Bugzilla: 2330349
Bugzilla Description:
kernel: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53125
Severity: low
Released on: 04/12/2024
Advisory:
Bugzilla: 2330351
Bugzilla Description:
kernel: bpf: sync_linked_regs() must preserve subreg_def
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-682
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53137
Severity: moderate
Released on: 04/12/2024
Advisory:
Bugzilla: 2330352
Bugzilla Description:
kernel: ARM: fix cacheflush with PAN
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53126
Severity: moderate
Released on: 04/12/2024
Advisory:
Bugzilla: 2330354
Bugzilla Description:
kernel: vdpa: solidrun: Fix UB bug with devres
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53129
Severity: low
Released on: 04/12/2024
Advisory:
Bugzilla: 2330355
Bugzilla Description:
kernel: drm/rockchip: vop: Fix a dereferenced before check warning
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53132
Severity: low
Released on: 04/12/2024
Advisory:
Bugzilla: 2330356
Bugzilla Description:
kernel: drm/xe/oa: Fix "Missing outer runtime PM protection" warning
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-99
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53134
Severity: moderate
Released on: 04/12/2024
Advisory:
Bugzilla: 2330357
Bugzilla Description:
kernel: pmdomain: imx93-blk-ctrl: correct remove path
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-670
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53985
Severity: low
Released on: 02/12/2024
Advisory:
Bugzilla: 2330061
Bugzilla Description:
rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2024-53987
Severity: low
Released on: 02/12/2024
Advisory:
Bugzilla: 2330053
Bugzilla Description:
rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2024-53986
Severity: low
Released on: 02/12/2024
Advisory:
Bugzilla: 2330056
Bugzilla Description:
rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2024-53988
Severity: low
Released on: 02/12/2024
Advisory:
Bugzilla: 2330067
Bugzilla Description:
rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2024-53989
Severity: low
Released on: 02/12/2024
Advisory:
Bugzilla: 2330055
Bugzilla Description:
rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2024-53990
Severity: important
Released on: 02/12/2024
Advisory:
Bugzilla: 2330004
Bugzilla Description:
async-http-client: AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-287
Affected Packages:
Package States: Red Hat build of Apache Camel for Quarkus,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2024-53259
Severity: moderate
Released on: 02/12/2024
Advisory: RHSA-2024:10766,
Bugzilla: 2329991
Bugzilla Description:
quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-345
Affected Packages: receptor-0:1.5.1-2.el9ap,receptor-0:1.5.1-2.el8ap,
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2024-53862
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329988
Bugzilla Description:
argo-workflows: Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: (CWE-200|CWE-290)
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2024-53981
Severity: important
Released on: 02/12/2024
Advisory:
Bugzilla: 2329980
Bugzilla Description:
python-multipart: python-multipart has a DoS via deformation `multipart/form-data` boundary
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux AI (RHEL AI),
Full Details
CVE document
CVE-2024-38827
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329971
Bugzilla Description:
spring-security: authorization bypass for case sensitive comparisons
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-639
Affected Packages:
Package States: A-MQ Clients 2,OpenShift Developer Tools and Services,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO,Red Hat Build of Keycloak,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Single Sign-On 7,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-53104
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329817
Bugzilla Description:
kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53103
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329818
Bugzilla Description:
kernel: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-48916
Severity: important
Released on: 02/12/2024
Advisory: RHSA-2024:10956, RHSA-2024:10957,
Bugzilla: 2329846
Bugzilla Description:
ceph: rhceph-container: Authentication bypass in CEPH RadosGW
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-345
Affected Packages: ceph-2:19.2.0-55.el9cp,rhceph/rhceph-promtail-rhel9:v3.0.0-9,rhceph/rhceph-8-rhel9:8-212,rhceph/rhceph-haproxy-rhel9:2.4.22-38,rhceph/keepalived-rhel9:2.2.8-36,rhceph/oauth2-proxy-rhel9:v7.6.0-6,rhceph/snmp-notifier-rhel9:1.2.1-86,rhceph/grafana-rhel9:10.4.8-6,
Package States: Red Hat Ceph Storage 4,Red Hat Ceph Storage 4,Red Hat Ceph Storage 5,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat Ceph Storage 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53119
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329918
Bugzilla Description:
kernel: virtio/vsock: Fix accept_queue memory leak
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53118
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329919
Bugzilla Description:
kernel: vsock: Fix sk_error_queue memory leak
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53112
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329920
Bugzilla Description:
kernel: ocfs2: uncache inode which has failed entering the group
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53116
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329921
Bugzilla Description:
kernel: drm/panthor: Fix handling of partial GPU mapping of BOs
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53106
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329922
Bugzilla Description:
kernel: ima: fix buffer overrun in ima_eventdigest_init_common
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53109
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329923
Bugzilla Description:
kernel: nommu: pass NULL argument to vma_iter_prealloc()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53113
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329924
Bugzilla Description:
kernel: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53111
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329925
Bugzilla Description:
kernel: mm/mremap: fix address wraparound in move_page_tables()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53115
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329926
Bugzilla Description:
kernel: drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53123
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329927
Bugzilla Description:
kernel: mptcp: error out earlier on disconnect
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53124
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329928
Bugzilla Description:
kernel: net: fix data-races around sk->sk_forward_alloc
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53105
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329929
Bugzilla Description:
kernel: mm: page_alloc: move mlocked flag clearance into free_pages_prepare()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53120
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329930
Bugzilla Description:
kernel: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53114
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329931
Bugzilla Description:
kernel: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53122
Severity: important
Released on: 02/12/2024
Advisory: RHSA-2025:0109, RHSA-2025:0049, RHSA-2025:0057, RHSA-2025:0067, RHSA-2025:0056, RHSA-2025:0059, RHSA-2025:0058, RHSA-2025:0053, RHSA-2025:0064, RHSA-2025:0063, RHSA-2025:0052, RHSA-2025:0066, RHSA-2025:0055, RHSA-2025:0065, RHSA-2025:0054, RHSA-2025:0060, RHSA-2025:0051, RHSA-2025:0062, RHSA-2025:0061, RHSA-2025:0050,
Bugzilla: 2329932
Bugzilla Description:
kernel: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-369
Affected Packages: kernel-0:5.14.0-284.99.1.el9_2,kernel-rt-0:4.18.0-305.148.1.rt7.225.el8_4,kernel-0:5.14.0-70.122.1.el9_0,kernel-0:4.18.0-305.148.1.el8_4,kernel-rt-0:5.14.0-70.122.1.rt21.194.el9_0,kernel-0:4.18.0-372.134.1.el8_6,kernel-rt-0:4.18.0-553.34.1.rt7.375.el8_10,kernel-0:4.18.0-477.86.1.el8_8,kpatch-patch,kernel-rt-0:5.14.0-284.99.1.rt14.384.el9_2,kernel-0:4.18.0-553.34.1.el8_10,kernel-0:5.14.0-503.21.1.el9_5,kernel-0:5.14.0-427.50.1.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53108
Severity: important
Released on: 02/12/2024
Advisory:
Bugzilla: 2329933
Bugzilla Description:
kernel: drm/amd/display: Adjust VSDB parser for replay feature
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53107
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329934
Bugzilla Description:
kernel: fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53117
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329935
Bugzilla Description:
kernel: virtio/vsock: Improve MSG_ZEROCOPY error handling
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53121
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329936
Bugzilla Description:
kernel: net/mlx5: fs, lock FTE when checking if active
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53110
Severity: moderate
Released on: 02/12/2024
Advisory:
Bugzilla: 2329937
Bugzilla Description:
kernel: vp_vdpa: fix id_table array not null terminated error
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53861
Severity: low
Released on: 29/11/2024
Advisory:
Bugzilla: 2329527
Bugzilla Description:
pyjwt: Issuer field partial matches allowed in pyjwt
CVSS Score:
CVSSv3 Score: 2.2
Vector:
CWE: CWE-697
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 9,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Update Infrastructure 4 for Cloud Providers,
Full Details
CVE document
CVE-2024-53848
Severity: important
Released on: 29/11/2024
Advisory:
Bugzilla: 2329542
Bugzilla Description:
check-jsonschema: check-jsonschema default caching for remote schemas allows for cache confusion
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-349
Affected Packages:
Package States:
Full Details
CVE document
CVE-2024-36623
Severity: important
Released on: 29/11/2024
Advisory:
Bugzilla: 2329519
Bugzilla Description:
moby: Race Condition in Moby's streamformatter Package
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-362
Affected Packages:
Package States: Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,OpenShift Service Mesh 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-36621
Severity: moderate
Released on: 29/11/2024
Advisory:
Bugzilla: 2329522
Bugzilla Description:
moby: Race Condition in Moby's Snapshot Layer Handling
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-362
Affected Packages:
Package States: Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,OpenShift Service Mesh 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-36620
Severity: moderate
Released on: 29/11/2024
Advisory:
Bugzilla: 2329534
Bugzilla Description:
github.com/moby/moby: NULL Pointer Dereference in Moby
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,OpenShift Service Mesh 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-54159
Severity: moderate
Released on: 29/11/2024
Advisory:
Bugzilla: 2329574
Bugzilla Description:
stalld: denial of service
CVSS Score:
CVSSv3 Score: 4.1
Vector:
CWE: CWE-61
Affected Packages:
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-53008
Severity: moderate
Released on: 28/11/2024
Advisory:
Bugzilla: 2329284
Bugzilla Description:
HAProxy: HTTP request smuggling in HAProxy
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-444
Affected Packages:
Package States: Red Hat Ceph Storage 5,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2023-52922
Severity: moderate
Released on: 28/11/2024
Advisory:
Bugzilla: 2329370
Bugzilla Description:
kernel: can: bcm: Fix UAF in bcm_proc_show()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53920
Severity: moderate
Released on: 27/11/2024
Advisory:
Bugzilla: 2329161
Bugzilla Description:
emacs: arbitrary code execution via Lisp macro expansion
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-8676
Severity: moderate
Released on: 26/11/2024
Advisory: RHBA-2024:10826,
Bugzilla: 2313842
Bugzilla Description:
cri-o: Checkpoint restore can be triggered from different namespaces
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-285
Affected Packages: cri-o-0:1.29.11-3.rhaos4.16.git16d9bd6.el9,
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 3.11,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-11407
Severity: moderate
Released on: 26/11/2024
Advisory:
Bugzilla: 2329003
Bugzilla Description:
grpc: Denial of Service through Data corruption in gRPC-C++
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-682
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ceph Storage 7,Red Hat Ceph Storage 7,Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat OpenShift Container Platform 4,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Update Infrastructure 4 for Cloud Providers,
Full Details
CVE document
CVE-2024-11708
Severity: low
Released on: 26/11/2024
Advisory:
Bugzilla: 2328939
Bugzilla Description:
firefox: thunderbird: Data race with PlaybackParams
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-820
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11699
Severity: important
Released on: 26/11/2024
Advisory: RHSA-2024:10881, RHSA-2024:10752, RHSA-2024:10742, RHSA-2024:10710, RHSA-2024:10743, RHSA-2024:10733, RHSA-2024:10667, RHSA-2024:10844, RHSA-2024:10734, RHSA-2024:10745, RHSA-2024:10702, RHSA-2024:10703, RHSA-2024:10704, RHSA-2024:10748, RHSA-2024:10848, RHSA-2024:10849, RHSA-2024:10591, RHSA-2024:10592, RHSA-2024:10880,
Bugzilla: 2328947
Bugzilla Description:
firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: thunderbird-0:128.5.0-1.el8_6,thunderbird-0:128.5.0-1.el9_5,thunderbird-0:128.5.0-1.el9_4,thunderbird-0:128.5.0-1.el8_4,thunderbird-0:128.5.0-1.el9_2,thunderbird-0:128.5.0-1.el8_8,firefox-0:128.5.1-1.el8_10,firefox-0:128.5.1-1.el9_0,firefox-0:128.5.1-1.el8_4,firefox-0:128.5.1-1.el9_4,firefox-0:128.5.1-1.el8_2,firefox-0:128.5.1-1.el9_2,firefox-0:128.5.1-1.el7_9,firefox-0:128.5.1-1.el8_8,firefox-0:128.5.1-1.el8_6,firefox-0:128.5.1-1.el9_5,thunderbird-0:128.5.0-1.el8_10,thunderbird-0:128.5.0-1.el8_2,thunderbird-0:128.5.0-1.el9_0,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11706
Severity: low
Released on: 26/11/2024
Advisory:
Bugzilla: 2328951
Bugzilla Description:
firefox: thunderbird: Null Pointer Dereference in PKCS#12 Utility
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11705
Severity: low
Released on: 26/11/2024
Advisory:
Bugzilla: 2328955
Bugzilla Description:
firefox: thunderbird: Null Pointer Dereference in NSC_DeriveKey
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11698
Severity: low
Released on: 26/11/2024
Advisory:
Bugzilla: 2328953
Bugzilla Description:
firefox: thunderbird: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-755
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11704
Severity: low
Released on: 26/11/2024
Advisory:
Bugzilla: 2328942
Bugzilla Description:
firefox: thunderbird: Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-415
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11696
Severity: moderate
Released on: 26/11/2024
Advisory: RHSA-2024:10881, RHSA-2024:10752, RHSA-2024:10742, RHSA-2024:10710, RHSA-2024:10743, RHSA-2024:10733, RHSA-2024:10667, RHSA-2024:10844, RHSA-2024:10734, RHSA-2024:10745, RHSA-2024:10702, RHSA-2024:10703, RHSA-2024:10704, RHSA-2024:10748, RHSA-2024:10848, RHSA-2024:10849, RHSA-2024:10591, RHSA-2024:10592, RHSA-2024:10880,
Bugzilla: 2328943
Bugzilla Description:
firefox: thunderbird: Unhandled Exception in Add-on Signature Verification
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-354
Affected Packages: thunderbird-0:128.5.0-1.el8_6,thunderbird-0:128.5.0-1.el9_5,thunderbird-0:128.5.0-1.el9_4,thunderbird-0:128.5.0-1.el8_4,thunderbird-0:128.5.0-1.el9_2,thunderbird-0:128.5.0-1.el8_8,firefox-0:128.5.1-1.el8_10,firefox-0:128.5.1-1.el9_0,firefox-0:128.5.1-1.el8_4,firefox-0:128.5.1-1.el9_4,firefox-0:128.5.1-1.el8_2,firefox-0:128.5.1-1.el9_2,firefox-0:128.5.1-1.el7_9,firefox-0:128.5.1-1.el8_8,firefox-0:128.5.1-1.el8_6,firefox-0:128.5.1-1.el9_5,thunderbird-0:128.5.0-1.el8_10,thunderbird-0:128.5.0-1.el8_2,thunderbird-0:128.5.0-1.el9_0,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11697
Severity: low
Released on: 26/11/2024
Advisory: RHSA-2024:10881, RHSA-2024:10752, RHSA-2024:10742, RHSA-2024:10710, RHSA-2024:10743, RHSA-2024:10733, RHSA-2024:10667, RHSA-2024:10844, RHSA-2024:10734, RHSA-2024:10745, RHSA-2024:10702, RHSA-2024:10703, RHSA-2024:10704, RHSA-2024:10748, RHSA-2024:10848, RHSA-2024:10849, RHSA-2024:10591, RHSA-2024:10592, RHSA-2024:10880,
Bugzilla: 2328950
Bugzilla Description:
firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-356
Affected Packages: thunderbird-0:128.5.0-1.el8_6,thunderbird-0:128.5.0-1.el9_5,thunderbird-0:128.5.0-1.el9_4,thunderbird-0:128.5.0-1.el8_4,thunderbird-0:128.5.0-1.el9_2,thunderbird-0:128.5.0-1.el8_8,firefox-0:128.5.1-1.el8_10,firefox-0:128.5.1-1.el9_0,firefox-0:128.5.1-1.el8_4,firefox-0:128.5.1-1.el9_4,firefox-0:128.5.1-1.el8_2,firefox-0:128.5.1-1.el9_2,firefox-0:128.5.1-1.el7_9,firefox-0:128.5.1-1.el8_8,firefox-0:128.5.1-1.el8_6,firefox-0:128.5.1-1.el9_5,thunderbird-0:128.5.0-1.el8_10,thunderbird-0:128.5.0-1.el8_2,thunderbird-0:128.5.0-1.el9_0,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11703
Severity: moderate
Released on: 26/11/2024
Advisory:
Bugzilla: 2328937
Bugzilla Description:
firefox: thunderbird: Password access without authentication via PIN bypass on Android
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-288
