Linux Kernel Security Update Advisory

May 24 2024

Overview

An update has been released to address vulnerabilities in the Linux Kernel. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-26952

Linux Kernel Versions : ~ 6.7.12 (excluded)
Linux Kernel Versions : 6.8 (excluded) to 6.8.3 (excluded)

CVE-2024-26929

Linux Kernel Versions : ~ 5.15.154 (Excluded)
Linux Kernel Versions : 5.16 (inclusive) to 6.1.84 (excluded)
Linux Kernel Versions : 6.2 (inclusive) to 6.6.24 (excluded)
Linux Kernel Versions : 6.7 (inclusive) to 6.7.12 (excluded)
Linux Kernel Versions : 6.8 (excluded) to 6.8.3 (excluded)
Linux Kernel Version : 6.9-rc1

CVE-2022-48686

Linux Kernel Versions : 5.0 (inclusive) to 5.4.213 (excluded)
Linux Kernel Versions : 5.5 (inclusive) to 5.10.143 (excluded)
Linux Kernel Versions : 5.11 (inclusive) to 5.15.68 (excluded)
Linux Kernel Versions : 5.16 (inclusive) to 5.19.9 (excluded)

CVE-2023-52772

Linux Kernel Versions : 5.15 (inclusive) to 5.15.140 (excluded)
Linux Kernel Versions : 5.16 (inclusive) to 6.1.64 (excluded)
Linux Kernel Versions : 6.2 (inclusive) to 6.5.13 (excluded)
Linux Kernel Versions : 6.6 (inclusive) to 6.6.3 (excluded)

CVE-2022-48672

Linux Kernel Versions : 4.7 (inclusive) to 4.14.295 (excluded)
Linux Kernel Versions : 4.15 (inclusive) to 4.19.260 (excluded)
Linux Kernel Versions : 4.20 (inclusive) to 5.4.215 (excluded)
Linux Kernel Versions : 5.5 (inclusive) to 5.10.145 (excluded)
Linux Kernel Versions : 5.11 (inclusive) to 5.15.70 (excluded)
Linux Kernel Versions : 5.16 (inclusive) to 5.19.11 (excluded)

CVE-2024-26933

Linux Kernel Versions : ~ 6.1.84 (excluded)
Linux Kernel Versions : 6.2.0 (inclusive) to 6.6.24 (excluded)
Linux Kernel Versions : 6.7.0 (inclusive) to 6.7.12 (excluded)
Linux Kernel Versions : 6.8.0 (inclusive) to 6.8.3 (excluded)
Linux Kernel Version : 6.9-rc1

CVE-2022-48694

Linux Kernel Versions : 5.19 (inclusive) to 5.19.9 (excluded)

CVE-2024-26930

Linux Kernel Versions: ~ 6.6.24 (excluded)
Linux Kernel Versions : 6.7 (excluded) to 6.7.12 (excluded)
Linux Kernel Versions : 6.8 (excluded) to 6.8.3 (excluded)
Linux Kernel Version : 6.9-rc1

CVE-2022-48674

Linux Kernel Versions : 5.0 (inclusive) to 5.15.68 (excluded)
Linux Kernel Versions : 5.16 (inclusive) to 5.19.9 (excluded)

CVE-2024-27020

Linux Kernel Versions : 3.13 (inclusive) to 4.19.313 (excluded)
Linux Kernel Versions : 4.20 (inclusive) to 5.4.275 (excluded)
Linux Kernel Versions : 5.5 (inclusive) to 5.10.206 (excluded)
Linux Kernel Versions : 5.11 (inclusive) to 5.15.157 (excluded)
Linux Kernel Versions : 5.16 (inclusive) to 6.1.88 (excluded)
Linux Kernel Versions : 6.2 (inclusive) to 6.6.29 (excluded)
Linux Kernel Versions : 6.7 (inclusive) to 6.8.8 (excluded)
Linux Kernel versions : 6.9-rc1, 6.9-rc2, 6.9-rc3, 6.9-rc4

CVE-2022-48670

Linux Kernel Versions : ~ 5.19 (excluded)

CVE-2024-26934

Linux Kernel Versions : 4.4 (inclusive) to 4.19.312 (excluded)
Linux Kernel Versions : 4.20 (inclusive) to 5.4.274 (excluded)
Linux Kernel Versions : 5.5 (inclusive) to 5.10.215 (excluded)
Linux Kernel Versions : 5.11 (inclusive) to 5.15.154 (excluded)
Linux Kernel Versions : 5.16 (inclusive) to 6.1.84 (excluded)
Linux Kernel Versions : 6.2 (inclusive) to 6.6.24 (excluded)
Linux Kernel Versions : 6.7 (inclusive) to 6.7.12 (excluded)
Linux Kernel Versions : 6.8 (inclusive) to 6.8.3 (excluded)
Linux Kernel Version : 6.9-rc1

