Red Hat Security Advisory: kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 security update
This advisory addresses two denial of service vulnerabilities (CVE-2024-41090 and CVE-2024-41091) in the Red Hat Enterprise Linux kernel live patch modules for kernel version 4.18.0-305.120.1.el8_4. The vulnerabilities involve the virtio-net tap and tun drivers interacting with mlx5_core, which can cause short frame denial of service conditions. Red Hat has released updated kpatch modules to fix these issues. Systems must be rebooted after applying the update for the patch to take effect.
AI Analysis
Technical Summary
Red Hat issued a security advisory for kpatch live patch modules targeting kernel-4.18.0-305.120.1.el8_4 to address two denial of service vulnerabilities identified as CVE-2024-41090 and CVE-2024-41091. These vulnerabilities affect the virtio-net tap and tun drivers in conjunction with mlx5_core, potentially allowing short frame denial of service attacks. The advisory provides updated kpatch modules (kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1) as fixes. The update requires a system reboot to activate the patch. The vulnerabilities are rated with an important security impact by Red Hat, and no CVSS score is provided in the advisory.
Potential Impact
The vulnerabilities can cause denial of service conditions in the kernel's virtio-net tap and tun drivers when used with mlx5_core. This could disrupt network functionality on affected systems running the specified kernel version. No known exploits in the wild have been reported. The impact is limited to denial of service and does not indicate privilege escalation or code execution.
Mitigation Recommendations
Red Hat has released updated kpatch live patch modules to address these vulnerabilities. Users should apply the kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 updates for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. After applying the update, a system reboot is required for the patch to take effect. Refer to Red Hat's official update guide at https://access.redhat.com/articles/11258 for detailed instructions.
Red Hat Security Advisory: kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 security update
Description
This advisory addresses two denial of service vulnerabilities (CVE-2024-41090 and CVE-2024-41091) in the Red Hat Enterprise Linux kernel live patch modules for kernel version 4.18.0-305.120.1.el8_4. The vulnerabilities involve the virtio-net tap and tun drivers interacting with mlx5_core, which can cause short frame denial of service conditions. Red Hat has released updated kpatch modules to fix these issues. Systems must be rebooted after applying the update for the patch to take effect.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat issued a security advisory for kpatch live patch modules targeting kernel-4.18.0-305.120.1.el8_4 to address two denial of service vulnerabilities identified as CVE-2024-41090 and CVE-2024-41091. These vulnerabilities affect the virtio-net tap and tun drivers in conjunction with mlx5_core, potentially allowing short frame denial of service attacks. The advisory provides updated kpatch modules (kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1) as fixes. The update requires a system reboot to activate the patch. The vulnerabilities are rated with an important security impact by Red Hat, and no CVSS score is provided in the advisory.
Potential Impact
The vulnerabilities can cause denial of service conditions in the kernel's virtio-net tap and tun drivers when used with mlx5_core. This could disrupt network functionality on affected systems running the specified kernel version. No known exploits in the wild have been reported. The impact is limited to denial of service and does not indicate privilege escalation or code execution.
Mitigation Recommendations
Red Hat has released updated kpatch live patch modules to address these vulnerabilities. Users should apply the kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 updates for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. After applying the update, a system reboot is required for the patch to take effect. Refer to Red Hat's official update guide at https://access.redhat.com/articles/11258 for detailed instructions.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:6663
- Cve Count
- 2
- Additional Cves
- ["CVE-2024-41091"]
- Cvss Version
- null
Threat ID: 6a419cbd27e9c79719abfbbe
Added to database: 06/28/2026, 22:14:21 UTC
Last enriched: 06/28/2026, 22:37:49 UTC
Last updated: 07/02/2026, 10:51:10 UTC
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.