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11695
Severity: moderate
Released on: 26/11/2024
Advisory: RHSA-2024:10881, RHSA-2024:10752, RHSA-2024:10742, RHSA-2024:10710, RHSA-2024:10743, RHSA-2024:10733, RHSA-2024:10667, RHSA-2024:10844, RHSA-2024:10734, RHSA-2024:10745, RHSA-2024:10702, RHSA-2024:10703, RHSA-2024:10704, RHSA-2024:10748, RHSA-2024:10848, RHSA-2024:10849, RHSA-2024:10591, RHSA-2024:10592, RHSA-2024:10880,
Bugzilla: 2328948
Bugzilla Description:
firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-451
Affected Packages: thunderbird-0:128.5.0-1.el8_6,thunderbird-0:128.5.0-1.el9_5,thunderbird-0:128.5.0-1.el9_4,thunderbird-0:128.5.0-1.el8_4,thunderbird-0:128.5.0-1.el9_2,thunderbird-0:128.5.0-1.el8_8,firefox-0:128.5.1-1.el8_10,firefox-0:128.5.1-1.el9_0,firefox-0:128.5.1-1.el8_4,firefox-0:128.5.1-1.el9_4,firefox-0:128.5.1-1.el8_2,firefox-0:128.5.1-1.el9_2,firefox-0:128.5.1-1.el7_9,firefox-0:128.5.1-1.el8_8,firefox-0:128.5.1-1.el8_6,firefox-0:128.5.1-1.el9_5,thunderbird-0:128.5.0-1.el8_10,thunderbird-0:128.5.0-1.el8_2,thunderbird-0:128.5.0-1.el9_0,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11694
Severity: moderate
Released on: 26/11/2024
Advisory: RHSA-2024:10881, RHSA-2024:10752, RHSA-2024:10742, RHSA-2024:10710, RHSA-2024:10743, RHSA-2024:10733, RHSA-2024:10667, RHSA-2024:10844, RHSA-2024:10734, RHSA-2024:10745, RHSA-2024:10702, RHSA-2024:10703, RHSA-2024:10704, RHSA-2024:10748, RHSA-2024:10848, RHSA-2024:10849, RHSA-2024:10591, RHSA-2024:10592, RHSA-2024:10880,
Bugzilla: 2328941
Bugzilla Description:
firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages: thunderbird-0:128.5.0-1.el8_6,thunderbird-0:128.5.0-1.el9_5,thunderbird-0:128.5.0-1.el9_4,thunderbird-0:128.5.0-1.el8_4,thunderbird-0:128.5.0-1.el9_2,thunderbird-0:128.5.0-1.el8_8,firefox-0:128.5.1-1.el8_10,firefox-0:128.5.1-1.el9_0,firefox-0:128.5.1-1.el8_4,firefox-0:128.5.1-1.el9_4,firefox-0:128.5.1-1.el8_2,firefox-0:128.5.1-1.el9_2,firefox-0:128.5.1-1.el7_9,firefox-0:128.5.1-1.el8_8,firefox-0:128.5.1-1.el8_6,firefox-0:128.5.1-1.el9_5,thunderbird-0:128.5.0-1.el8_10,thunderbird-0:128.5.0-1.el8_2,thunderbird-0:128.5.0-1.el9_0,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11693
Severity: moderate
Released on: 26/11/2024
Advisory:
Bugzilla: 2328949
Bugzilla Description:
firefox: thunderbird: Download Protections were bypassed by .library-ms files on Windows
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-356
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11702
Severity: moderate
Released on: 26/11/2024
Advisory:
Bugzilla: 2328952
Bugzilla Description:
firefox: thunderbird: Inadequate Clipboard Protection in Private Browsing Mode on Android
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-922
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11700
Severity: moderate
Released on: 26/11/2024
Advisory:
Bugzilla: 2328938
Bugzilla Description:
firefox: thunderbird: Potential Tapjacking Exploit for Intent Confirmation on Android
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-356
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11701
Severity: low
Released on: 26/11/2024
Advisory:
Bugzilla: 2328945
Bugzilla Description:
firefox: thunderbird: Misleading Address Bar State During Navigation Interruption
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-451
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11692
Severity: moderate
Released on: 26/11/2024
Advisory: RHSA-2024:10881, RHSA-2024:10752, RHSA-2024:10742, RHSA-2024:10710, RHSA-2024:10743, RHSA-2024:10733, RHSA-2024:10667, RHSA-2024:10844, RHSA-2024:10734, RHSA-2024:10745, RHSA-2024:10702, RHSA-2024:10703, RHSA-2024:10704, RHSA-2024:10748, RHSA-2024:10848, RHSA-2024:10849, RHSA-2024:10591, RHSA-2024:10592, RHSA-2024:10880,
Bugzilla: 2328946
Bugzilla Description:
firefox: thunderbird: Select list elements could be shown over another site
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-451
Affected Packages: thunderbird-0:128.5.0-1.el8_6,thunderbird-0:128.5.0-1.el9_5,thunderbird-0:128.5.0-1.el9_4,thunderbird-0:128.5.0-1.el8_4,thunderbird-0:128.5.0-1.el9_2,thunderbird-0:128.5.0-1.el8_8,firefox-0:128.5.1-1.el8_10,firefox-0:128.5.1-1.el9_0,firefox-0:128.5.1-1.el8_4,firefox-0:128.5.1-1.el9_4,firefox-0:128.5.1-1.el8_2,firefox-0:128.5.1-1.el9_2,firefox-0:128.5.1-1.el7_9,firefox-0:128.5.1-1.el8_8,firefox-0:128.5.1-1.el8_6,firefox-0:128.5.1-1.el9_5,thunderbird-0:128.5.0-1.el8_10,thunderbird-0:128.5.0-1.el8_2,thunderbird-0:128.5.0-1.el9_0,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11691
Severity: important
Released on: 26/11/2024
Advisory:
Bugzilla: 2328940
Bugzilla Description:
firefox: thunderbird: Memory corruption in Apple GPU drivers
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-119
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-52336
Severity: important
Released on: 26/11/2024
Advisory: RHSA-2024:10384,
Bugzilla: 2324540
Bugzilla Description:
tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-269
Affected Packages: tuned-0:2.24.0-2.el9_5,
Package States: Fast Datapath for RHEL 7,Fast Datapath for RHEL 8,Fast Datapath for RHEL 9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2024-52337
Severity: moderate
Released on: 26/11/2024
Advisory: RHSA-2025:0195, RHSA-2024:11161, RHSA-2024:10381, RHSA-2024:10384,
Bugzilla: 2324541
Bugzilla Description:
tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-20
Affected Packages: tuned-0:2.20.0-2.el8_8.1,tuned-0:2.11.0-13.el7_9,tuned-0:2.22.1-5.el8_10,tuned-0:2.24.0-2.el9_5,
Package States: Fast Datapath for RHEL 7,Fast Datapath for RHEL 8,Fast Datapath for RHEL 9,Red Hat Enterprise Linux 6,
Full Details
CVE document
CVE-2023-2142
Severity: moderate
Released on: 26/11/2024
Advisory:
Bugzilla: 2328903
Bugzilla Description:
Nunjucks: Nunjucks autoescape bypass leads to cross site scripting
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Developer Hub,Red Hat Developer Hub,
Full Details
CVE document
CVE-2024-52811
Severity: important
Released on: 25/11/2024
Advisory:
Bugzilla: 2328752
Bugzilla Description:
ngtcp2: Acks not validated before logged to qlog leads to buffer overflow in ngtcp2
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-670
Affected Packages:
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2024-11738
Severity: moderate
Released on: 25/11/2024
Advisory:
Bugzilla: 2328732
Bugzilla Description:
rustls: rustls network-reachable panic in `Acceptor::accept`
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-248
Affected Packages:
Package States: Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,
Full Details
CVE document
CVE-2024-11403
Severity: moderate
Released on: 25/11/2024
Advisory:
Bugzilla: 2328670
Bugzilla Description:
libjxl: Out of Bounds Memory Read/Write in libjxl
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: (CWE-125|CWE-787)
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11498
Severity: moderate
Released on: 25/11/2024
Advisory:
Bugzilla: 2328669
Bugzilla Description:
libjxl: Resource exhaustion via Stack overflow in libjxl
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-400
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53099
Severity: moderate
Released on: 25/11/2024
Advisory:
Bugzilla: 2328788
Bugzilla Description:
kernel: bpf: Check validity of link->type in bpf_link_show_fdinfo()
CVSS Score:
CVSSv3 Score: 6.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53098
Severity: moderate
Released on: 25/11/2024
Advisory:
Bugzilla: 2328790
Bugzilla Description:
kernel: drm/xe/ufence: Prefetch ufence addr to catch bogus address
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-121
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53096
Severity: moderate
Released on: 25/11/2024
Advisory:
Bugzilla: 2328791
Bugzilla Description:
kernel: mm: resolve faulty mmap_region() error path behaviour
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-99
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53097
Severity: low
Released on: 25/11/2024
Advisory:
Bugzilla: 2328792
Bugzilla Description:
kernel: mm: krealloc: Fix MTE false alarm in __do_krealloc
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-119
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53100
Severity: moderate
Released on: 25/11/2024
Advisory:
Bugzilla: 2328793
Bugzilla Description:
kernel: nvme: tcp: avoid race between queue_lock lock and destroy
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53101
Severity: moderate
Released on: 25/11/2024
Advisory:
Bugzilla: 2328794
Bugzilla Description:
kernel: fs: Fix uninitialized value issue in from_kuid and from_kgid
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-457
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53102
Severity: moderate
Released on: 25/11/2024
Advisory:
Bugzilla: 2328796
Bugzilla Description:
kernel: nvme: make keep-alive synchronous operation
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11233
Severity: moderate
Released on: 24/11/2024
Advisory:
Bugzilla: 2328521
Bugzilla Description:
php: Single byte overread with convert.quoted-printable-decode filter
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11234
Severity: moderate
Released on: 24/11/2024
Advisory:
Bugzilla: 2328523
Bugzilla Description:
php: Configuring a proxy in a stream context might allow for CRLF injection in URIs
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-20
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11236
Severity: moderate
Released on: 24/11/2024
Advisory:
Bugzilla: 2328522
Bugzilla Description:
php: Integer overflow in the firebird and dblib quoters causing OOB writes
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53899
Severity: important
Released on: 24/11/2024
Advisory: RHSA-2024:11048, RHSA-2024:10953, RHSA-2024:11091, RHSA-2024:11093, RHSA-2024:11094, RHSA-2025:0002,
Bugzilla: 2328554
Bugzilla Description:
virtualenv: potential command injection via virtual environment activation scripts
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-78
Affected Packages: python36:3.6-8060020241213062726.448f2761,python36:3.6-8100020241203074044.4c5117ad,python-virtualenv-0:15.1.0-7.el7_9.1,python36:3.6-8080020241205132428.075014fc,python36:3.6-8040020241213073301.9bf6f064,python36:3.6-8020020241213084804.606b8f18,
Package States: OpenShift Lightspeed,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,
Full Details
CVE document
CVE-2024-53916
Severity: moderate
Released on: 24/11/2024
Advisory:
Bugzilla: 2328595
Bugzilla Description:
openstack-neutron: tagging.py can use an incorrect ID during policy enforcement
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-345
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,
Full Details
CVE document
CVE-2024-11394
Severity: important
Released on: 22/11/2024
Advisory:
Bugzilla: 2328333
Bugzilla Description:
transformers: Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-502
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),
Full Details
CVE document
CVE-2024-11393
Severity: important
Released on: 22/11/2024
Advisory:
Bugzilla: 2328394
Bugzilla Description:
transformers: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-502
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),
Full Details
CVE document
CVE-2024-11392
Severity: important
Released on: 22/11/2024
Advisory:
Bugzilla: 2328351
Bugzilla Description:
transformers: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-502
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),
Full Details
CVE document
CVE-2024-52804
Severity: important
Released on: 22/11/2024
Advisory: RHSA-2024:10843, RHSA-2024:10836, RHSA-2024:10590,
Bugzilla: 2328045
Bugzilla Description:
python-tornado: Tornado has HTTP cookie parsing DoS vulnerability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: (CWE-400|CWE-770)
Affected Packages: python-tornado-0:6.4.2-1.el9_2,python-tornado-0:6.4.2-1.el9_5,python-tornado-0:6.4.2-1.el9_4,
Package States: Red Hat Enterprise Linux 7,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-8929
Severity: moderate
Released on: 22/11/2024
Advisory:
Bugzilla: 2327960
Bugzilla Description:
php: Leak partial content of the heap through heap buffer over-read in mysqlnd
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: (CWE-125|CWE-200)
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-8932
Severity: moderate
Released on: 22/11/2024
Advisory:
Bugzilla: 2327961
Bugzilla Description:
php: OOB access in ldap_escape
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-12401
Severity: low
Released on: 21/11/2024
Advisory:
Bugzilla: 2327929
Bugzilla Description:
cert-manager: potential DoS when parsing specially crafted PEM inputs
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-20
Affected Packages:
Package States: cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,Cryostat 3,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat Connectivity Link,Red Hat Connectivity Link,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,
Full Details
CVE document
CVE-2024-10492
Severity: low
Released on: 21/11/2024
Advisory: RHSA-2024:10177, RHSA-2024:10178, RHSA-2024:10175, RHSA-2024:10176,
Bugzilla: 2322447
Bugzilla Description:
keycloak-quarkus-server: Keycloak path trasversal
CVSS Score:
CVSSv3 Score: 2.7
Vector:
CWE: CWE-73
Affected Packages: rhbk/keycloak-rhel9:26.0-5,rhbk/keycloak-rhel9:24-18,rhbk/keycloak-rhel9-operator:26.0-6,rhbk/keycloak-operator-bundle:24.0.9-1,rhbk/keycloak-rhel9-operator:24-18,org.keycloak/keycloak-quarkus-server,rhbk/keycloak-operator-bundle:26.0.6-2,
Package States: Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2024-10451
Severity: moderate
Released on: 21/11/2024
Advisory: RHSA-2024:10177, RHSA-2024:10178, RHSA-2024:10175, RHSA-2024:10176,
Bugzilla: 2322096
Bugzilla Description:
org.keycloak:keycloak-quarkus-server: Sensitive Data Exposure in Keycloak Build Process
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-798
Affected Packages: rhbk/keycloak-rhel9:26.0-5,rhbk/keycloak-rhel9:24-18,rhbk/keycloak-rhel9-operator:26.0-6,rhbk/keycloak-operator-bundle:24.0.9-1,rhbk/keycloak-rhel9-operator:24-18,org.keycloak/keycloak-quarkus-server,rhbk/keycloak-operator-bundle:26.0.6-2,
Package States: Red Hat JBoss Enterprise Application Platform 8,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2024-10270
Severity: moderate
Released on: 21/11/2024
Advisory: RHSA-2024:10177, RHSA-2024:10178, RHSA-2024:10175, RHSA-2024:10176,
Bugzilla: 2321214
Bugzilla Description:
org.keycloak:keycloak-services: Keycloak Denial of Service
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1333
Affected Packages: org.keycloak/keycloak-services,rhbk/keycloak-rhel9:26.0-5,rhbk/keycloak-rhel9:24-18,rhbk/keycloak-rhel9-operator:26.0-6,rhbk/keycloak-operator-bundle:24.0.9-1,rhbk/keycloak-rhel9-operator:24-18,rhbk/keycloak-operator-bundle:26.0.6-2,
Package States: Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2024-9666
Severity: low
Released on: 21/11/2024
Advisory: RHSA-2024:10177, RHSA-2024:10178, RHSA-2024:10175, RHSA-2024:10176,
Bugzilla: 2317440
Bugzilla Description:
org.keycloak/keycloak-quarkus-server: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-444
Affected Packages: rhbk/keycloak-rhel9:26.0-5,rhbk/keycloak-rhel9:24-18,rhbk/keycloak-rhel9-operator:26.0-6,rhbk/keycloak-operator-bundle:24.0.9-1,rhbk/keycloak-rhel9-operator:24-18,org.keycloak/keycloak-quarkus-server,rhbk/keycloak-operator-bundle:26.0.6-2,
Package States: Red Hat JBoss Enterprise Application Platform 8,
Full Details
CVE document
CVE-2024-10039
Severity: important
Released on: 21/11/2024
Advisory: RHSA-2024:10177, RHSA-2024:10178, RHSA-2024:10175, RHSA-2024:10176,
Bugzilla: 2319217
Bugzilla Description:
keycloak-core: mTLS passthrough
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-295
Affected Packages: org.keycloak/keycloak-core,rhbk/keycloak-rhel9:26.0-5,rhbk/keycloak-rhel9:24-18,rhbk/keycloak-rhel9-operator:26.0-6,rhbk/keycloak-operator-bundle:24.0.9-1,rhbk/keycloak-rhel9-operator:24-18,rhbk/keycloak-operator-bundle:26.0.6-2,
Package States: Red Hat JBoss Enterprise Application Platform 8,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2024-6538
Severity: moderate
Released on: 21/11/2024
Advisory:
Bugzilla: 2296057
Bugzilla Description:
openshift-console: OpenShift Console: Server-Side Request Forgery
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-11596
Severity: moderate
Released on: 21/11/2024
Advisory:
Bugzilla: 2327763
Bugzilla Description:
wireshark: Buffer Over-read in Wireshark
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-126
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11595
Severity: moderate
Released on: 21/11/2024
Advisory:
Bugzilla: 2327764
Bugzilla Description:
wireshark: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-30896
Severity: important
Released on: 21/11/2024
Advisory:
Bugzilla: 2327749
Bugzilla Description:
InfluxDB: Privilege Escalation via Authorization Token in InfluxDB
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE:
Affected Packages:
Package States: OpenShift Service Mesh 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Openshift Container Storage 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Container Storage 4,Red Hat OpenStack Platform 16.2,
Full Details
CVE document
CVE-2024-53425
Severity: moderate
Released on: 21/11/2024
Advisory:
Bugzilla: 2327803
Bugzilla Description:
assimp: heap-based buffer overflow in SkipSpacesAndLineEnd
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53090
Severity: moderate
Released on: 21/11/2024
Advisory:
Bugzilla: 2327887
Bugzilla Description:
kernel: afs: Fix lock recursion
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53095
Severity: moderate
Released on: 21/11/2024
Advisory:
Bugzilla: 2327888
Bugzilla Description:
kernel: smb: client: Fix use-after-free of network namespace.