CVE-2023-52827

Linux Kernel Versions : ~ 6.5.13 (excluded)
Linux Kernel Versions : 6.6 (inclusive) to 6.6.3 (excluded)

CVE-2023-52769

Linux Kernel Versions : 6.3 (inclusive) to 6.5.13 (excluded)
Linux Kernel Versions : 6.6 (inclusive) to 6.6.3 (excluded)

CVE-2024-27022

Linux Kernel Versions : 6.1 (inclusive) to 6.1.90 (excluded)
Linux Kernel Versions : 6.2 (inclusive) to 6.6.30 (excluded)
Linux Kernel Versions : 6.7 (inclusive) to 6.8.8 (excluded)
Linux Kernel versions : 6.9-rc1, 6.9-rc2, 6.9-rc3, 6.9-rc4

CVE-2024-26932

Linux Kernel Versions : 6.8 (excluded) to 6.8.3 (excluded)
Linux Kernel Version : 6.9-rc1

CVE-2022-48657

Linux Kernel Versions : 5.7 (inclusive) to 5.10.150 (excluded)
Linux Kernel Versions : 5.11 (inclusive) to 5.15.71 (excluded)
Linux Kernel Versions : 5.16 (inclusive) to 5.19.12 (excluded)

CVE-2024-27021

Linux Kernel Versions : 6.8 (inclusive) to 6.8.8 (excluded)
Linux Kernel Versions: 6.9-rc1, 6.9-rc2, 6.9-rc3

CVE-2022-48689

Linux Kernel Versions : 5.14 (inclusive) to 5.15.68 (excluded)
Linux Kernel Versions: 5.16 (inclusive) to 5.19.9 (excluded)

CVE-2023-52760

Linux Kernel Versions : ~ 6.6.3 (excluded)

CVE-2023-52752

Linux Kernel Versions : ~ 6.1.64 (excluded)
Linux Kernel Versions : 6.2 (inclusive) to 6.5.13 (excluded)
Linux Kernel Versions : 6.6 (inclusive) to 6.6.3 (excluded)

Resolved Vulnerabilities

CVE-2024-26952: Out-of-bounds memory access allowance vulnerability due to improper validation of a buffer offset field in the ksmbd module in the Linux kernel (7.8 High, CVSS V3.1 Date Added: 2024.05.23)

CVE-2024-26929: Server crash vulnerability in the SCSI qla2xxx driver in the Linux kernel due to freeing fcport twice after LOGO(7.8 High, CVSS V3.1 Date Added: 2024.05.23)

CVE-2022-48686: Use after free vulnerability in the nvme TCP driver in the Linux kernel when detecting a digest misuse (7.8 High, CVSS V3.1 Date Added: 2024.05.23)

CVE-2023-52772: use after free vulnerability in the unix_stream_read_actor function of the af_unix module in the Linux kernel (7.8 High, CVSS V3.1, Date Added: 2024.05.23)

CVE-2022-48672: Buffer Overflow Vulnerability in the Linux Kernel’s Device Tree Handling unplatten_dt_nodes() Function (7.8 High, CVSS V3.1 Date Added: 2024.05.23)

CVE-2024-26933: Improper locking in the USB core of the Linux kernel causes a deadlock in the port “Disable” sysfs attribute, resulting in system unresponsiveness (7.8 High, CVSS V3.1 Date Added: 2024.05.23)

CVE-2022-48694: Vulnerability in the RDMA/irdma module in the Linux kernel due to an incorrect completion target specification that causes drain SQ operations to abort, resulting in system unresponsiveness (7.8 High, CVSS V3.1 Date Added: 2024.05.23)

CVE-2024-26930: Vulnerability in the qla2xxx driver in the Linux kernel that causes a double free of the ha -> vp_map pointer, resulting in system instability or crash (7.8 High, CVSS V3.1 Date Added: 2024.05.23)

CVE-2022-48674: Use after free vulnerability in the erofs file system in the Linux kernel (7.8 High, CVSS V3.1, Date Added: 2024.05.23)

CVE-2024-27020: Race condition vulnerability due to concurrent access to the nf_tables_expressions list in the Linux kernel netfilter nf_tables (7.0 High, CVSS V3.1 Date Added: 2024.05.23)

