Threats Tagged 'cve-2024-38564'

Red Hat has issued a security advisory for the kernel:4.18.0 package addressing four vulnerabilities including use-after-free and null pointer dereference issues in various kernel components. The update fixes CVE-2024-27043 (use-after-free in media dvbdev), CVE-2024-27399 (null pointer dereference in Bluetooth l2cap), CVE-2024-38564 (BPF attach type enforcement), and CVE-2024-46858 (use-after-free in mptcp timer deletion). These vulnerabilities affect Red Hat Enterprise Linux 8 and related products. The update is rated with moderate security impact and requires a system reboot to take effect.

This advisory addresses two security vulnerabilities in the Red Hat kernel-rt 4.18.0 Real Time Linux Kernel packages. The first is a use-after-free vulnerability in the media DVB device driver (CVE-2024-27043). The second adds enforcement for BPF program attach types in BPF_LINK_CREATE (CVE-2024-38564). The update is rated as having a low security impact. Systems must be rebooted after applying the update for the fixes to take effect.

A security update for the Red Hat kernel-rt package addresses a low severity vulnerability identified as CVE-2024-38564. The issue involves the BPF subsystem, specifically adding enforcement for the BPF_PROG_TYPE_CGROUP_SKB attach type in BPF_LINK_CREATE. This update is relevant for Red Hat Enterprise Linux 9.2 Extended Update Support and Extended Life Cycle versions. The update requires a system reboot to take effect.

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 9. The update fixes issues including null pointer dereferences, use-after-free bugs, kernel verifier crashes, integer overflows, information leaks, and memory access errors across various kernel subsystems such as Bluetooth, BPF, NFS, KVM, and others. The advisory rates the overall security impact as moderate. Systems must be rebooted after applying the update for changes to take effect.