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53093
Severity: moderate
Released on: 21/11/2024
Advisory:
Bugzilla: 2327890
Bugzilla Description:
kernel: nvme-multipath: defer partition scanning
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53094
Severity: moderate
Released on: 21/11/2024
Advisory:
Bugzilla: 2327891
Bugzilla Description:
kernel: RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53089
Severity: moderate
Released on: 21/11/2024
Advisory:
Bugzilla: 2327892
Bugzilla Description:
kernel: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53091
Severity: moderate
Released on: 21/11/2024
Advisory:
Bugzilla: 2327893
Bugzilla Description:
kernel: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53092
Severity: moderate
Released on: 21/11/2024
Advisory:
Bugzilla: 2327894
Bugzilla Description:
kernel: virtio_pci: Fix admin vq cleanup by using correct info pointer
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11483
Severity: moderate
Released on: 20/11/2024
Advisory: RHSA-2024:11145,
Bugzilla: 2327579
Bugzilla Description:
automation-gateway: Improper Scope Handling in OAuth2 Tokens for AAP 2.5
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-284
Affected Packages: automation-gateway-0:2.5.20241218-1.el8ap,automation-gateway-0:2.5.20241218-1.el9ap,
Package States:
Full Details
CVE document
CVE-2024-44309
Severity: important
Released on: 20/11/2024
Advisory: RHSA-2024:10496, RHSA-2024:10489, RHSA-2024:10501, RHSA-2024:10480, RHSA-2024:10481, RHSA-2024:10492, RHSA-2024:10482, RHSA-2024:10472, RHSA-2024:10483,
Bugzilla: 2327927
Bugzilla Description:
webkitgtk: data isolation bypass vulnerability
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages: webkit2gtk3-0:2.46.3-2.el8_8,webkit2gtk3-0:2.46.3-2.el9_4,webkit2gtk3-0:2.46.3-2.el8_6,webkit2gtk3-0:2.46.3-2.el9_5,webkit2gtk3-0:2.46.3-2.el9_2,webkit2gtk3-0:2.46.3-2.el8_10,webkit2gtk3-0:2.46.3-2.el8_4,webkit2gtk3-0:2.46.3-2.el9_0,webkit2gtk3-0:2.46.3-2.el8_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-10224
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327329
Bugzilla Description:
module-scandeps: local privilege escalation via unsanitized input
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-20
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10524
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327303
Bugzilla Description:
wget: GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),
Full Details
CVE document
CVE-2024-31141
Severity: moderate
Released on: 19/11/2024
Advisory: RHSA-2024:10700,
Bugzilla: 2327264
Bugzilla Description:
kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: (CWE-269|CWE-552)
Affected Packages: org.apache.kafka/kafka-clients,
Package States: A-MQ Clients 2,Logging Subsystem for Red Hat OpenShift,Red Hat build of Apache Camel for Quarkus,Red Hat build of Apicurio Registry,Red Hat build of Debezium,Red Hat build of Quarkus,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-50290
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327167
Bugzilla Description:
kernel: media: cx24116: prevent overflows on SNR calculus
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50264
Severity: moderate
Released on: 19/11/2024
Advisory: RHSA-2024:10943, RHSA-2024:10944,
Bugzilla: 2327168
Bugzilla Description:
kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
CVSS Score:
CVSSv3 Score: 6.0
Vector:
CWE: CWE-416
Affected Packages: kernel-0:4.18.0-553.32.1.el8_10,kernel-rt-0:4.18.0-553.32.1.rt7.373.el8_10,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50302
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327169
Bugzilla Description:
kernel: HID: core: zero-initialize the report buffer
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-665
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50279
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327170
Bugzilla Description:
kernel: dm cache: fix out-of-bounds access to the dirty bitset when resizing
CVSS Score:
CVSSv3 Score: 6.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50297
Severity: important
Released on: 19/11/2024
Advisory:
Bugzilla: 2327171
Bugzilla Description:
kernel: net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50285
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327172
Bugzilla Description:
kernel: ksmbd: check outstanding simultaneous SMB operations
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2023-52921
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327173
Bugzilla Description:
kernel: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50271
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327174
Bugzilla Description:
kernel: signal: restore the override_rlimit logic
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-670
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50274
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327175
Bugzilla Description:
kernel: idpf: avoid vport access in idpf_get_link_ksettings
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50292
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327176
Bugzilla Description:
kernel: ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50269
Severity: important
Released on: 19/11/2024
Advisory:
Bugzilla: 2327177
Bugzilla Description:
kernel: usb: musb: sunxi: Fix accessing an released usb phy
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50277
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327178
Bugzilla Description:
kernel: dm: fix a crash if blk_alloc_disk fails
CVSS Score:
CVSSv3 Score: 4.1
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50295
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327179
Bugzilla Description:
kernel: net: arc: fix the device for dma_map_single/dma_unmap_single
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50265
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327180
Bugzilla Description:
kernel: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50288
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327181
Bugzilla Description:
kernel: media: vivid: fix buffer overwrite when using > 32 buffers
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50278
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327182
Bugzilla Description:
kernel: dm cache: fix potential out-of-bounds access on the first resume
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50280
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327183
Bugzilla Description:
kernel: dm cache: fix flushing uninitialized delayed_work on cache_ctr error
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-667
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50276
Severity: important
Released on: 19/11/2024
Advisory:
Bugzilla: 2327184
Bugzilla Description:
kernel: net: vertexcom: mse102x: Fix possible double free of TX skb
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-415
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50289
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327185
Bugzilla Description:
kernel: media: av7110: fix a spectre vulnerability
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50286
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327186
Bugzilla Description:
kernel: ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50284
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327187
Bugzilla Description:
kernel: ksmbd: Fix the missing xa_store error check
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-390
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50301
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327188
Bugzilla Description:
kernel: security/keys: fix slab-out-of-bounds in key_task_permission
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50272
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327189
Bugzilla Description:
kernel: filemap: Fix bounds checking in filemap_read()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50282
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327190
Bugzilla Description:
kernel: drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50287
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327191
Bugzilla Description:
kernel: media: v4l2-tpg: prevent the risk of a division by zero
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-369
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50293
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327192
Bugzilla Description:
kernel: net/smc: do not leave a dangling sk pointer in __smc_create()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50267
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327193
Bugzilla Description:
kernel: USB: serial: io_edgeport: fix use after free in debug printk
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50299
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327194
Bugzilla Description:
kernel: sctp: properly validate chunk size in sctp_sf_ootb()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50283
Severity: important
Released on: 19/11/2024
Advisory:
Bugzilla: 2327195
Bugzilla Description:
kernel: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50291
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327196
Bugzilla Description:
kernel: media: dvb-core: add missing buffer index check
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-129
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50266
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327197
Bugzilla Description:
kernel: clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50275
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327198
Bugzilla Description:
kernel: arm64/sve: Discard stale CPU state when handling SVE traps
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-99
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50268
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327199
Bugzilla Description:
kernel: usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50300
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327200
Bugzilla Description:
kernel: regulator: rtq2208: Fix uninitialized use of regulator_config
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50296
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327201
Bugzilla Description:
kernel: net: hns3: fix kernel crash when uninstalling driver
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50298
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327202
Bugzilla Description:
kernel: net: enetc: allocate vf_state during PF probes
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50294
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327203
Bugzilla Description:
kernel: rxrpc: Fix missing locking causing hanging calls
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50270
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327204
Bugzilla Description:
kernel: mm/damon/core: avoid overflow in damon_feed_loop_next_input()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50273
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327205
Bugzilla Description:
kernel: btrfs: reinitialize delayed ref list after deleting it from the list
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50281
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327206
Bugzilla Description:
kernel: KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53088
Severity: moderate
Released on: 19/11/2024
Advisory: RHSA-2025:0066, RHSA-2025:0065, RHSA-2025:0057,
Bugzilla: 2327328
Bugzilla Description:
kernel: i40e: fix race condition by adding filter's intermediate sync state
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-362
Affected Packages: kernel-rt-0:4.18.0-553.34.1.rt7.375.el8_10,kernel-0:4.18.0-553.34.1.el8_10,kernel-0:5.14.0-427.50.1.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53056
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327330
Bugzilla Description:
kernel: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53086
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327331
Bugzilla Description:
kernel: drm/xe: Drop VM dma-resv lock on xe_sync_in_fence_get failure in exec IOCTL
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-667
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53070
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327332
Bugzilla Description:
kernel: usb: dwc3: fix fault at system suspend if device was already runtime suspended
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53069
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327334
Bugzilla Description:
kernel: firmware: qcom: scm: fix a NULL-pointer dereference
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53060
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327335
Bugzilla Description:
kernel: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53065
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327336
Bugzilla Description:
kernel: mm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53079
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327337
Bugzilla Description:
kernel: mm/thp: fix deferred split unqueue naming and locking
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-667
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53082
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327338
Bugzilla Description:
kernel: virtio_net: Add hash_key_length check
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53077
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327339
Bugzilla Description:
kernel: rpcrdma: Always release the rpcrdma_device's xa_array
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53068
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327340
Bugzilla Description:
kernel: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53058
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327341
Bugzilla Description:
kernel: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53042
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327343
Bugzilla Description:
kernel: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53057
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327344
Bugzilla Description:
kernel: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53046
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327345
Bugzilla Description:
kernel: arm64: dts: imx8ulp: correct the flexspi compatible string
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53081
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327346
Bugzilla Description:
kernel: media: ar0521: don't overflow when checking PLL values
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53064
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327347
Bugzilla Description:
kernel: idpf: fix idpf_vc_core_init error path
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53055
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327349
Bugzilla Description:
kernel: wifi: iwlwifi: mvm: fix 6 GHz scan construction
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53073
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327350
Bugzilla Description:
kernel: NFSD: Never decrement pending_async_copies on error
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53076
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327351
Bugzilla Description:
kernel: iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53053
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327352
Bugzilla Description:
kernel: scsi: ufs: core: Fix another deadlock during RTC update
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-667
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53045
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327353
Bugzilla Description:
kernel: ASoC: dapm: fix bounds checker error in dapm_widget_list_create
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50303
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327354
Bugzilla Description:
kernel: resource,kexec: walk_system_ram_res_rev must retain resource flags
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53048
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327357
Bugzilla Description:
kernel: ice: fix crash on probe for DPLL enabled E810 LOM
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53085
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327358
Bugzilla Description:
kernel: tpm: Lock TPM chip in tpm_pm_suspend() first
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-667
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53067
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327360
Bugzilla Description:
kernel: scsi: ufs: core: Start the RTC update work later
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50304
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327361
Bugzilla Description:
kernel: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53050
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327362
Bugzilla Description:
kernel: drm/i915/hdcp: Add encoder check in hdcp2_get_capability
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53087
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327363
Bugzilla Description:
kernel: drm/xe: Fix possible exec queue leak in exec IOCTL
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53054
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327364
Bugzilla Description:
kernel: cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53051
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327365
Bugzilla Description:
kernel: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53080
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327366
Bugzilla Description:
kernel: drm/panthor: Lock XArray when getting entries for the VM
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-667
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53083
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327367
Bugzilla Description:
kernel: usb: typec: qcom-pmic: init value of hdr_len/txbuf_len earlier
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53047
Severity: low
Released on: 19/11/2024
Advisory:
Bugzilla: 2327369
Bugzilla Description:
kernel: mptcp: init: protect sched with rcu_read_lock
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-667
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53072
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327370
Bugzilla Description:
kernel: platform/x86/amd/pmc: Detect when STB is not available
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53066
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327371
Bugzilla Description:
kernel: nfs: Fix KMSAN warning in decode_getfattr_attrs()
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53049
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327372
Bugzilla Description:
kernel: slub/kunit: fix a WARNING due to unwrapped __kmalloc_cache_noprof
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53074
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327373
Bugzilla Description:
kernel: wifi: iwlwifi: mvm: don't leak a link on AP removal
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53052
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327374
Bugzilla Description:
kernel: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-667
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53071
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327375
Bugzilla Description:
kernel: drm/panthor: Be stricter about IO mapping flags
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53078
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327376
Bugzilla Description:
kernel: drm/tegra: Fix NULL vs IS_ERR() check in probe()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53043
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327377
Bugzilla Description:
kernel: mctp i2c: handle NULL header address
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53062
Severity: important
Released on: 19/11/2024
Advisory:
Bugzilla: 2327378
Bugzilla Description:
kernel: media: mgb4: protect driver against spectre
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-129
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53084
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327380
Bugzilla Description:
kernel: drm/imagination: Break an object reference loop
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53044
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327381
Bugzilla Description:
kernel: net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53059