CVE-2024-27018: Vulnerability in the br_netfilter module in the Linux kernel netfilter module, when the bridge device is in promiscuous mode, packets are forwarded to the input hook of br_netfilter to check for invalid connection traces, resulting in a warning message (7.8 High, CVSS V3.1 Date Added: 2024.05.23)

CVE-2022-48670: Use-after-free vulnerability in the cpu module of the Linux kernel peci where auxiliary_device_add() returns an error, auxiliary_device_uninit() is called, resulting in the device’s refcount being decremented and a .release callback being triggered (7.8 High, CVSS V3.1 Date Added: 2024.05.23)

CVE-2024-26934: Deadlock vulnerability in the Linux kernel USB core module due to the interface_authorized_store() function obtaining a device lock on the parent of a USB device and calling usb_deauthorize_interface() (7.8 High, CVSS V3.1 Date Added: 2024.05.23)

CVE-2023-52827: Out-of-bounds read vulnerability in the ath12k_htt_pull_ppdu_stats() function in the Linux kernel ath12k driver (7.1 High, CVSS V3.1 Date Added: 2024.05.23 )

CVE-2023-52769: Potential use-after-free vulnerability in the htt mlo-offset event handling code in the Linux kernel ath12k driver because it is not protected using RCU (7.8 High, CVSS V3.1 Date Added: 2024.05.23 )

CVE-2024-27022: Race condition vulnerability in the Linux kernel during fork operations (7.8 High, CVSS V3.1, Date Added: 2024.05.23 )

CVE-2024-26932: Double-free vulnerability in tcpm_port_unregister_pd( ) in the Linux kernel (7.8 High, CVSS V3.1 Date Added: 2024.05.23 )

CVE-2022-48657: Integer overflow vulnerability in the Linux kernel arm64 architecture when handling the maximum frequency returned from cpufreq_get_hw_max_freq() (7.8 High, CVSS V3.1 Date Added: 2024.05.16 )

CVE-2024-27021: LED-related deadlock vulnerability in the Linux kernel r8169 network driver when removing a module (7.8 High, CVSS V3.1 Date Added: 2024.05.23 )

CVE-2022-48689: Data race vulnerability due to incorrect use of pfmemalloc page state in the zerocopy path in Linux kernel TCP (7.0 High, CVSS V3.1 Date Added: 2024.05.23 )

CVE-2023-52760: Slap use after free vulnerability in the GFS2 file system in the Linux kernel due to struct gfs2_sbd being freed before the gfs2_qd_dealloc RCU callback of all gfs2_quota_data objects is executed when the gfs2_put_super() function is called (7.8 High, CVSS V3.1 Date Added: 2024.05.23)

CVE-2023-52752: use after free vulnerability in the SMB client of the Linux kernel due to skipping the session (if it is a session being torn down) in the cifs_debug_data_proc_show() function (7.8 High, CVSS V3.1 Date Added: 2024.05.23)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability patches version.

CVE-2024-26952

Linux Kernel Version: 6.7.12
Linux Kernel Version : 6.8.3
Linux Kernel Version: 6.9-rc1

CVE-2024-26929

Linux Kernel Version : 5.15.154
Linux Kernel Version : 6.1.84
Linux Kernel Version : 6.6.24
Linux Kernel Version : 6.7.12
Linux Kernel Version : 6.8.3
Linux Kernel Version : 6.9-rc2

CVE-2022-48686

Linux Kernel Version : 5.4.213
Linux Kernel Version : 5.10.143
Linux Kernel Version : 5.15.68
Linux Kernel Version : 5.19.9
Linux Kernel Version : 6.0

CVE-2023-52772

Linux Kernel Version : 5.15.140
Linux Kernel Version : 6.1.64
Linux Kernel Version : 6.5.13
Linux Kernel Version : 6.6.3
Linux Kernel Version : 6.7

CVE-2022-48672

Linux Kernel Version : 4.14.295
Linux Kernel Version : 4.19.260
Linux Kernel Version : 5.4.215
Linux Kernel Version : 5.10.145
Linux Kernel Version : 5.15.70
Linux Kernel Version : 5.19.11
Linux Kernel Version : 6.0

CVE-2024-26933

Linux Kernel Version : 6.1.84
Linux Kernel Version : 6.6.24
Linux Kernel Version : 6.7.12
Linux Kernel Version : 6.8.3
Linux Kernel Version : 6.9-rc2

CVE-2022-48694

Linux Kernel Version : 5.19.9
Linux Kernel Version : 6.0

CVE-2024-26930

Linux Kernel Version : 6.6.24
Linux Kernel Version : 6.7.12
Linux Kernel Version : 6.8.3
Linux Kernel Version : 6.9-rc2

