Threats Tagged 'cve-2024-41071'

Red Hat has issued a security advisory for its Linux kernel packages addressing two vulnerabilities: CVE-2024-2201, related to Intel CPU Native Branch History Injection (BHI), and CVE-2024-41071, involving out-of-bounds array indexing in the mac80211 WiFi subsystem. These vulnerabilities affect Red Hat Enterprise Linux Server Extended Life Cycle Support 7 across multiple architectures. The advisory rates the update as important and requires a system reboot after applying the update.

This advisory addresses multiple security vulnerabilities in the Red Hat kernel-rt packages, which provide the Real Time Linux Kernel for systems requiring high determinism. The fixed issues include a use-after-free vulnerability in TIPC message reassembly (CVE-2024-36886), a reference leak in sysfs_break_active_protection() (CVE-2024-26993), and an out-of-bounds array indexing issue in the mac80211 WiFi subsystem (CVE-2024-41071). These vulnerabilities could lead to remote code execution, resource leaks, or memory corruption. Red Hat has released updated kernel-rt packages for Red Hat Enterprise Linux 8.4 variants to address these issues. A system reboot is required after applying the update for the fixes to take effect.

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 9.2 Extended Update Support. The issues include a use-after-free vulnerability in the gpiolib cdev component (CVE-2024-36899), an out-of-bounds array indexing flaw in the mac80211 Wi-Fi subsystem (CVE-2024-41071), and improper handling in the ice driver (CVE-2024-42139). These vulnerabilities have been rated with an important security impact by Red Hat. A kernel update is available that fixes these issues, and a system reboot is required to apply the update. The advisory covers various architectures including x86_64, s390x, ppc64le, and aarch64 for Red Hat Enterprise Linux 9.2 variants.

This security advisory from Red Hat addresses multiple vulnerabilities in the kernel-rt packages, which provide the Real Time Linux Kernel for systems requiring high determinism. The update fixes a use-after-free vulnerability in the GPIO library (CVE-2024-36899), an out-of-bounds array indexing issue in the mac80211 WiFi component (CVE-2024-41071), and improper handling in the ice network driver (CVE-2024-42139). These vulnerabilities are rated as important by Red Hat and affect Red Hat Enterprise Linux 9.2 Extended Update Support. A reboot is required after applying the update for the fixes to take effect.

A security vulnerability (CVE-2024-41071) affecting the Linux kernel in Red Hat Enterprise Linux 6 Extended Lifecycle Support has been identified. The issue involves out-of-bounds array indexing in the mac80211 WiFi component of the kernel, which could lead to memory corruption. Red Hat has released an important security update addressing this flaw. The update requires a system reboot to take effect. No known exploits are reported in the wild at this time.