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327383
Bugzilla Description:
kernel: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53063
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327384
Bugzilla Description:
kernel: media: dvbdev: prevent the risk of out of memory access
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-755
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53061
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327385
Bugzilla Description:
kernel: media: s5p-jpeg: prevent buffer overflows
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-53075
Severity: moderate
Released on: 19/11/2024
Advisory:
Bugzilla: 2327386
Bugzilla Description:
kernel: riscv: Prevent a bad reference count on CPU nodes
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-44308
Severity: important
Released on: 19/11/2024
Advisory:
Bugzilla: 2327931
Bugzilla Description:
webkitgtk: javascriptcore: processing maliciously crafted web content may lead to arbitrary code execution
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-52587
Severity: low
Released on: 18/11/2024
Advisory:
Bugzilla: 2327147
Bugzilla Description:
harden-runner: Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts`
CVSS Score:
CVSSv3 Score: 3.9
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat Trusted Artifact Signer,
Full Details
CVE document
CVE-2024-52304
Severity: moderate
Released on: 18/11/2024
Advisory: RHSA-2024:11574, RHSA-2024:10766,
Bugzilla: 2327130
Bugzilla Description:
aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-444
Affected Packages: automation-controller-0:4.6.3-1.el9ap,automation-controller-0:4.6.3-1.el8ap,python-aiohttp-0:3.10.11-1.el8pc,python-aiohttp-0:3.10.11-1.el9pc,
Package States: OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Update Infrastructure 4 for Cloud Providers,
Full Details
CVE document
CVE-2024-52303
Severity: important
Released on: 18/11/2024
Advisory:
Bugzilla: 2327123
Bugzilla Description:
aiohttp: aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Update Infrastructure 4 for Cloud Providers,
Full Details
CVE document
CVE-2024-52318
Severity: moderate
Released on: 18/11/2024
Advisory:
Bugzilla: 2326985
Bugzilla Description:
tomcat: incorrect JSP tag recycling leads to XSS
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-52317
Severity: important
Released on: 18/11/2024
Advisory:
Bugzilla: 2326973
Bugzilla Description:
tomcat: Apache Tomcat: Request/response mix-up with HTTP/2
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-326
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-52316
Severity: low
Released on: 18/11/2024
Advisory:
Bugzilla: 2326972
Bugzilla Description:
tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-391
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-38828
Severity: moderate
Released on: 18/11/2024
Advisory:
Bugzilla: 2326889
Bugzilla Description:
org.springframework:spring-webmvc: DoS via Spring MVC controller method with byte[] parameter
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-20
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Single Sign-On 7,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-52522
Severity: moderate
Released on: 15/11/2024
Advisory:
Bugzilla: 2326544
Bugzilla Description:
rclone: librclone: improper permission and ownership handling on symlink targets with --links and --metadata
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: (CWE-281|CWE-59|CWE-61)
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,
Full Details
CVE document
CVE-2019-12900
Severity: moderate
Released on: 15/11/2024
Advisory: RHSA-2024:10803, RHSA-2024:8922,
Bugzilla: 2332075
Bugzilla Description:
bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-1214
Affected Packages: bzip2-0:1.0.8-8.el9_4.1,bzip2-0:1.0.6-27.el8_10,
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-52615
Severity: moderate
Released on: 15/11/2024
Advisory:
Bugzilla: 2326418
Bugzilla Description:
avahi: Avahi Wide-Area DNS Uses Constant Source Port
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-330
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-52616
Severity: moderate
Released on: 15/11/2024
Advisory:
Bugzilla: 2326429
Bugzilla Description:
avahi: Avahi Wide-Area DNS Predictable Transaction IDs
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-334
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-1682
Severity: moderate
Released on: 14/11/2024
Advisory:
Bugzilla: 2326318
Bugzilla Description:
psf/requests: Unclaimed S3 Bucket Reference in psf/requests Documentation
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-840
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,
Full Details
CVE document
CVE-2024-10979
Severity: important
Released on: 14/11/2024
Advisory: RHSA-2024:10595, RHSA-2024:10882, RHSA-2024:10750, RHSA-2024:10785, RHSA-2024:10851, RHSA-2024:10830, RHSA-2024:10831, RHSA-2024:10677, RHSA-2024:10787, RHSA-2024:10832, RHSA-2024:10788, RHSA-2024:10789, RHSA-2024:10800, RHSA-2024:10846, RHSA-2024:10879, RHSA-2024:10736, RHSA-2024:10705, RHSA-2024:10739, RHSA-2024:10827, RHSA-2024:10807, RHSA-2024:10791, RHSA-2024:10593,
Bugzilla: 2326253
Bugzilla Description:
postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-15
Affected Packages: postgresql:15-9050020241122141928.rhel9,postgresql:15-9020020241122142614.rhel9,postgresql:16-9040020241125115314.rhel9,postgresql:15-9040020241121160342.rhel9,postgresql:16-9050020241122142517.rhel9,postgresql:13-8100020241122084628.489197e6,postgresql:16-8100020241122085009.489197e6,postgresql:12-8080020241128093923.63b34585,postgresql-0:9.2.24-9.el7_9.2,postgresql:13-8040020241127111253.522a0ee4,postgresql:15-8100020241122084744.489197e6,postgresql:12-8040020241129070850.522a0ee4,postgresql:12-8020020241126122642.4cda2c84,postgresql:12-8060020241128124027.ad008a3a,postgresql:13-8060020241128071428.ad008a3a,postgresql-0:13.18-1.el9_4,postgresql:15-8080020241201160004.63b34585,postgresql-0:13.18-1.el9_5,postgresql-0:13.18-1.el9_0,postgresql-0:13.18-1.el9_2,postgresql:12-8100020241122084405.489197e6,postgresql:13-8080020241201154729.63b34585,
Package States: Red Hat Enterprise Linux 6,
Full Details
CVE document
CVE-2024-10978
Severity: moderate
Released on: 14/11/2024
Advisory: RHSA-2024:10785, RHSA-2024:10830, RHSA-2024:10831, RHSA-2024:10787, RHSA-2024:10832, RHSA-2024:10788, RHSA-2024:10791,
Bugzilla: 2326251
Bugzilla Description:
postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-266
Affected Packages: postgresql:15-8100020241122084744.489197e6,postgresql:15-9050020241122141928.rhel9,postgresql-0:13.18-1.el9_5,postgresql:16-9050020241122142517.rhel9,postgresql:13-8100020241122084628.489197e6,postgresql:16-8100020241122085009.489197e6,postgresql:12-8100020241122084405.489197e6,
Package States: Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-10977
Severity: low
Released on: 14/11/2024
Advisory:
Bugzilla: 2326258
Bugzilla Description:
postgresql: PostgreSQL libpq retains an error message from man-in-the-middle
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-348
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10976
Severity: moderate
Released on: 14/11/2024
Advisory: RHSA-2024:10785, RHSA-2024:10830, RHSA-2024:10831, RHSA-2024:10787, RHSA-2024:10832, RHSA-2024:10788, RHSA-2024:10791,
Bugzilla: 2326263
Bugzilla Description:
postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-1250
Affected Packages: postgresql:15-8100020241122084744.489197e6,postgresql:15-9050020241122141928.rhel9,postgresql-0:13.18-1.el9_5,postgresql:16-9050020241122142517.rhel9,postgresql:13-8100020241122084628.489197e6,postgresql:16-8100020241122085009.489197e6,postgresql:12-8100020241122084405.489197e6,
Package States: Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-9476
Severity: moderate
Released on: 14/11/2024
Advisory:
Bugzilla: 2322639
Bugzilla Description:
grafana: Privilege escalation vulnerability in Grafana Migration Assistance
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Storage 3,
Full Details
CVE document
CVE-2024-11217
Severity: low
Released on: 14/11/2024
Advisory:
Bugzilla: 2326230
Bugzilla Description:
oauth-server-container: oauth-server-container logs client secret in debug level
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-1295
Affected Packages:
Package States: Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-52551
Severity: important
Released on: 13/11/2024
Advisory:
Bugzilla: 2326047
Bugzilla Description:
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
CVSS Score:
CVSSv3 Score: 8.0
Vector:
CWE: CWE-862
Affected Packages:
Package States: OpenShift Developer Tools and Services,
Full Details
CVE document
CVE-2024-52549
Severity: moderate
Released on: 13/11/2024
Advisory:
Bugzilla: 2326034
Bugzilla Description:
jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-862
Affected Packages:
Package States: OpenShift Developer Tools and Services,
Full Details
CVE document
CVE-2024-52550
Severity: important
Released on: 13/11/2024
Advisory:
Bugzilla: 2326043
Bugzilla Description:
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
CVSS Score:
CVSSv3 Score: 8.0
Vector:
CWE: CWE-862
Affected Packages:
Package States: OpenShift Developer Tools and Services,
Full Details
CVE document
CVE-2024-49504
Severity: important
Released on: 13/11/2024
Advisory:
Bugzilla: 2325913
Bugzilla Description:
grub2: grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images
CVSS Score:
CVSSv3 Score: 8.4
Vector:
CWE: CWE-276
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-11159
Severity: important
Released on: 13/11/2024
Advisory: RHSA-2024:10710, RHSA-2024:10733, RHSA-2024:10667, RHSA-2024:10734, RHSA-2024:10703, RHSA-2024:10704, RHSA-2024:10748, RHSA-2024:10591, RHSA-2024:10592,
Bugzilla: 2325896
Bugzilla Description:
thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-200
Affected Packages: thunderbird-0:128.5.0-1.el8_6,thunderbird-0:128.5.0-1.el9_5,thunderbird-0:128.5.0-1.el9_4,thunderbird-0:128.5.0-1.el8_4,thunderbird-0:128.5.0-1.el9_2,thunderbird-0:128.5.0-1.el8_8,thunderbird-0:128.5.0-1.el8_10,thunderbird-0:128.5.0-1.el8_2,thunderbird-0:128.5.0-1.el9_0,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11168
Severity: moderate
Released on: 12/11/2024
Advisory: RHSA-2024:10983, RHSA-2024:10779,
Bugzilla: 2325776
Bugzilla Description:
python: Improper validation of IPv6 and IPvFuture addresses
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-1287
Affected Packages: python3.9-0:3.9.21-1.el9_5,python3-0:3.6.8-69.el8_10,
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47535
Severity: moderate
Released on: 12/11/2024
Advisory:
Bugzilla: 2325538
Bugzilla Description:
netty: Denial of Service attack on windows app using Netty
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-400
Affected Packages:
Package States: A-MQ Clients 2,Logging Subsystem for Red Hat OpenShift,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2024-43498
Severity: important
Released on: 12/11/2024
Advisory: RHSA-2024:9543,
Bugzilla: 2323239
Bugzilla Description:
dotnet: Type confusion vulnerability leads to AV in .NET Core NrbfDecoder component
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-704
Affected Packages: dotnet9.0-0:9.0.100-1.el9_5,
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-43499
Severity: important
Released on: 12/11/2024
Advisory: RHSA-2024:9543,
Bugzilla: 2323240
Bugzilla Description:
dotnet: .NET Core - DoS - (unbounded work factor) in NrbfDecoder component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: dotnet9.0-0:9.0.100-1.el9_5,
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-11079
Severity: moderate
Released on: 11/11/2024
Advisory: RHSA-2024:11145, RHSA-2024:10770,
Bugzilla: 2325171
Bugzilla Description:
ansible-core: Unsafe Tagging Bypass via hostvars Object in Ansible-Core
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-20
Affected Packages: ansible-automation-platform/ansible-builder-rhel8:1.2.0-93,ansible-automation-platform/ee-29-rhel8:2.9.27-34,ansible-automation-platform/ansible-builder-rhel9:3.0.1-108,ansible-automation-platform/ee-minimal-rhel9:2.18.1-2,ansible-automation-platform/ee-minimal-rhel8:2.13.10-36,ansible-core-1:2.16.14-1.el9ap,ansible-core-1:2.16.14-1.el8ap,
Package States: Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),
Full Details
CVE document
CVE-2024-50263
Severity: moderate
Released on: 11/11/2024
Advisory:
Bugzilla: 2325208
Bugzilla Description:
kernel: fork: only invoke khugepaged, ksm hooks if no error
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-52532
Severity: moderate
Released on: 11/11/2024
Advisory: RHSA-2024:9573, RHSA-2024:9559,
Bugzilla: 2325276
Bugzilla Description:
libsoup: infinite loop while reading websocket data
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-835
Affected Packages: libsoup-0:2.62.3-6.el8_10,libsoup-0:2.72.0-8.el9_5.2,
Package States: Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-52531
Severity: low
Released on: 11/11/2024
Advisory:
Bugzilla: 2325277
Bugzilla Description:
libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-52530
Severity: important
Released on: 11/11/2024
Advisory: RHSA-2024:9501, RHSA-2024:9654, RHSA-2024:9566, RHSA-2024:9525, RHSA-2024:9524, RHSA-2024:9573, RHSA-2024:9576, RHSA-2024:9570, RHSA-2024:9572, RHSA-2024:9559,
Bugzilla: 2325284
Bugzilla Description:
libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-444
Affected Packages: libsoup-0:2.72.0-8.el9_0.1,libsoup-0:2.62.3-2.el8_6.1,libsoup-0:2.62.3-2.el8_4.1,libsoup-0:2.62.3-6.el8_10,libsoup-0:2.72.0-8.el9_5.2,libsoup-0:2.62.2-3.el7_9,libsoup-0:2.72.0-8.el9_4.1,libsoup-0:2.62.3-1.el8_2.1,libsoup-0:2.62.3-3.el8_8.1,libsoup-0:2.72.0-8.el9_2.1,
Package States: Red Hat Enterprise Linux 6,
Full Details
CVE document
CVE-2024-49393
Severity: moderate
Released on: 11/11/2024
Advisory:
Bugzilla: 2325317
Bugzilla Description:
mutt: neomutt: To and Cc email header fields are not protected by cryptographic signing
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-347
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-49394
Severity: low
Released on: 11/11/2024
Advisory:
Bugzilla: 2325330
Bugzilla Description:
mutt: neomutt: In-Reply-To email header field it not protected by cryptograpic signing
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-347
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-49395
Severity: low
Released on: 11/11/2024
Advisory:
Bugzilla: 2325332
Bugzilla Description:
mutt: neomutt: Bcc email header field is indirectly leaked by cryptographic info block
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-1230
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-52533
Severity: moderate
Released on: 11/11/2024
Advisory:
Bugzilla: 2325340
Bugzilla Description:
glib: buffer overflow in set_connect_msg()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-46952
Severity: moderate
Released on: 10/11/2024
Advisory:
Bugzilla: 2325041
Bugzilla Description:
ghostscript: Buffer Overflow in Ghostscript PDF XRef Stream Handling
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-46955
Severity: moderate
Released on: 10/11/2024
Advisory:
Bugzilla: 2325042
Bugzilla Description:
ghostscript: Out-of-Bounds Read in Ghostscript Indexed Color Space
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-46951
Severity: moderate
Released on: 10/11/2024
Advisory:
Bugzilla: 2325043
Bugzilla Description:
ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-46954
Severity: moderate
Released on: 10/11/2024
Advisory:
Bugzilla: 2325044
Bugzilla Description:
ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-46953
Severity: moderate
Released on: 10/11/2024
Advisory:
Bugzilla: 2325045
Bugzilla Description:
ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-46956
Severity: moderate
Released on: 10/11/2024
Advisory:
Bugzilla: 2325047
Bugzilla Description:
ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50220
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324851
Bugzilla Description:
kernel: fork: do not invoke uffd on fork if error occurs
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50227
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324852
Bugzilla Description:
kernel: thunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan()
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50236
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324853
Bugzilla Description:
kernel: wifi: ath10k: Fix memory leak in management tx
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50244
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324854
Bugzilla Description:
kernel: fs/ntfs3: Additional check in ni_clear()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50239
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324855
Bugzilla Description:
kernel: phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50260
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324856
Bugzilla Description:
kernel: sock_map: fix a NULL pointer dereference in sock_map_link_update_prog()
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50229
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324857
Bugzilla Description:
kernel: nilfs2: fix potential deadlock with newly created symlinks
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-667
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50250
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324858
Bugzilla Description:
kernel: fsdax: dax_unshare_iter needs to copy entire blocks
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50248
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324859
Bugzilla Description:
kernel: ntfs3: Add bounds checking to mi_enum_attr()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50243
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324860
Bugzilla Description:
kernel: fs/ntfs3: Fix general protection fault in run_is_mapped_full
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50257
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324861
Bugzilla Description:
kernel: netfilter: Fix use-after-free in get_info()
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50218
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324862
Bugzilla Description:
kernel: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50222
Severity: important
Released on: 09/11/2024
Advisory:
Bugzilla: 2324863
Bugzilla Description:
kernel: iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-758
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50230
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324864
Bugzilla Description:
kernel: nilfs2: fix kernel bug due to missing clearing of checked flag
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50219
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324865
Bugzilla Description:
kernel: mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50217
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324866
Bugzilla Description:
kernel: btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50255
Severity: moderate
Released on: 09/11/2024
Advisory: RHSA-2024:11486,
Bugzilla: 2324867
Bugzilla Description:
kernel: Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages: kernel-0:5.14.0-503.19.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50223
Severity: moderate
Released on: 09/11/2024
Advisory: RHSA-2024:11486,
Bugzilla: 2324868
Bugzilla Description:
kernel: sched/numa: Fix the potential null pointer dereference in task_numa_work()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages: kernel-0:5.14.0-503.19.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50228
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324869
Bugzilla Description:
kernel: mm: shmem: fix data-race in shmem_getattr()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50233
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324870
Bugzilla Description:
kernel: staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-369
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50224
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324871
Bugzilla Description:
kernel: spi: spi-fsl-dspi: Fix crash when not using GPIO chip select
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50249
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324872
Bugzilla Description:
kernel: ACPI: CPPC: Make rmw_lock a raw_spin_lock
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50241
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324873
Bugzilla Description:
kernel: NFSD: Initialize struct nfsd4_copy earlier
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50235
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324874
Bugzilla Description:
kernel: wifi: cfg80211: clear wdev->cqm_config pointer on free
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-415
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50215
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324875
Bugzilla Description:
kernel: nvmet-auth: assign dh_key to NULL after kfree_sensitive
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-415
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50226
Severity: moderate
Released on: 09/11/2024
Advisory: RHSA-2024:10274,
Bugzilla: 2324876
Bugzilla Description:
kernel: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-416
Affected Packages: kernel-0:5.14.0-503.15.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50212
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324877
Bugzilla Description:
kernel: lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50245
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324878
Bugzilla Description:
kernel: fs/ntfs3: Fix possible deadlock in mi_read
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50258
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324879
Bugzilla Description:
kernel: net: fix crash when config small gso_max_size/gso_ipv4_max_size
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50232
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324880
Bugzilla Description:
kernel: iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-369
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50240
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324881
Bugzilla Description:
kernel: phy: qcom: qmp-usb: fix NULL-deref on runtime suspend
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50253
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324882
Bugzilla Description:
kernel: bpf: Check the validity of nr_words in bpf_iter_bits_new()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50254
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324883
Bugzilla Description:
kernel: bpf: Free dynamically allocated bits in bpf_iter_bits_destroy()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50242
Severity: important
Released on: 09/11/2024
Advisory:
Bugzilla: 2324884
Bugzilla Description:
kernel: fs/ntfs3: Additional check in ntfs_file_release
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-99
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50225
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324885
Bugzilla Description:
kernel: btrfs: fix error propagation of split bios
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50251
Severity: moderate
Released on: 09/11/2024
Advisory: RHSA-2024:10939,
Bugzilla: 2324886
Bugzilla Description:
kernel: netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages: kernel-0:5.14.0-503.16.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50246
Severity: important
Released on: 09/11/2024
Advisory:
Bugzilla: 2324887
Bugzilla Description:
kernel: fs/ntfs3: Add rough attr alloc_size check
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50247
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324888
Bugzilla Description:
kernel: fs/ntfs3: Check if more than chunk-size bytes are written
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50256
Severity: moderate
Released on: 09/11/2024
Advisory: RHSA-2024:10943, RHSA-2024:10944,
Bugzilla: 2324889
Bugzilla Description:
kernel: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages: kernel-0:4.18.0-553.32.1.el8_10,kernel-rt-0:4.18.0-553.32.1.rt7.373.el8_10,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50234
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324890
Bugzilla Description:
kernel: wifi: iwlegacy: Clear stale interrupts before resuming device
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50213
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324891
Bugzilla Description:
kernel: drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50262
Severity: moderate
Released on: 09/11/2024
Advisory: RHSA-2024:11486, RHSA-2024:10942,
Bugzilla: 2324892
Bugzilla Description:
kernel: bpf: Fix out-of-bounds write in trie_get_next_key()
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-787
Affected Packages: kernel-0:5.14.0-427.48.1.el9_4,kernel-0:5.14.0-503.19.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50214
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324893
Bugzilla Description:
kernel: drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50259
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324894
Bugzilla Description:
kernel: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50221
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324895
Bugzilla Description:
kernel: drm/amd/pm: Vangogh: Fix kernel memory out of bounds write
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50231
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324896
Bugzilla Description:
kernel: iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50237
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324897
Bugzilla Description:
kernel: wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50252
Severity: low
Released on: 09/11/2024
Advisory: RHSA-2025:0059,
Bugzilla: 2324898
Bugzilla Description:
kernel: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages: kernel-0:5.14.0-503.21.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50216
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324899
Bugzilla Description:
kernel: xfs: fix finding a last resort AG in xfs_filestream_pick_ag
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50238
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324900
Bugzilla Description:
kernel: phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50261
Severity: moderate
Released on: 09/11/2024
Advisory:
Bugzilla: 2324901
Bugzilla Description:
kernel: macsec: Fix use-after-free while sending the offloading packet
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-52007
Severity: important
Released on: 08/11/2024
Advisory: RHSA-2024:9806,
Bugzilla: 2324794
Bugzilla Description:
org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.core: XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
CVSS Score:
CVSSv3 Score: 8.6
Vector:
CWE: CWE-611
Affected Packages: ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may,ca.uhn.hapi.fhir/org.hl7.fhir.r4,ca.uhn.hapi.fhir/org.hl7.fhir.r5,ca.uhn.hapi.fhir/org.hl7.fhir.dstu3,ca.uhn.hapi.fhir/org.hl7.fhir.utilities,
Package States: Red Hat build of Apache Camel for Spring Boot 3,Red Hat build of Apache Camel for Spring Boot 3,Red Hat build of Apache Camel for Spring Boot 3,Red Hat build of Apache Camel for Spring Boot 3,Red Hat build of Apache Camel for Spring Boot 3,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Integration Camel K,Red Hat Integration Camel K,Red Hat Integration Camel K,
Full Details
CVE document
CVE-2024-10220
Severity: important
Released on: 08/11/2024
Advisory:
Bugzilla: 2323060
Bugzilla Description:
kubernetes: Arbitrary command execution through gitRepo volume
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-653
Affected Packages:
Package States: Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Discovery,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-21538
Severity: low
Released on: 08/11/2024
Advisory: RHSA-2024:11255, RHSA-2024:11256, RHSA-2024:10665, RHSA-2024:10986, RHSA-2024:10823, RHSA-2024:10518, RHSA-2025:0079, RHSA-2024:10839, RHSA-2024:10907, RHSA-2024:10908, RHSA-2025:0164, RHSA-2025:0082, RHSA-2024:11292, RHSA-2024:11031, RHSA-2024:10186,
Bugzilla: 2324550
Bugzilla Description:
cross-spawn: regular expression denial of service
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-1333
Affected Packages: openshift-service-mesh/ratelimit-rhel8:2.4.13-2,openshift-service-mesh/kiali-rhel8:1.65.18-1,openshift4/ose-monitoring-plugin-rhel8:v4.14.0-202412040905.p0.g4fa7043.assembly.stream.el8,odf4/mcg-core-rhel9:v4.17.1-2,openshift-service-mesh/kiali-rhel8:1.73.17-1,odf4/ocs-client-console-rhel9:v4.17.2-1,openshift-service-mesh/proxyv2-rhel8:2.4.13-4,openshift-service-mesh/proxyv2-rhel8:2.5.7-5,openshift-service-mesh/ratelimit-rhel8:2.5.7-3,odf4/mcg-core-rhel9:v4.16.4-2,openshift-service-mesh/grafana-rhel8:2.4.13-2,odf4/odf-multicluster-console-rhel9:v4.16.5-2,openshift-service-mesh/grafana-rhel8:2.5.7-2,odf4/mcg-core-rhel9:v4.15.9-1,openshift-service-mesh/pilot-rhel8:2.4.13-2,rhtpa-guac-rhel9,odf4/odf-multicluster-console-rhel9:v4.17.2-1,advanced-cluster-security/rhacs-main-rhel8:4.5.5-3,openshift-service-mesh/kiali-ossmc-rhel8:1.73.16-2,openshift-service-mesh/istio-cni-rhel8:2.5.7-3,openshift4/ose-monitoring-plugin-rhel8:v4.15.0-202412041605.p0.g1217bc1.assembly.stream.el8,openshift-service-mesh/pilot-rhel8:2.5.7-2,odf4/odf-console-rhel9:v4.16.5-2,openshift4/ose-monitoring-plugin-rhel9:v4.17.0-202411261404.p0.gad057d3.assembly.stream.el9,rhtpa-trustification-service-rhel9,openshift-service-mesh/istio-cni-rhel8:2.4.13-2,advanced-cluster-security/rhacs-main-rhel8:4.4.7-2,openshift4/ose-networking-console-plugin-rhel9:v4.17.0-202411261204.p0.gfa9e6b0.assembly.stream.el9,openshift4/ose-monitoring-plugin-rhel9:v4.16.0-202412040032.p0.g6cfc2c8.assembly.stream.el9,odf4/ocs-client-console-rhel9:v4.16.5-2,odf4/odf-console-rhel9:v4.17.2-1,
Package States: Cryostat 3,Migration Toolkit for Applications 7,Migration Toolkit for Applications 7,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Network Observability Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO,Red Hat build of Apicurio Registry,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat Connectivity Link,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Integration Camel K,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2024-50191
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324548
Bugzilla Description:
kernel: ext4: don't set SB_RDONLY after filesystem errors
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50195
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324549
Bugzilla Description:
kernel: posix-clock: Fix missing timespec64 check in pc_clock_settime()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-754
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50174
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324552
Bugzilla Description:
kernel: drm/panthor: Fix race when converting group handle to group object
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50184
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324557
Bugzilla Description:
kernel: virtio_pmem: Check device status before requesting flush
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-754
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50179
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324558
Bugzilla Description:
kernel: ceph: remove the incorrect Fw reference check when dirtying pages
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50193
Severity: important
Released on: 08/11/2024
Advisory:
Bugzilla: 2324559
Bugzilla Description:
kernel: x86/entry_32: Clear CPU buffers after register restore in NMI return
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-665
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50196
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324563
Bugzilla Description:
kernel: pinctrl: ocelot: fix system hang on level based interrupts
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-754
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50200
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324566
Bugzilla Description:
kernel: maple_tree: correct tree corruption on spanning store
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50188
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324568
Bugzilla Description:
kernel: net: phy: dp83869: fix memory corruption when enabling fiber
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50187
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324569
Bugzilla Description:
kernel: drm/vc4: Stop the active perfmon before being destroyed
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50197
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324578
Bugzilla Description:
kernel: pinctrl: intel: platform: fix error path in device_for_each_child_node()
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50183
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324580
Bugzilla Description:
kernel: scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance
CVSS Score:
CVSSv3 Score: 4.1
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50178
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324582
Bugzilla Description:
kernel: cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50210
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324583
Bugzilla Description:
kernel: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-667
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50206
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324584
Bugzilla Description:
kernel: net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50176
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324591
Bugzilla Description:
kernel: remoteproc: k3-r5: Fix error handling when power-up failed
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-755
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50211
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324597
Bugzilla Description:
kernel: udf: refactor inode_bmap() to handle error
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50186
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324599
Bugzilla Description:
kernel: net: explicitly clear the sk pointer, when pf->create fails
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50198
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324600
Bugzilla Description:
kernel: iio: light: veml6030: fix IIO device retrieval from embedded device
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50202
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324602
Bugzilla Description:
kernel: nilfs2: propagate directory read errors from nilfs_find_entry()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-755
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50190
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324607
Bugzilla Description:
kernel: ice: fix memleak in ice_init_tx_topology()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50204
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324608
Bugzilla Description:
kernel: fs: don't try and remove empty rbtree node
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50189
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324610
Bugzilla Description:
kernel: HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50208
Severity: moderate
Released on: 08/11/2024
Advisory: RHSA-2025:0059,
Bugzilla: 2324611
Bugzilla Description:
kernel: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages: kernel-0:5.14.0-503.21.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50192
Severity: moderate
Released on: 08/11/2024
Advisory: RHSA-2024:11486, RHSA-2024:10943, RHSA-2024:10944,
Bugzilla: 2324612
Bugzilla Description:
kernel: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages: kernel-0:4.18.0-553.32.1.el8_10,kernel-rt-0:4.18.0-553.32.1.rt7.373.el8_10,kernel-0:5.14.0-503.19.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50177
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324613
Bugzilla Description:
kernel: drm/amd/display: fix a UBSAN warning in DML2.1
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50203
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324615
Bugzilla Description:
kernel: bpf, arm64: Fix address emission with tag-based KASAN enabled
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50201
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324617
Bugzilla Description:
kernel: drm/radeon: Fix encoder->possible_clones
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50207
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324623
Bugzilla Description:
kernel: ring-buffer: Fix reader locking when changing the sub buffer order
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-667
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50173
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324625
Bugzilla Description:
kernel: drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50205
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324626
Bugzilla Description:
kernel: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-369
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50175
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324628
Bugzilla Description:
kernel: media: qcom: camss: Remove use_count guard in stop_streaming
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50181
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324631
Bugzilla Description:
kernel: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50180
Severity: important
Released on: 08/11/2024
Advisory:
Bugzilla: 2324637
Bugzilla Description:
kernel: fbdev: sisfb: Fix strbuf array overflow
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50194
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324643
Bugzilla Description:
kernel: arm64: probes: Fix uprobes for big-endian kernels
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50199
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324645
Bugzilla Description:
kernel: mm/swapfile: skip HugeTLB pages for unuse_vma
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50185
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324649
Bugzilla Description:
kernel: mptcp: handle consistently DSS corruption
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50182
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324650
Bugzilla Description:
kernel: secretmem: disable memfd_secret() if arch cannot set direct map
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50209
Severity: moderate
Released on: 08/11/2024
Advisory:
Bugzilla: 2324651
Bugzilla Description:
kernel: RDMA/bnxt_re: Add a check for memory allocation
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-47072
Severity: important
Released on: 07/11/2024
Advisory: RHSA-2024:10214,
Bugzilla: 2324606
Bugzilla Description:
com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: (CWE-121|CWE-502)
Affected Packages: com.thoughtworks.xstream/xstream,
Package States: AMQ Clients,A-MQ Clients 2,Cryostat 3,Logging Subsystem for Red Hat OpenShift,OpenShift Developer Tools and Services,Red Hat build of Apache Camel for Quarkus,Red Hat build of Apache Camel for Spring Boot 3,Red Hat build of Apache Camel - HawtIO,Red Hat build of Apicurio Registry,Red Hat build of Debezium,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat build of Quarkus,Red Hat build of Quarkus Native builder,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Single Sign-On 7,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-51504
Severity: important
Released on: 07/11/2024
Advisory:
Bugzilla: 2324330
Bugzilla Description:
org.apache.zookeeper: Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-290
Affected Packages:
Package States: A-MQ Clients 2,Logging Subsystem for Red Hat OpenShift,Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Debezium,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,streams for Apache Kafka,
Full Details
CVE document
CVE-2024-10963
Severity: important
Released on: 07/11/2024
Advisory: RHSA-2024:10232, RHSA-2024:10244, RHSA-2024:10379, RHSA-2024:10528, RHSA-2024:10518,
Bugzilla: 2324291
Bugzilla Description:
pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-287
Affected Packages: rhcos-416.94.202411261619-0,pam-0:1.3.1-36.el8_10,pam-0:1.5.1-23.el9_4,pam-0:1.5.1-22.el9_5,rhcos-417.94.202411261220-0,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-50154
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324313
Bugzilla Description:
kernel: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50142
Severity: moderate
Released on: 07/11/2024
Advisory: RHSA-2024:11486, RHSA-2024:10943, RHSA-2024:10944,
Bugzilla: 2324315
Bugzilla Description:
kernel: xfrm: validate new SA's prefixlen using SA family when sel.family is unset
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages: kernel-0:4.18.0-553.32.1.el8_10,kernel-rt-0:4.18.0-553.32.1.rt7.373.el8_10,kernel-0:5.14.0-503.19.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50159
