{"id":"CLSA-2024-1720468480","summary":"kernel: Fix of 89 CVEs","details":"- kvm: initialize all of the kvm_debugregs structure before sending it to userspace {CVE-2023-1513}\n- wifi: mac80211: fix MBSSID parsing use-after-free {CVE-2022-42719}\n- mac80211: always allocate struct ieee802_11_elems {CVE-2022-42719}\n- netfilter: nf_tables: initialize registers in nft_do_chain() {CVE-2022-1016}\n- xprtrdma: fix incorrect header size calculations {CVE-2022-0812}\n- net: usb: fix memory leak in smsc75xx_bind {CVE-2021-47171}\n- i2c: i801: Don't generate an interrupt on bus reset {CVE-2021-47153}\n- pid: take a reference when initializing `cad_pid` {CVE-2021-47118}\n- Input: appletouch - initialize work before device registration {CVE-2021-46932}\n- HID: usbhid: fix info leak in hid_submit_ctrl {CVE-2021-46906}\n- quota: check block number when reading the block in quota file {CVE-2021-45868}\n- mwifiex: Fix skb_over_panic in mwifiex_usb_recv() {CVE-2021-43976}\n- atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait {CVE-2021-43975}\n- isdn: cpai: check ctr-\u003ecnr to avoid array index out of bound {CVE-2021-43389}\n- usb: hso: fix error handling code of hso_create_net_device {CVE-2021-37159}\n- can: bcm: fix infoleak in struct bcm_msg_head {CVE-2021-34693}\n- dm ioctl: fix out of bounds array access when no devices {CVE-2021-31916}\n- KVM: x86: hyper-v: Fix Hyper-V context null-ptr-deref {CVE-2021-30178}\n- perf/x86/intel: Fix a crash caused by zero PEBS status {CVE-2021-28971}\n- btrfs: fix race when cloning extent buffer during rewind of an old root {CVE-2021-28964}\n- ovl: fix missing negative dentry check in ovl_rename() {CVE-2021-20321}\n- drm/ttm/nouveau: don't call tt destroy callback on alloc failure. {CVE-2021-20292}\n- bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() {CVE-2021-4159}\n- btrfs: unlock newly allocated extent buffer after error {CVE-2021-4149}\n- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. {CVE-2021-3679}\n- net: mac802154: Fix general protection fault {CVE-2021-3659}\n- nfsd4: readdirplus shouldn't return parent of export {CVE-2021-3178}\n- Bluetooth: SMP: Fail if remote and local public keys are identical {CVE-2021-0129}\n- drm/nouveau: clean up all clients on device removal {CVE-2020-27820}\n- drm/nouveau: Add a dedicated mutex for the clients list {CVE-2020-27820}\n- drm/nouveau: use drm_dev_unplug() during device removal {CVE-2020-27820}\n- Bluetooth: SMP: Fail if remote and local public keys are identical {CVE-2020-26555}\n- vsock: Fix memory leak in vsock_connect() {CVE-2022-3629}\n- RDMA/core: Don't infoleak GRH fields {CVE-2021-3923}\n- xen/netfront: force data bouncing when backend is untrusted {CVE-2022-33741}\n- net: Rename and export copy_skb_header\n- floppy: use a statically allocated error counter {CVE-2022-1652}\n- fuse: fix pipe buffer lifetime for direct_io {CVE-2022-1011}\n- aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts {CVE-2024-26898}\n- smb: client: fix use-after-free bug in cifs_debug_data_proc_show() {CVE-2023-52752}\n- media: pvrusb2: fix use after free on context disconnection {CVE-2023-52445}\n- media: dm1105: Fix use after free bug in dm1105_remove due to race condition {CVE-2023-35824}\n- perf: Fix perf_event_validate_size() lockdep splat {CVE-2023-6931}\n- perf: Fix perf_event_validate_size() {CVE-2023-6931}\n- net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623}\n- relayfs: fix out-of-bounds access in relay_file_read {CVE-2023-3268}\n- xfs: verify buffer contents when we skip log replay {CVE-2023-2124}\n- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition {CVE-2023-1989}\n- Fix double fget() in vhost_net_set_backend() {CVE-2023-1838}\n- net/sched: cls_tcindex: downgrade to imperfect hash {CVE-2023-1829}\n- xen/netfront: fix leaking data in shared pages {CVE-2022-33740}\n- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path {CVE-2022-28390}\n- xen/blkfront: fix leaking data in shared pages {CVE-2022-26365}\n- mISDN: fix use-after-free bugs in l1oip timer handlers {CVE-2022-3565}\n- drm/vgem: Close use-after-free race in vgem_gem_create {CVE-2022-1419}\n- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type {CVE-2021-47194}\n- net: fix use-after-free in tw_timer_handler {CVE-2021-46936}\n- ext4: fix race writing to an inline_data file while its xattrs are changing {CVE-2021-40490}\n- virtio_console: Assure used length from device is limited {CVE-2021-38160}\n- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() {CVE-2021-4157}\n- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() {CVE-2021-3640}\n- Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl {CVE-2021-3612}\n- Input: joydev - prevent potential read overflow in ioctl {CVE-2021-3612}\n- can: bcm: delay release of struct bcm_op after synchronize_rcu() {CVE-2021-3609}\n- vt: keyboard: avoid signed integer overflow in k_ascii {CVE-2020-13974}\n- i2c: Fix a potential use after free {CVE-2019-25162}\n- drivers: net: slip: fix NPD bug in sl_tx_timeout() {CVE-2022-41858}\n- Bluetooth: L2CAP: Fix u8 overflow {CVE-2022-45934}\n- btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() {CVE-2023-3111}\n- memstick: r592: Fix UAF bug in r592_remove due to race condition {CVE-2023-3141}\n- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() {CVE-2023-1118}\n- vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF {CVE-2023-3567}\n- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb {CVE-2023-40283}\n- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() {CVE-2023-1380}\n- tcp: Fix data races around icsk-\u003eicsk_af_ops. {CVE-2022-3566}\n- staging: rtl8712: fix use after free bugs {CVE-2022-4095}\n- ext4: fix kernel infoleak via ext4_extent_header {CVE-2022-0850}\n- af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register {CVE-2022-1353}\n- misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os {CVE-2022-3424}\n- x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit {CVE-2022-25265}\n- x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK {CVE-2022-25265}\n- x86/elf: Add table to document READ_IMPLIES_EXEC {CVE-2022-25265}\n- ipv6: use prandom_u32() for ID generation {CVE-2021-45485}\n- bpf: Fix integer overflow in prealloc_elems_and_freelist() {CVE-2021-41864}\n- ipv4: make exception cache less predictible {CVE-2021-20322}\n- ipv4: use siphash instead of Jenkins in fnhe_hashfun() {CVE-2021-20322}\n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() {CVE-2023-4387}\n- netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one {CVE-2023-39197}\n- ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet {CVE-2023-6932}\n- smb: client: fix potential OOB in smb2_dump_detail() {CVE-2023-6610}\n- smb: client: fix OOB in smbCalcSize() {CVE-2023-6606}\n- atm: Fix Use-After-Free in do_vcc_ioctl {CVE-2023-51780}\n- drm/amdgpu: Fix potential fence use-after-free v2 {CVE-2023-51042}\n- sched/rt: pick_next_rt_entity(): check list_entry {CVE-2023-1077}\n- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb {CVE-2022-1679}\n- net: prevent mss overflow in skb_segment() {CVE-2023-52435}\n- drm/atomic: Fix potential use-after-free in nonblocking commits {CVE-2023-42753}\n- debug: Lock down kgdb {CVE-2022-21499}","modified":"2026-05-27T11:36:17.516906046Z","published":"2024-07-08T20:27:53Z","upstream":["CVE-2019-25162","CVE-2020-13974","CVE-2020-26555","CVE-2020-27820","CVE-2021-0129","CVE-2021-20292","CVE-2021-20321","CVE-2021-20322","CVE-2021-28964","CVE-2021-28971","CVE-2021-30178","CVE-2021-3178","CVE-2021-31916","CVE-2021-34693","CVE-2021-3609","CVE-2021-3612","CVE-2021-3640","CVE-2021-3659","CVE-2021-3679","CVE-2021-37159","CVE-2021-38160","CVE-2021-3923","CVE-2021-40490","CVE-2021-4149","CVE-2021-4157","CVE-2021-4159","CVE-2021-41864","CVE-2021-43389","CVE-2021-43975","CVE-2021-43976","CVE-2021-45485","CVE-2021-45868","CVE-2021-46906","CVE-2021-46932","CVE-2021-46936","CVE-2021-47118","CVE-2021-47153","CVE-2021-47171","CVE-2021-47194","CVE-2022-0812","CVE-2022-0850","CVE-2022-1011","CVE-2022-1016","CVE-2022-1353","CVE-2022-1419","CVE-2022-1652","CVE-2022-1679","CVE-2022-21499","CVE-2022-25265","CVE-2022-26365","CVE-2022-28390","CVE-2022-33740","CVE-2022-33741","CVE-2022-3424","CVE-2022-3565","CVE-2022-3566","CVE-2022-3629","CVE-2022-4095","CVE-2022-41858","CVE-2022-42719","CVE-2022-45934","CVE-2023-1077","CVE-2023-1118","CVE-2023-1380","CVE-2023-1513","CVE-2023-1829","CVE-2023-1838","CVE-2023-1989","CVE-2023-2124","CVE-2023-3111","CVE-2023-3141","CVE-2023-3268","CVE-2023-3567","CVE-2023-35824","CVE-2023-39197","CVE-2023-40283","CVE-2023-42753","CVE-2023-4387","CVE-2023-4623","CVE-2023-51042","CVE-2023-51780","CVE-2023-52435","CVE-2023-52445","CVE-2023-52752","CVE-2023-6606","CVE-2023-6610","CVE-2023-6931","CVE-2023-6932","CVE-2024-26898"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/centos7-els/CLSA-2024-1720468480.html"}],"affected":[{"package":{"name":"bpftool","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/bpftool?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1720468480.json"}},{"package":{"name":"kernel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1720468480.json"}},{"package":{"name":"kernel-debug","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-debug?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1720468480.json"}},{"package":{"name":"kernel-debug-devel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-debug-devel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1720468480.json"}},{"package":{"name":"kernel-devel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-devel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1720468480.json"}},{"package":{"name":"kernel-headers","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-headers?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1720468480.json"}},{"package":{"name":"kernel-tools","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-tools?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1720468480.json"}},{"package":{"name":"kernel-tools-libs","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-tools-libs?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1720468480.json"}},{"package":{"name":"kernel-tools-libs-devel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-tools-libs-devel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1720468480.json"}},{"package":{"name":"perf","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/perf?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1720468480.json"}},{"package":{"name":"python-perf","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/python-perf?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1720468480.json"}}],"schema_version":"1.7.5"}