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324316
Bugzilla Description:
kernel: firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-415
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50162
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324317
Bugzilla Description:
kernel: bpf: devmap: provide rxq after redirect
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50146
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324318
Bugzilla Description:
kernel: net/mlx5e: Don't call cleanup on profile rollback failure
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50165
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324319
Bugzilla Description:
kernel: bpf: Preserve param->string when parsing mount options
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50143
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324320
Bugzilla Description:
kernel: udf: fix uninit-value use in udf_get_fileshortad
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50153
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324321
Bugzilla Description:
kernel: scsi: target: core: Fix null-ptr-deref in target_alloc_device()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50164
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324322
Bugzilla Description:
kernel: bpf: Fix overloading of MEM_UNINIT's meaning
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50170
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324323
Bugzilla Description:
kernel: net: bcmasp: fix potential memory leak in bcmasp_xmit()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50151
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324324
Bugzilla Description:
kernel: smb: client: fix OOBs when building SMB2_IOCTL request
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50163
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324325
Bugzilla Description:
kernel: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50139
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324326
Bugzilla Description:
kernel: KVM: arm64: Fix shift-out-of-bounds bug
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50172
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324327
Bugzilla Description:
kernel: RDMA/bnxt_re: Fix a possible memory leak
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50167
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324328
Bugzilla Description:
kernel: be2net: fix potential memory leak in be_xmit()
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50145
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324329
Bugzilla Description:
kernel: octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50157
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324331
Bugzilla Description:
kernel: RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50148
Severity: moderate
Released on: 07/11/2024
Advisory: RHSA-2024:11486,
Bugzilla: 2324332
Bugzilla Description:
kernel: Bluetooth: bnep: fix wild-memory-access in proto_unregister
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages: kernel-0:5.14.0-503.19.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50140
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324333
Bugzilla Description:
kernel: sched/core: Disable page allocation in task_tick_mm_cid()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-413
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50171
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324334
Bugzilla Description:
kernel: net: systemport: fix potential memory leak in bcm_sysport_xmit()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50158
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324335
Bugzilla Description:
kernel: RDMA/bnxt_re: Fix out of bound check
CVSS Score:
CVSSv3 Score: 6.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50155
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324336
Bugzilla Description:
kernel: netdevsim: use cond_resched() in nsim_dev_trap_report_work()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50149
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324337
Bugzilla Description:
kernel: drm/xe: Don't free job in TDR
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50147
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324338
Bugzilla Description:
kernel: net/mlx5: Fix command bitmask initialization
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10973
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324361
Bugzilla Description:
keycloak: CLI option for encrypted JGroups ignored
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-319
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2024-50169
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324410
Bugzilla Description:
kernel: vsock: Update rx_bytes on read_skb()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-119
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50141
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324413
Bugzilla Description:
kernel: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-99
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50144
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324415
Bugzilla Description:
kernel: drm/xe: fix unbalanced rpm put() with fence_fini()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-664
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50156
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324417
Bugzilla Description:
kernel: drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50150
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324419
Bugzilla Description:
kernel: usb: typec: altmode should keep reference to parent
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50160
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324420
Bugzilla Description:
kernel: ALSA: hda/cs8409: Fix possible NULL dereference
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50168
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324422
Bugzilla Description:
kernel: net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50152
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324423
Bugzilla Description:
kernel: smb: client: fix possible double free in smb2_set_ea()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-415
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50166
Severity: moderate
Released on: 07/11/2024
Advisory:
Bugzilla: 2324426
Bugzilla Description:
kernel: fsl/fman: Fix refcount handling of fman-related devices
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50161
Severity: low
Released on: 07/11/2024
Advisory:
Bugzilla: 2324427
Bugzilla Description:
kernel: bpf: Check the remaining info_cnt before repeating btf fields
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-119
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10941
Severity: low
Released on: 06/11/2024
Advisory:
Bugzilla: 2324251
Bugzilla Description:
firefox: Browser crash from invalid URI
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-51988
Severity: moderate
Released on: 06/11/2024
Advisory:
Bugzilla: 2324418
Bugzilla Description:
rabbitmq: rabbitmq-server: HTTP API's queue deletion endpoint does not verify that the user has a required permission
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-284
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,
Full Details
CVE document
CVE-2024-10318
Severity: moderate
Released on: 06/11/2024
Advisory:
Bugzilla: 2324216
Bugzilla Description:
openidconnect: NGINX OpenID Connect Vulnerability
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-384
Affected Packages:
Package States: Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2024-9902
Severity: moderate
Released on: 06/11/2024
Advisory: RHSA-2024:10762, RHSA-2024:9894, RHSA-2024:8969,
Bugzilla: 2318271
Bugzilla Description:
ansible-core: Ansible-core user may read/write unauthorized content
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-863
Affected Packages: ansible-core-1:2.15.13-1.el9ap,ansible-automation-platform/ansible-builder-rhel9:3.0.1-95,ansible-automation-platform/ee-minimal-rhel8:2.17.6-1,ansible-core-1:2.15.13-1.el8ap,ansible-automation-platform/ee-29-rhel8:2.9.27-32,ansible-automation-platform/ansible-builder-rhel8:3.0.1-96,ansible-automation-platform/ee-minimal-rhel9:2.17.6-2,ansible-core-1:2.16.13-1.el8ap,ansible-core-1:2.16.13-1.el9ap,
Package States: Red Hat OpenStack Platform 17.1,
Full Details
CVE document
CVE-2024-9681
Severity: low
Released on: 06/11/2024
Advisory:
Bugzilla: 2322969
Bugzilla Description:
curl: HSTS subdomain overwrites parent cache entry
CVSS Score:
CVSSv3 Score: 2.5
Vector:
CWE: CWE-1025
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2024-51745
Severity: low
Released on: 05/11/2024
Advisory:
Bugzilla: 2324058
Bugzilla Description:
wasmtime: Wasmtime doesn't fully sandbox all the Windows device filenames
CVSS Score:
Vector:
CWE: (CWE-184|CWE-67)
Affected Packages:
Package States: Migration Toolkit for Virtualization,Red Hat Trusted Artifact Signer,
Full Details
CVE document
CVE-2024-51746
Severity: low
Released on: 05/11/2024
Advisory:
Bugzilla: 2323965
Bugzilla Description:
gitsign: Use of incorrect Rekor entries during verification
CVSS Score:
CVSSv3 Score: 2.5
Vector:
CWE: CWE-706
Affected Packages:
Package States: Red Hat Trusted Artifact Signer,
Full Details
CVE document
CVE-2024-0134
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323971
Bugzilla Description:
nvidia-container-toolkit: specially-crafted container image can lead to the creation of unauthorized files on the host
CVSS Score:
CVSSv3 Score: 4.1
Vector:
CWE: CWE-61
Affected Packages:
Package States: Red Hat Enterprise Linux AI (RHEL AI),
Full Details
CVE document
CVE-2024-50124
Severity: moderate
Released on: 05/11/2024
Advisory: RHSA-2024:11486,
Bugzilla: 2323944
Bugzilla Description:
kernel: Bluetooth: ISO: Fix UAF on iso_sock_timeout
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-416
Affected Packages: kernel-0:5.14.0-503.19.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50118
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323936
Bugzilla Description:
kernel: btrfs: reject ro->rw reconfiguration if there are hard ro requirements
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2023-52920
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323841
Bugzilla Description:
kernel: bpf: support non-r10 register spill/fill to/from stack in precision tracking
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-51132
Severity: critical
Released on: 05/11/2024
Advisory: RHSA-2024:10035, RHSA-2024:9806,
Bugzilla: 2323897
Bugzilla Description:
org.hl7.fhir.convertors: org.hl7.fhir.dstu2: org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.validation: org.hl7.fhir.core: FHIR arbitrary code execution via specially-crafted request
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-611->CWE-601
Affected Packages: ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may,ca.uhn.hapi.fhir/org.hl7.fhir.r4,ca.uhn.hapi.fhir/org.hl7.fhir.r5,ca.uhn.hapi.fhir/org.hl7.fhir.dstu2,ca.uhn.hapi.fhir/org.hl7.fhir.dstu3,ca.uhn.hapi.fhir/org.hl7.fhir.utilities,ca.uhn.hapi.fhir-org.hl7.fhir.utilities,
Package States: Red Hat build of Apache Camel for Spring Boot 3,Red Hat build of Apache Camel for Spring Boot 3,Red Hat build of Apache Camel for Spring Boot 3,Red Hat build of Apache Camel for Spring Boot 3,Red Hat build of Apache Camel for Spring Boot 3,Red Hat build of Apache Camel for Spring Boot 3,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Integration Camel K,Red Hat Integration Camel K,Red Hat Integration Camel K,
Full Details
CVE document
CVE-2024-50122
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323903
Bugzilla Description:
kernel: PCI: Hold rescan lock while adding devices during host probe
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50099
Severity: moderate
Released on: 05/11/2024
Advisory: RHSA-2024:11486, RHSA-2024:10943, RHSA-2024:10944,
Bugzilla: 2323904
Bugzilla Description:
kernel: arm64: probes: Remove broken LDR (literal) uprobe support
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages: kernel-0:4.18.0-553.32.1.el8_10,kernel-rt-0:4.18.0-553.32.1.rt7.373.el8_10,kernel-0:5.14.0-503.19.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50121
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323905
Bugzilla Description:
kernel: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50113
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323907
Bugzilla Description:
kernel: firewire: core: fix invalid port index for parent device
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50109
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323909
Bugzilla Description:
kernel: md/raid10: fix null ptr dereference in raid10_size()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50135
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323910
Bugzilla Description:
kernel: nvme-pci: fix race condition between reset and nvme_dev_disable()
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50103
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323911
Bugzilla Description:
kernel: ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50136
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323912
Bugzilla Description:
kernel: net/mlx5: Unregister notifier on eswitch init failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50111
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323913
Bugzilla Description:
kernel: LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50132
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323914
Bugzilla Description:
kernel: tracing/probes: Fix MAX_TRACE_ARGS limit handling
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50089
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323915
Bugzilla Description:
kernel: unicode: Don't special case ignorable code points
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50114
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323916
Bugzilla Description:
kernel: KVM: arm64: Unregister redistributor for failed vCPU creation
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50108
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323917
Bugzilla Description:
kernel: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50128
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323918
Bugzilla Description:
kernel: net: wwan: fix global oob in wwan_rtnl_policy
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50100
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323919
Bugzilla Description:
kernel: USB: gadget: dummy-hcd: Fix "task hung" problem
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50131
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323920
Bugzilla Description:
kernel: tracing: Consider the NULL character when validating the event length
CVSS Score:
CVSSv3 Score: 4.1
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50095
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323921
Bugzilla Description:
kernel: RDMA/mad: Improve handling of timed out WRs of mad agent
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50123
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323922
Bugzilla Description:
kernel: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50091
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323923
Bugzilla Description:
kernel: dm vdo: don't refer to dedupe_context after releasing it
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50126
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323924
Bugzilla Description:
kernel: net: sched: use RCU read-side critical section in taprio_dump()
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50112
Severity: important
Released on: 05/11/2024
Advisory:
Bugzilla: 2323925
Bugzilla Description:
kernel: x86/lam: Disable ADDRESS_MASKING in most cases
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-208
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50127
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323927
Bugzilla Description:
kernel: net: sched: fix use-after-free in taprio_change()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50090
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323928
Bugzilla Description:
kernel: drm/xe/oa: Fix overflow in oa batch buffer
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50102
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323929
Bugzilla Description:
kernel: x86: fix user address masking non-canonical speculation issue
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-203
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50110
Severity: moderate
Released on: 05/11/2024
Advisory: RHSA-2024:11486, RHSA-2024:10943, RHSA-2024:10944,
Bugzilla: 2323930
Bugzilla Description:
kernel: xfrm: fix one more kernel-infoleak in algo dumping
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-908
Affected Packages: kernel-0:4.18.0-553.32.1.el8_10,kernel-rt-0:4.18.0-553.32.1.rt7.373.el8_10,kernel-0:5.14.0-503.19.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50137
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323931
Bugzilla Description:
kernel: reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50117
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323932
Bugzilla Description:
kernel: drm/amd: Guard against bad data for ATIF ACPI method
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50120
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323933
Bugzilla Description:
kernel: smb: client: Handle kstrdup failures for passwords
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50116
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323934
Bugzilla Description:
kernel: nilfs2: fix kernel bug due to missing clearing of buffer delay flag
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50133
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323935
Bugzilla Description:
kernel: LoongArch: Don't crash in stack_top() for tasks without vDSO
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50125
Severity: moderate
Released on: 05/11/2024
Advisory: RHSA-2024:11486,
Bugzilla: 2323937
Bugzilla Description:
kernel: Bluetooth: SCO: Fix UAF on sco_sock_timeout
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-416
Affected Packages: kernel-0:5.14.0-503.19.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50107
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323938
Bugzilla Description:
kernel: platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50097
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323939
Bugzilla Description:
kernel: net: fec: don't save PTP state if PTP is unsupported
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50098
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323940
Bugzilla Description:
kernel: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50129
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323941
Bugzilla Description:
kernel: net: pse-pd: Fix out of bound for loop
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50119
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323942
Bugzilla Description:
kernel: cifs: fix warning when destroy 'cifs_io_request_pool'
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50134
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323943
Bugzilla Description:
kernel: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50106
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323945
Bugzilla Description:
kernel: nfsd: fix race between laundromat and free_stateid
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50094
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323946
Bugzilla Description:
kernel: sfc: Don't invoke xdp_do_flush() from netpoll.
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50093
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323947
Bugzilla Description:
kernel: thermal: intel: int340x: processor: Fix warning during module unload
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50092
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323948
Bugzilla Description:
kernel: net: netconsole: fix wrong warning
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50105
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323949
Bugzilla Description:
kernel: ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50101
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323950
Bugzilla Description:
kernel: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50138
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323951
Bugzilla Description:
kernel: bpf: Use raw_spinlock_t in ringbuf
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50096
Severity: moderate
Released on: 05/11/2024
Advisory:
Bugzilla: 2323952
Bugzilla Description:
kernel: nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50130
Severity: low
Released on: 05/11/2024
Advisory:
Bugzilla: 2323953
Bugzilla Description:
kernel: netfilter: bpf: must hold reference on net namespace
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50104
Severity: low
Released on: 05/11/2024
Advisory:
Bugzilla: 2323954
Bugzilla Description:
kernel: ASoC: qcom: sdm845: add missing soundwire runtime stream alloc
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50115
Severity: moderate
Released on: 05/11/2024
Advisory: RHSA-2024:11486,
Bugzilla: 2323955
Bugzilla Description:
kernel: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-125
Affected Packages: kernel-0:5.14.0-503.19.1.el9_5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-51744
Severity: low
Released on: 04/11/2024
Advisory:
Bugzilla: 2323735
Bugzilla Description:
golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-755
Affected Packages:
Package States: Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,Cryostat 3,Custom Metric Autoscaler operator for Red Hat Openshift,Custom Metric Autoscaler operator for Red Hat Openshift,Custom Metric Autoscaler operator for Red Hat Openshift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Logical Volume Manager Storage,Migration Toolkit for Applications 7,Migration Toolkit for Applications 7,Migration Toolkit for Applications 7,Migration Toolkit for Containers,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat Ceph Storage 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift on AWS,Red Hat Openshift Sandboxed Containers,Red Hat Openshift Sandboxed Containers,Red Hat Openshift Sandboxed Containers,Red Hat Openshift Sandboxed Containers,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,
Full Details
CVE document
CVE-2024-51127
Severity: important
Released on: 04/11/2024
Advisory: RHSA-2024:11531, RHSA-2024:11559, RHSA-2024:11529, RHSA-2024:11570, RHSA-2024:11560,
Bugzilla: 2323697
Bugzilla Description:
hornetq-core-client: Arbitrarily overwrite files or access sensitive information
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-22
Affected Packages: eap8-ecj-1:3.31.0-2.redhat_00001.1.el8eap,eap8-angus-activation-0:2.0.2-1.redhat_00001.1.el8eap,eap8-wildfly-elytron-0:2.2.7-1.Final_redhat_00001.1.el8eap,eap8-javaee-security-soteria-0:3.0.0-3.redhat_00001.1.el9eap,eap8-jakarta-activation-0:2.1.3-1.redhat_00001.1.el8eap,eap8-jctools-0:4.0.5-1.redhat_00001.1.el8eap,eap8-yasson-0:3.0.4-1.redhat_00002.1.el9eap,eap8-azure-storage-0:8.6.6-4.redhat_00001.1.el8eap,eap8-commons-logging-jboss-logging-0:1.0.0-2.Final_redhat_1.1.el8eap,eap8-undertow-0:2.3.18-1.SP1_redhat_00001.1.el9eap,eap8-eap-product-conf-parent-0:800.5.0-1.GA_redhat_00001.1.el9eap,eap8-netty-transport-native-epoll-0:4.1.114-1.Final_redhat_00001.1.el8eap,eap8-wildfly-0:8.0.5-3.GA_redhat_00002.1.el9eap,eap8-hornetq-0:2.4.10-1.Final_redhat_00001.1.el8eap,eap8-netty-0:4.1.114-1.Final_redhat_00001.1.el8eap,eap8-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el9eap,eap8-wildfly-elytron-ee-0:3.0.3-2.Final_redhat_00001.1.el9eap,eap8-jboss-ejb-client-0:5.0.8-1.Final_redhat_00001.1.el8eap,eap8-undertow-jastow-0:2.2.8-1.Final_redhat_00001.1.el8eap,eap8-atinject-0:2.0.1-3.redhat_00006.1.el8eap,eap8-jansi-0:1.18.0-2.redhat_00001.1.el9eap,org.hornetq/hornetq-core-client,eap8-vdx-0:1.1.6-3.redhat_1.1.el8eap,eap8-javaee-security-soteria-0:3.0.0-3.redhat_00001.1.el8eap,eap8-commons-logging-jboss-logging-0:1.0.0-2.Final_redhat_1.1.el9eap,eap8-jbossws-cxf-0:7.3.0-1.Final_redhat_00001.1.el8eap,eap8-eap-product-conf-parent-0:800.5.0-1.GA_redhat_00001.1.el8eap,eap8-wildfly-0:8.0.5-3.GA_redhat_00002.1.el8eap,eap7-hornetq-0:2.4.11-1.Final_redhat_00001.1.el7eap,eap8-parsson-0:1.1.7-1.redhat_00002.1.el8eap,eap8-hibernate-0:6.2.32-1.Final_redhat_00001.1.el9eap,eap8-expressly-0:5.0.0-5.redhat_00001.1.el9eap,eap8-jansi-0:1.18.0-2.redhat_00001.1.el8eap,eap8-atinject-0:2.0.1-3.redhat_00006.1.el9eap,eap8-vdx-0:1.1.6-3.redhat_1.1.el9eap,eap8-narayana-0:6.0.4-1.Final_redhat_00001.1.el9eap,eap8-jboss-weld-api-0:5.0.0-4.SP3_redhat_00001.1.el8eap,eap8-resteasy-0:6.2.11-1.Final_redhat_00001.1.el8eap,org.jboss.eap-jboss-eap,eap8-jboss-marshalling-0:2.1.6-1.Final_redhat_00001.1.el8eap,eap8-jbossws-cxf-0:7.3.0-1.Final_redhat_00001.1.el9eap,eap8-activemq-artemis-0:2.33.0-2.redhat_00016.1.el9eap,eap8-jakarta-xml-bind-api-0:4.0.2-1.redhat_00001.1.el9eap,eap8-parsson-0:1.1.7-1.redhat_00002.1.el9eap,eap7-hornetq-0:2.4.11-1.Final_redhat_00001.1.el8eap,eap8-hibernate-0:6.2.32-1.Final_redhat_00001.1.el8eap,eap8-jsonb-spec-0:3.0.1-1.redhat_00002.1.el8eap,eap8-angus-activation-0:2.0.2-1.redhat_00001.1.el9eap,eap8-apache-commons-lang-0:3.14.0-3.redhat_00007.1.el8eap,eap8-expressly-0:5.0.0-5.redhat_00001.1.el8eap,eap8-hal-console-0:3.6.20-1.Final_redhat_00001.1.el9eap,eap8-ecj-1:3.31.0-2.redhat_00001.1.el9eap,eap8-narayana-0:6.0.4-1.Final_redhat_00001.1.el8eap,eap8-jboss-weld-api-0:5.0.0-4.SP3_redhat_00001.1.el9eap,eap8-jctools-0:4.0.5-1.redhat_00001.1.el9eap,eap8-wildfly-elytron-0:2.2.7-1.Final_redhat_00001.1.el9eap,eap8-azure-storage-0:8.6.6-4.redhat_00001.1.el9eap,eap8-jboss-marshalling-0:2.1.6-1.Final_redhat_00001.1.el9eap,eap8-resteasy-0:6.2.11-1.Final_redhat_00001.1.el9eap,eap8-jakarta-activation-0:2.1.3-1.redhat_00001.1.el9eap,eap8-undertow-0:2.3.18-1.SP1_redhat_00001.1.el8eap,eap8-jakarta-xml-bind-api-0:4.0.2-1.redhat_00001.1.el8eap,eap8-netty-transport-native-epoll-0:4.1.114-1.Final_redhat_00001.1.el9eap,eap8-activemq-artemis-0:2.33.0-2.redhat_00016.1.el8eap,eap8-yasson-0:3.0.4-1.redhat_00002.1.el8eap,eap7-hornetq-0:2.4.11-1.Final_redhat_00001.1.el9eap,eap8-hornetq-0:2.4.10-1.Final_redhat_00001.1.el9eap,eap8-wildfly-elytron-ee-0:3.0.3-2.Final_redhat_00001.1.el8eap,eap8-jboss-ejb-client-0:5.0.8-1.Final_redhat_00001.1.el9eap,eap8-jsonb-spec-0:3.0.1-1.redhat_00002.1.el9eap,eap8-hal-console-0:3.6.20-1.Final_redhat_00001.1.el8eap,eap8-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el8eap,eap8-netty-0:4.1.114-1.Final_redhat_00001.1.el9eap,eap8-undertow-jastow-0:2.2.8-1.Final_redhat_00001.1.el9eap,eap8-apache-commons-lang-0:3.14.0-3.redhat_00007.1.el9eap,
Package States: Red Hat Build of Keycloak,Red Hat Fuse 7,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2024-51774
Severity: critical
Released on: 02/11/2024
Advisory:
Bugzilla: 2323332
Bugzilla Description:
qBittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-295
Affected Packages:
Package States:
Full Details
CVE document
CVE-2024-21510
Severity: moderate
Released on: 01/11/2024
Advisory: RHSA-2024:10987,
Bugzilla: 2323117
Bugzilla Description:
sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-807
Affected Packages: pcs-0:0.10.18-2.el8_10.3,
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Satellite 6,Red Hat Storage 3,
Full Details
CVE document
CVE-2024-7883
Severity: low
Released on: 31/10/2024
Advisory:
Bugzilla: 2322994
Bugzilla Description:
clang: CMSE secure state may leak from stack to floating-point registers
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-226
Affected Packages:
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-8185
Severity: important
Released on: 31/10/2024
Advisory:
Bugzilla: 2322958
Bugzilla Description:
hashicorp/vault: Vault Vulnerable to Denial of Service When Processing Raft Join Requests
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-636
Affected Packages:
Package States: Red Hat Openshift Container Storage 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,
Full Details
CVE document
CVE-2024-8553
Severity: moderate
Released on: 31/10/2024
Advisory: RHSA-2024:8717, RHSA-2024:8718, RHSA-2024:8719, RHSA-2024:8906,
Bugzilla: 2312524
Bugzilla Description:
foreman: Read-only access to entire DB from templates
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-200
Affected Packages: foreman-0:3.12.0.1-1.el9sat,foreman-0:3.9.1.11-1.el8sat,foreman-0:3.5.1.25-1.el8sat,foreman-0:3.12.0.1-1.el8sat,foreman-0:3.7.0.14-1.el8sat,
Package States:
Full Details
CVE document
CVE-2024-48910
Severity: important
Released on: 31/10/2024
Advisory: RHSA-2025:0082, RHSA-2024:9620, RHSA-2024:9583, RHSA-2025:0079, RHSA-2024:10186,
Bugzilla: 2322949
Bugzilla Description:
dompurify: DOMPurify vulnerable to tampering by prototype pollution
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-1321
Affected Packages: odf4/odf-console-rhel9:v4.16.5-2,odf4/odf-multicluster-console-rhel9:v4.17.2-1,odf4/ocs-client-console-rhel9:v4.17.2-1,advanced-cluster-security/rhacs-main-rhel8:4.4.6-2,odf4/odf-multicluster-console-rhel9:v4.16.5-2,advanced-cluster-security/rhacs-main-rhel8:4.5.5-3,openshift4/ose-monitoring-plugin-rhel8:v4.14.0-202411130434.p0.gb57ebe7.assembly.stream.el8,odf4/ocs-client-console-rhel9:v4.16.5-2,odf4/odf-console-rhel9:v4.17.2-1,
Package States: Logging Subsystem for Red Hat OpenShift,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Network Observability Operator,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Service Mesh 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document
CVE-2024-44185
Severity: important
Released on: 31/10/2024
Advisory: RHSA-2024:9679, RHSA-2024:9646, RHSA-2024:9653, RHSA-2024:9553, RHSA-2024:9680, RHSA-2024:9637, RHSA-2024:9636, RHSA-2024:8180, RHSA-2024:9638,
Bugzilla: 2323263
Bugzilla Description:
webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-788
Affected Packages: webkit2gtk3-0:2.46.3-1.el8_4,webkit2gtk3-0:2.46.3-1.el8_6,webkit2gtk3-0:2.46.3-1.el9_5,webkit2gtk3-0:2.46.3-1.el8_8,webkit2gtk3-0:2.46.3-1.el8_10,webkit2gtk3-0:2.46.3-1.el9_0,webkit2gtk3-0:2.46.3-1.el8_2,webkit2gtk3-0:2.46.1-2.el9_4,webkit2gtk3-0:2.46.3-1.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-44296
Severity: moderate
Released on: 31/10/2024
Advisory: RHSA-2024:9545, RHSA-2024:9553, RHSA-2024:9636,
Bugzilla: 2323289
Bugzilla Description:
webkitgtk: webkit2gtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-358
Affected Packages: webkit2gtk3-0:2.46.3-1.el9_4,webkit2gtk3-0:2.46.3-1.el9_5,webkit2gtk3-0:2.46.3-1.el8_10,
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-10086
Severity: moderate
Released on: 30/10/2024
Advisory:
Bugzilla: 2322859
Bugzilla Description:
consul: Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2024-10006
Severity: important
Released on: 30/10/2024
Advisory:
Bugzilla: 2322858
Bugzilla Description:
hashicorp/consul: consul: Consul L7 Intentions Vulnerable To Headers Bypass
CVSS Score:
CVSSv3 Score: 8.3
Vector:
CWE: CWE-644
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2024-10005
Severity: low
Released on: 30/10/2024
Advisory:
Bugzilla: 2322857
Bugzilla Description:
hashicorp/consul: consul: Consul L7 Intentions Vulnerable To URL Path Bypass
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2024-10525
Severity: important
Released on: 30/10/2024
Advisory:
Bugzilla: 2322724
Bugzilla Description:
mosquitto: heap buffer overflow in my_subscribe_callback
CVSS Score:
CVSSv3 Score: 7.6
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Satellite 6,
Full Details
CVE document
CVE-2024-10573
Severity: moderate
Released on: 30/10/2024
Advisory: RHSA-2024:11193, RHSA-2024:11242,
Bugzilla: 2322980
Bugzilla Description:
mpg123: Buffer overflow when writing decoded PCM samples
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-787
Affected Packages: mpg123-0:1.32.9-1.el9_5,mpg123-0:1.32.9-1.el8_10,
Package States: Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2024-10491
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322502
Bugzilla Description:
express: Preload arbitrary resources by injecting additional `Link` headers
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-74
Affected Packages:
Package States: A-MQ Interconnect 1,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Migration Toolkit for Applications 7,Migration Toolkit for Applications 7,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Network Observability Operator,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Connectivity Link,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Data Science (RHODS),Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 17.1,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2024-10452
Severity: low
Released on: 29/10/2024
Advisory:
Bugzilla: 2322479
Bugzilla Description:
grafana: Org admin can delete pending invites in different org
CVSS Score:
CVSSv3 Score: 2.2
Vector:
CWE: CWE-639
Affected Packages:
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Storage 3,
Full Details
CVE document
CVE-2024-49768
Severity: important
Released on: 29/10/2024
Advisory: RHSA-2024:10145, RHSA-2024:9613, RHSA-2024:9623, RHSA-2024:10535, RHSA-2024:9618, RHSA-2024:10815, RHSA-2025:0201,
Bugzilla: 2322460
Bugzilla Description:
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: (CWE-367|CWE-444)
Affected Packages: python-waitress-0:3.0.1-1.el9,python-waitress-0:2.0.0-4.el8ost,
Package States: Red Hat Ceph Storage 4,Red Hat Ceph Storage 5,Red Hat Openshift Container Storage 4,Red Hat OpenStack Platform 17.1,
Full Details
CVE document
CVE-2024-49769
Severity: important
Released on: 29/10/2024
Advisory: RHSA-2024:10145, RHSA-2024:9613, RHSA-2024:9623, RHSA-2024:10535, RHSA-2024:9618, RHSA-2024:10815, RHSA-2025:0201,
Bugzilla: 2322461
Bugzilla Description:
waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-772
Affected Packages: python-waitress-0:3.0.1-1.el9,python-waitress-0:2.0.0-4.el8ost,
Package States: Red Hat Ceph Storage 4,Red Hat Ceph Storage 5,Red Hat Openshift Container Storage 4,Red Hat OpenStack Platform 17.1,
Full Details
CVE document
CVE-2024-8309
Severity: low
Released on: 29/10/2024
Advisory:
Bugzilla: 2322452
Bugzilla Description:
langchain: SQL Injection in langchain-ai/langchain
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-89
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI),
Full Details
CVE document
CVE-2024-10468
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322443
Bugzilla Description:
thunderbird: Race conditions in IndexedDB
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-400
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10467
Severity: moderate
Released on: 29/10/2024
Advisory: RHSA-2024:9016, RHSA-2024:9017, RHSA-2024:8720, RHSA-2024:9018, RHSA-2024:8721, RHSA-2024:8722, RHSA-2024:9019, RHSA-2024:9552, RHSA-2024:8793, RHSA-2024:9554, RHSA-2024:9015, RHSA-2024:8790, RHSA-2024:8727, RHSA-2024:8728, RHSA-2024:8729, RHSA-2024:8723, RHSA-2024:8724, RHSA-2024:8725, RHSA-2024:8726,
Bugzilla: 2322433
Bugzilla Description:
firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: thunderbird-0:128.4.0-1.el8_2,thunderbird-0:128.4.0-1.el9_2,thunderbird-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el7_9,thunderbird-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el8_8,firefox-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el9_2,firefox-0:128.4.0-1.el8_2,firefox-0:128.4.0-1.el9_4,firefox-0:128.4.0-1.el8_4,firefox-0:128.4.0-1.el8_6,firefox-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_8,thunderbird-0:128.4.0-1.el8_6,thunderbird-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_4,thunderbird-0:128.4.0-1.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10466
Severity: low
Released on: 29/10/2024
Advisory: RHSA-2024:9016, RHSA-2024:9017, RHSA-2024:8720, RHSA-2024:9018, RHSA-2024:8721, RHSA-2024:8722, RHSA-2024:9019, RHSA-2024:9552, RHSA-2024:8793, RHSA-2024:9554, RHSA-2024:9015, RHSA-2024:8790, RHSA-2024:8727, RHSA-2024:8728, RHSA-2024:8729, RHSA-2024:8723, RHSA-2024:8724, RHSA-2024:8725, RHSA-2024:8726,
Bugzilla: 2322438
Bugzilla Description:
firefox: DOM push subscription message could hang Firefox
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-400
Affected Packages: thunderbird-0:128.4.0-1.el8_2,thunderbird-0:128.4.0-1.el9_2,thunderbird-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el7_9,thunderbird-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el8_8,firefox-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el9_2,firefox-0:128.4.0-1.el8_2,firefox-0:128.4.0-1.el9_4,firefox-0:128.4.0-1.el8_4,firefox-0:128.4.0-1.el8_6,firefox-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_8,thunderbird-0:128.4.0-1.el8_6,thunderbird-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_4,thunderbird-0:128.4.0-1.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10465
Severity: low
Released on: 29/10/2024
Advisory: RHSA-2024:9016, RHSA-2024:9017, RHSA-2024:8720, RHSA-2024:9018, RHSA-2024:8721, RHSA-2024:8722, RHSA-2024:9019, RHSA-2024:9552, RHSA-2024:8793, RHSA-2024:9554, RHSA-2024:9015, RHSA-2024:8790, RHSA-2024:8727, RHSA-2024:8728, RHSA-2024:8729, RHSA-2024:8723, RHSA-2024:8724, RHSA-2024:8725, RHSA-2024:8726,
Bugzilla: 2322434
Bugzilla Description:
firefox: thunderbird: Clipboard "paste" button persisted across tabs
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-20
Affected Packages: thunderbird-0:128.4.0-1.el8_2,thunderbird-0:128.4.0-1.el9_2,thunderbird-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el7_9,thunderbird-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el8_8,firefox-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el9_2,firefox-0:128.4.0-1.el8_2,firefox-0:128.4.0-1.el9_4,firefox-0:128.4.0-1.el8_4,firefox-0:128.4.0-1.el8_6,firefox-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_8,thunderbird-0:128.4.0-1.el8_6,thunderbird-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_4,thunderbird-0:128.4.0-1.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10464
Severity: low
Released on: 29/10/2024
Advisory: RHSA-2024:9016, RHSA-2024:9017, RHSA-2024:8720, RHSA-2024:9018, RHSA-2024:8721, RHSA-2024:8722, RHSA-2024:9019, RHSA-2024:9552, RHSA-2024:8793, RHSA-2024:9554, RHSA-2024:9015, RHSA-2024:8790, RHSA-2024:8727, RHSA-2024:8728, RHSA-2024:8729, RHSA-2024:8723, RHSA-2024:8724, RHSA-2024:8725, RHSA-2024:8726,
Bugzilla: 2322424
Bugzilla Description:
firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-799
Affected Packages: thunderbird-0:128.4.0-1.el8_2,thunderbird-0:128.4.0-1.el9_2,thunderbird-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el7_9,thunderbird-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el8_8,firefox-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el9_2,firefox-0:128.4.0-1.el8_2,firefox-0:128.4.0-1.el9_4,firefox-0:128.4.0-1.el8_4,firefox-0:128.4.0-1.el8_6,firefox-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_8,thunderbird-0:128.4.0-1.el8_6,thunderbird-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_4,thunderbird-0:128.4.0-1.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10463
Severity: moderate
Released on: 29/10/2024
Advisory: RHSA-2024:9016, RHSA-2024:9017, RHSA-2024:8720, RHSA-2024:9018, RHSA-2024:8721, RHSA-2024:8722, RHSA-2024:9019, RHSA-2024:9552, RHSA-2024:8793, RHSA-2024:9554, RHSA-2024:9015, RHSA-2024:8790, RHSA-2024:8727, RHSA-2024:8728, RHSA-2024:8729, RHSA-2024:8723, RHSA-2024:8724, RHSA-2024:8725, RHSA-2024:8726,
Bugzilla: 2322439
Bugzilla Description:
firefox: thunderbird: Cross origin video frame leak
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-942
Affected Packages: thunderbird-0:128.4.0-1.el8_2,thunderbird-0:128.4.0-1.el9_2,thunderbird-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el7_9,thunderbird-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el8_8,firefox-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el9_2,firefox-0:128.4.0-1.el8_2,firefox-0:128.4.0-1.el9_4,firefox-0:128.4.0-1.el8_4,firefox-0:128.4.0-1.el8_6,firefox-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_8,thunderbird-0:128.4.0-1.el8_6,thunderbird-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_4,thunderbird-0:128.4.0-1.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10462
Severity: moderate
Released on: 29/10/2024
Advisory: RHSA-2024:9016, RHSA-2024:9017, RHSA-2024:8720, RHSA-2024:9018, RHSA-2024:8721, RHSA-2024:8722, RHSA-2024:9019, RHSA-2024:9552, RHSA-2024:8793, RHSA-2024:9554, RHSA-2024:9015, RHSA-2024:8790, RHSA-2024:8727, RHSA-2024:8728, RHSA-2024:8729, RHSA-2024:8723, RHSA-2024:8724, RHSA-2024:8725, RHSA-2024:8726,
Bugzilla: 2322440
Bugzilla Description:
firefox: thunderbird: Origin of permission prompt could be spoofed by long URL
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-280
Affected Packages: thunderbird-0:128.4.0-1.el8_2,thunderbird-0:128.4.0-1.el9_2,thunderbird-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el7_9,thunderbird-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el8_8,firefox-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el9_2,firefox-0:128.4.0-1.el8_2,firefox-0:128.4.0-1.el9_4,firefox-0:128.4.0-1.el8_4,firefox-0:128.4.0-1.el8_6,firefox-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_8,thunderbird-0:128.4.0-1.el8_6,thunderbird-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_4,thunderbird-0:128.4.0-1.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10461
Severity: moderate
Released on: 29/10/2024
Advisory: RHSA-2024:9016, RHSA-2024:9017, RHSA-2024:8720, RHSA-2024:9018, RHSA-2024:8721, RHSA-2024:8722, RHSA-2024:9019, RHSA-2024:9552, RHSA-2024:8793, RHSA-2024:9554, RHSA-2024:9015, RHSA-2024:8790, RHSA-2024:8727, RHSA-2024:8728, RHSA-2024:8729, RHSA-2024:8723, RHSA-2024:8724, RHSA-2024:8725, RHSA-2024:8726,
Bugzilla: 2322425
Bugzilla Description:
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages: thunderbird-0:128.4.0-1.el8_2,thunderbird-0:128.4.0-1.el9_2,thunderbird-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el7_9,thunderbird-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el8_8,firefox-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el9_2,firefox-0:128.4.0-1.el8_2,firefox-0:128.4.0-1.el9_4,firefox-0:128.4.0-1.el8_4,firefox-0:128.4.0-1.el8_6,firefox-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_8,thunderbird-0:128.4.0-1.el8_6,thunderbird-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_4,thunderbird-0:128.4.0-1.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10460
Severity: moderate
Released on: 29/10/2024
Advisory: RHSA-2024:9016, RHSA-2024:9017, RHSA-2024:8720, RHSA-2024:9018, RHSA-2024:8721, RHSA-2024:8722, RHSA-2024:9019, RHSA-2024:9552, RHSA-2024:8793, RHSA-2024:9554, RHSA-2024:9015, RHSA-2024:8790, RHSA-2024:8727, RHSA-2024:8728, RHSA-2024:8729, RHSA-2024:8723, RHSA-2024:8724, RHSA-2024:8725, RHSA-2024:8726,
Bugzilla: 2322444
Bugzilla Description:
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-940
Affected Packages: thunderbird-0:128.4.0-1.el8_2,thunderbird-0:128.4.0-1.el9_2,thunderbird-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el7_9,thunderbird-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el8_8,firefox-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el9_2,firefox-0:128.4.0-1.el8_2,firefox-0:128.4.0-1.el9_4,firefox-0:128.4.0-1.el8_4,firefox-0:128.4.0-1.el8_6,firefox-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_8,thunderbird-0:128.4.0-1.el8_6,thunderbird-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_4,thunderbird-0:128.4.0-1.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10459
Severity: important
Released on: 29/10/2024
Advisory: RHSA-2024:9016, RHSA-2024:9017, RHSA-2024:8720, RHSA-2024:9018, RHSA-2024:8721, RHSA-2024:8722, RHSA-2024:9019, RHSA-2024:9552, RHSA-2024:8793, RHSA-2024:9554, RHSA-2024:9015, RHSA-2024:8790, RHSA-2024:8727, RHSA-2024:8728, RHSA-2024:8729, RHSA-2024:8723, RHSA-2024:8724, RHSA-2024:8725, RHSA-2024:8726,
Bugzilla: 2322429
Bugzilla Description:
firefox: thunderbird: Use-after-free in layout with accessibility
CVSS Score:
CVSSv3 Score: 7.6
Vector:
CWE: CWE-416
Affected Packages: thunderbird-0:128.4.0-1.el8_2,thunderbird-0:128.4.0-1.el9_2,thunderbird-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el7_9,thunderbird-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el8_8,firefox-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el9_2,firefox-0:128.4.0-1.el8_2,firefox-0:128.4.0-1.el9_4,firefox-0:128.4.0-1.el8_4,firefox-0:128.4.0-1.el8_6,firefox-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_8,thunderbird-0:128.4.0-1.el8_6,thunderbird-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_4,thunderbird-0:128.4.0-1.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10458
Severity: important
Released on: 29/10/2024
Advisory: RHSA-2024:9016, RHSA-2024:9017, RHSA-2024:8720, RHSA-2024:9018, RHSA-2024:8721, RHSA-2024:8722, RHSA-2024:9019, RHSA-2024:9552, RHSA-2024:8793, RHSA-2024:9554, RHSA-2024:9015, RHSA-2024:8790, RHSA-2024:8727, RHSA-2024:8728, RHSA-2024:8729, RHSA-2024:8723, RHSA-2024:8724, RHSA-2024:8725, RHSA-2024:8726,
Bugzilla: 2322428
Bugzilla Description:
firefox: thunderbird: Permission leak via embed or object elements
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-280
Affected Packages: thunderbird-0:128.4.0-1.el8_2,thunderbird-0:128.4.0-1.el9_2,thunderbird-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el7_9,thunderbird-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el8_8,firefox-0:128.4.0-1.el8_10,firefox-0:128.4.0-1.el9_0,firefox-0:128.4.0-1.el9_2,firefox-0:128.4.0-1.el8_2,firefox-0:128.4.0-1.el9_4,firefox-0:128.4.0-1.el8_4,firefox-0:128.4.0-1.el8_6,firefox-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_8,thunderbird-0:128.4.0-1.el8_6,thunderbird-0:128.4.0-1.el9_5,thunderbird-0:128.4.0-1.el8_4,thunderbird-0:128.4.0-1.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-9632
Severity: important
Released on: 29/10/2024
Advisory: RHSA-2024:9820, RHSA-2024:8798, RHSA-2024:9601, RHSA-2024:9579, RHSA-2024:9540, RHSA-2024:10090, RHSA-2024:9690, RHSA-2024:9816, RHSA-2024:9819, RHSA-2024:9818, RHSA-2024:9901,
Bugzilla: 2317233
Bugzilla Description:
xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-122
Affected Packages: tigervnc-0:1.12.0-6.el8_6.12,tigervnc-0:1.12.0-14.el9_2.9,tigervnc-0:1.11.0-8.el8_4.11,tigervnc-0:1.11.0-22.el9_0.12,xorg-x11-server-0:1.20.11-25.el8_10,tigervnc-0:1.9.0-15.el8_2.12,tigervnc-0:1.8.0-34.el7_9,tigervnc-0:1.13.1-8.el9_4.4,tigervnc-0:1.12.0-15.el8_8.11,tigervnc-0:1.13.1-14.el8_10,tigervnc-0:1.14.1-1.el9_5,xorg-x11-server-Xwayland-0:21.1.3-17.el8_10,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50080
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322301
Bugzilla Description:
kernel: ublk: don't allow user copy for unprivileged device
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50077
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322303
Bugzilla Description:
kernel: Bluetooth: ISO: Fix multiple init when debugfs is disabled
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50084
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322304
Bugzilla Description:
kernel: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50068
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322305
Bugzilla Description:
kernel: mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50079
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322306
Bugzilla Description:
kernel: io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50085
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322307
Bugzilla Description:
kernel: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50082
Severity: moderate
Released on: 29/10/2024
Advisory: RHSA-2024:10943, RHSA-2024:10944,
Bugzilla: 2322308
Bugzilla Description:
kernel: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages: kernel-0:4.18.0-553.32.1.el8_10,kernel-rt-0:4.18.0-553.32.1.rt7.373.el8_10,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50072
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322309
Bugzilla Description:
kernel: x86/bugs: Use code segment selector for VERW operand
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50074
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322310
Bugzilla Description:
kernel: parport: Proper fix for array out-of-bounds access
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50083
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322311
Bugzilla Description:
kernel: tcp: fix mptcp DSS corruption due to large pmtu xmit
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50073
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322312
Bugzilla Description:
kernel: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50076
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322313
Bugzilla Description:
kernel: vt: prevent kernel-infoleak in con_font_get()
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50071
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322315
Bugzilla Description:
kernel: pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func()
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-415
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50081
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322316
Bugzilla Description:
kernel: blk-mq: setup queue ->tag_set before initializing hctx
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50087
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322317
Bugzilla Description:
kernel: btrfs: fix uninitialized pointer free on read_alloc_one_name() error
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50069
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322318
Bugzilla Description:
kernel: pinctrl: apple: check devm_kasprintf() returned value
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50075
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322320
Bugzilla Description:
kernel: xhci: tegra: fix checked USB2 port number
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50088
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322321
Bugzilla Description:
kernel: btrfs: fix uninitialized pointer free in add_inode_ref()
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50086
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322322
Bugzilla Description:
kernel: ksmbd: fix user-after-free from session log off
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50078
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322323
Bugzilla Description:
kernel: Bluetooth: Call iso_exit() on module unload
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50070
Severity: moderate
Released on: 29/10/2024
Advisory:
Bugzilla: 2322324
Bugzilla Description:
kernel: pinctrl: stm32: check devm_kasprintf() returned value
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2019-25219
Severity: low
Released on: 29/10/2024
Advisory:
Bugzilla: 2322501
Bugzilla Description:
asio: missing fallback error code
CVSS Score:
CVSSv3 Score: 2.5
Vector:
CWE: CWE-544
Affected Packages:
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2024-47827
Severity: moderate
Released on: 28/10/2024
Advisory:
Bugzilla: 2322162
Bugzilla Description:
argo-workflows: Argo Workflows Controller: Denial of Service via malicious daemon Workflows
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: (CWE-1108|CWE-362)
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2024-45802
Severity: important
Released on: 28/10/2024
Advisory: RHSA-2024:9644, RHSA-2024:9677, RHSA-2024:9624, RHSA-2024:9678, RHSA-2024:9729, RHSA-2024:9813, RHSA-2024:9625, RHSA-2024:9738, RHSA-2024:9815, RHSA-2024:9814,
Bugzilla: 2322154
Bugzilla Description:
squid: Denial of Service processing ESI response content
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-20
Affected Packages: squid-7:5.5-14.el9_5.3,squid-7:5.5-13.el9_4.2,squid:4-8020020241112142652.4cda2c84,squid-7:5.2-1.el9_0.7,squid:4-8100020241113143337.489197e6,squid:4-8040020241112182856.522a0ee4,squid-7:3.5.20-17.el7_9.11,squid-7:5.5-5.el9_2.8,squid:4-8080020241113192235.63b34585,squid:4-8060020241113144818.ad008a3a,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,
Full Details
CVE document
CVE-2024-49761
Severity: moderate
Released on: 28/10/2024
Advisory: RHSA-2024:10860, RHSA-2024:10850, RHSA-2024:10982, RHSA-2024:11027, RHSA-2024:10961, RHSA-2024:11028, RHSA-2024:10984, RHSA-2024:11029, RHSA-2024:10777, RHSA-2024:10964, RHSA-2024:10834, RHSA-2024:10966, RHSA-2024:10977, RHSA-2024:10858, RHSA-2024:11001,
Bugzilla: 2322153
Bugzilla Description:
rexml: REXML ReDoS vulnerability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1333
Affected Packages: ruby:2.5-8100020241127152844.489197e6,ruby-0:3.0.7-162.el9_4.1,ruby:2.5-8060020241211101132.ad008a3a,ruby-0:3.0.4-161.el9_2.2,ruby:3.1-9050020241127153348.9,ruby:3.1-8100020241127152928.489197e6,pcs-0:0.11.1-10.el9_0.6,ruby:2.5-8020020241211125628.4cda2c84,ruby:2.5-8080020241211080135.63b34585,ruby-0:3.0.7-163.el9_5,ruby:3.1-9020020241211060845.9,ruby:2.5-8040020241211104816.522a0ee4,ruby:3.1-8080020241210144941.63b34585,ruby-0:3.0.4-160.1.el9_0,ruby:3.1-9040020241205144759.9,
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Storage 3,
Full Details
CVE document
CVE-2024-38821
Severity: moderate
Released on: 28/10/2024
Advisory:
Bugzilla: 2322098
Bugzilla Description:
Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-639
Affected Packages:
Package States: Red Hat build of Apache Camel - HawtIO,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2024-50067
Severity: moderate
Released on: 28/10/2024
Advisory:
Bugzilla: 2322072
Bugzilla Description:
kernel: uprobe: avoid out-of-bounds memory access of fetching args
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50602
Severity: moderate
Released on: 27/10/2024
Advisory: RHSA-2024:11200, RHSA-2024:9502, RHSA-2024:9541,
Bugzilla: 2321987
Bugzilla Description:
libexpat: expat: DoS via XML_ResumeParser
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-754
Affected Packages: expat-0:2.5.0-3.el9_5.1,expat-0:2.5.0-2.el9_4.2,expat-0:2.2.5-16.el8_10,
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2024-50610
Severity: low
Released on: 27/10/2024
Advisory:
Bugzilla: 2322047
Bugzilla Description:
gsl: integer overflow in gsl/siman/siman.c
CVSS Score:
CVSSv3 Score: 3.6
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50614
Severity: moderate
Released on: 27/10/2024
Advisory:
Bugzilla: 2322054
Bugzilla Description:
tinyxml2: reachable assertion in GetCharacterRef()
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2024-50613
Severity: moderate
Released on: 27/10/2024
Advisory:
Bugzilla: 2322056
Bugzilla Description:
libsndfile: Reachable assertion in mpeg_l3_encoder_close
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-50612
Severity: moderate
Released on: 27/10/2024
Advisory: RHSA-2024:11237, RHSA-2024:11192, RHSA-2024:11172,
Bugzilla: 2322057
Bugzilla Description:
libsndfile: Segmentation fault error in ogg_vorbis.c:417 vorbis_analysis_wrote()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages: libsndfile-0:1.0.31-8.el9_5.2,libsndfile-0:1.0.28-16.el8_10,libsndfile-0:1.0.31-8.el9_4.1,
Package States: Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2020-26311
Severity: important
Released on: 26/10/2024
Advisory:
Bugzilla: 2321964
Bugzilla Description:
Useragent: GHSL-2020-312: Regular Expression Denial of Service (ReDoS) in useragent
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Red Hat Quay 3,
Full Details
CVE document
CVE-2020-26303
Severity: important
Released on: 26/10/2024
Advisory:
Bugzilla: 2321967
Bugzilla Description:
insane: GHSL-2020-289: Regular Expression Denial of Service (ReDoS) in insane
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,
Full Details
CVE document
CVE-2024-0126
Severity: important
Released on: 26/10/2024
Advisory:
Bugzilla: 2321908
Bugzilla Description:
nvidia-display-driver: privilege escalation vulnerability
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-20
Affected Packages:
Package States: Red Hat Enterprise Linux AI (RHEL AI),Red Hat Enterprise Linux AI (RHEL AI),
Full Details
CVE document
CVE-2024-49767
Severity: moderate
Released on: 25/10/2024
Advisory:
Bugzilla: 2321829
Bugzilla Description:
werkzeug: python-werkzeug: Werkzeug possible resource exhaustion when parsing file data in forms
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: (CWE-400|CWE-770)
Affected Packages:
Package States: Red Hat Quay 3,
Full Details
CVE document
CVE-2024-49766
Severity: moderate
Released on: 25/10/2024
Advisory:
Bugzilla: 2321828
Bugzilla Description:
werkzeug: python-werkzeug: Werkzeug safe_join not safe on Windows
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat Enterprise Linux 8,Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat Quay 3,Red Hat Storage 3,
Full Details
CVE document
CVE-2024-9264
Severity: critical
Released on: 24/10/2024
Advisory:
Bugzilla: 2316409
Bugzilla Description:
grafana: Command injection and local file inclusion via SQL Expressions
CVSS Score:
CVSSv3 Score: 9.9
Vector:
CWE: CWE-77
Affected Packages:
Package States: Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Storage 3,
Full Details
CVE document
CVE-2024-48426
Severity: moderate
Released on: 24/10/2024
Advisory:
Bugzilla: 2321614
Bugzilla Description:
assimp: SEGV in SortByPTypeProcess::Execute
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-48424
Severity: moderate
Released on: 24/10/2024
Advisory:
Bugzilla: 2321628
Bugzilla Description:
assimp: heap-buffer-overflow in OpenDDLParser::parseStructure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-48425
Severity: moderate
Released on: 24/10/2024
Advisory:
Bugzilla: 2321631
Bugzilla Description:
assimp: SEGV in Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-48423
Severity: moderate
Released on: 24/10/2024
Advisory:
Bugzilla: 2321643
Bugzilla Description:
assimp: arbitrary code execution via CallbackToLogRedirector function
CVSS Score:
CVSSv3 Score: 6.6
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-10295
Severity: important
Released on: 23/10/2024
Advisory:
Bugzilla: 2321258
Bugzilla Description:
Gateway: APICast Basic Auth Bypass via Malformed Base64 HeadersSending non-base64 'basic' auth with special characters causes APICast to incorrectly authenticate a request
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-863
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,
Full Details
CVE document
CVE-2024-50066
Severity: moderate
Released on: 23/10/2024
Advisory:
Bugzilla: 2321460
Bugzilla Description:
kernel: mm/mremap: fix move_normal_pmd/retract_page_tables race
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-9287
Severity: moderate
Released on: 22/10/2024
Advisory: RHSA-2024:10980, RHSA-2024:11024, RHSA-2024:11035, RHSA-2024:10983, RHSA-2024:10779, RHSA-2024:10978, RHSA-2024:10979, RHSA-2024:11111,
Bugzilla: 2321440
Bugzilla Description:
python: Virtual environment (venv) activation scripts don't quote paths
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-428
Affected Packages: python3.11-0:3.11.11-1.el8_10,python3.9-0:3.9.21-1.el9_5,python3.12-0:3.12.1-4.el9_4.5,python3.12-0:3.12.5-2.el9_5.2,python3-0:3.6.8-69.el8_10,python3.11-0:3.11.9-7.el9_5.2,python3.12-0:3.12.8-1.el8_10,python3.9-0:3.9.18-3.el9_4.7,
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2024-9050
Severity: important
Released on: 22/10/2024
Advisory: RHSA-2024:8356, RHSA-2024:8312, RHSA-2024:9556, RHSA-2024:8357, RHSA-2024:9555, RHSA-2024:8358, RHSA-2024:8352, RHSA-2024:8353, RHSA-2024:8354, RHSA-2024:8355, RHSA-2024:8338,
Bugzilla: 2313828
Bugzilla Description:
NetworkManager-libreswan: Local privilege escalation via leftupdown
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-94
Affected Packages: NetworkManager-libreswan-0:1.2.10-6.el8_4,NetworkManager-libreswan-0:1.2.14-3.el9_0,NetworkManager-libreswan-0:1.2.10-6.el8_6,NetworkManager-libreswan-0:1.2.14-6.el9_2,NetworkManager-libreswan-0:1.2.4-4.el7_9,NetworkManager-libreswan-0:1.2.10-6.el8_2,NetworkManager-libreswan-0:1.2.4-4.el7_7,NetworkManager-libreswan-0:1.2.18-6.el9_4,NetworkManager-libreswan-0:1.2.10-6.el8_8,NetworkManager-libreswan-0:1.2.10-7.el8_10,NetworkManager-libreswan-0:1.2.22-4.el9_5,
Package States:
Full Details
CVE document
CVE-2024-10234
Severity: moderate
Released on: 22/10/2024
Advisory:
Bugzilla: 2320848
Bugzilla Description:
wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat Fuse 7,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2023-52919
Severity: moderate
Released on: 22/10/2024
Advisory:
Bugzilla: 2320875
Bugzilla Description:
kernel: nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2023-52918
Severity: moderate
Released on: 22/10/2024
Advisory:
Bugzilla: 2320876
Bugzilla Description:
kernel: media: pci: cx23885: check cx23885_vdev_init() return
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2024-44331
Severity: important
Released on: 22/10/2024
Advisory:
Bugzilla: 2321467
Bugzilla Description:
gstreamer1-rtsp-server: DoS via rtsp-media.c
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 9,
Full Details
CVE document