CVE-2022-48674

Linux Kernel Version : 5.15.68
Linux Kernel Version : 5.19.9
Linux Kernel Version : 6.0

Cve-2024-27020, cve-2024-27018

Linux Kernel Version : 5.15.157
Linux Kernel Version : 6.1.88
Linux Kernel Version : 6.6.29
Linux Kernel Version : 6.8.8
Linux Kernel Version : 6.9-rc5

CVE-2022-48670

Linux Kernel Version : 5.19
Linux Kernel Version : 6.0

CVE-2024-26934

Linux Kernel Version : 4.19.312
Linux Kernel Version : 5.4.274
Linux Kernel Version : 5.10.215
Linux Kernel Version : 5.15.154
Linux Kernel Version : 6.1.84
Linux Kernel Version : 6.6.24
Linux Kernel Version : 6.7.12
Linux Kernel Version : 6.8.3
Linux Kernel Version : 6.9-rc2

Cve-2023-52827, cve-2023-52769

Linux Kernel Version : 6.5.13
Linux Kernel Version : 6.6.3
Linux Kernel Version : 6.7

CVE-2024-27022

Linux Kernel Version : 6.8.8
Linux Kernel Version : 6.9-rc5

CVE-2024-26932

Linux Kernel Version : 6.8.3
Linux Kernel Version : 6.9-rc2

CVE-2022-48657

Linux Kernel Version : 5.10.150
Linux Kernel Version : 5.15.71
Linux Kernel Version : 5.19.12
Linux Kernel Version : 6.0

CVE-2024-27021

Linux Kernel Version : 6.8.8
Linux Kernel Version : 6.9-rc4

CVE-2022-48689

Linux Kernel Version : 5.15.68
Linux Kernel Version : 5.19.9
inux Kernel Version : 6.0

CVE-2023-52760

Linux Kernel Version : 6.6.3
Linux Kernel Version : 6.7

CVE-2023-52752

Linux Kernel Version : 6.1.64
Linux Kernel Version : 6.5.13
Linux Kernel Version : 6.6.3
Linux Kernel Version : 6.7

Referenced Sites

[1] CVE-2024-26952 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26952#range-10475203

[2] CVE-2024-26952: ksmbd: fix potential out-of-bounds when buffer offset is invalid

https://lore.kernel.org/linux-cve-announce/2024050127-CVE-2024-26952-7f65@gregkh/

[3] CVE-2024-26929 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26929#VulnChangeHistorySection

[4] CVE-2024-26929: scsi: qla2xxx: Fix double free of fcport

https://lore.kernel.org/linux-cve-announce/2024050122-CVE-2024-26929-07f0@gregkh/

[5] CVE-2022-48686 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48686

[6] CVE-2022-48686: nvme-tcp: fix UAF when detecting digest errors

https://lore.kernel.org/linux-cve-announce/2024050342-CVE-2022-48686-5e8e@gregkh/

[7] CVE-2023-52772 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52772

[8] CVE-2023-52772: af_unix: fix use-after-free in unix_stream_read_actor()

https://lore.kernel.org/linux-cve-announce/2024052150-CVE-2023-52772-4875@gregkh/

[9] CVE-2022-48672 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48672

[10] CVE-2022-48672: of: fdt: fix off-by-one error in unflatten_dt_nodes()

https://lore.kernel.org/linux-cve-announce/2024050318-CVE-2022-48672-b6d9@gregkh/

[11] CVE-2024-26933 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26933

[12] CVE-2024-26933: USB: core: Fix deadlock in port “disable” sysfs attribute

https://lore.kernel.org/linux-cve-announce/2024050123-CVE-2024-26933-c18d@gregkh/

[13] CVE-2022-48694 Detail

https://nvd.nist.gov/vuln/detail/cve-2022-48694

[14] CVE-2022-48694: RDMA/irdma: Fix drain SQ hang with no completion

https://lore.kernel.org/linux-cve-announce/2024050347-CVE-2022-48694-f0e8@gregkh/

[15] CVE-2024-26930 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26930

[16] CVE-2024-26930: scsi: qla2xxx: Fix double free of the ha->vp_map pointer

https://lore.kernel.org/linux-cve-announce/2024050122-CVE-2024-26930-4f3e@gregkh/

[17] CVE-2022-48674 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48674

[18] CVE-2022-48674: erofs: fix pcluster use-after-free on UP platforms

https://lore.kernel.org/linux-cve-announce/2024050318-CVE-2022-48674-b876@gregkh/

[19] CVE-2024-27020 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-27020

[20] CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()

https://lore.kernel.org/linux-cve-announce/2024050150-CVE-2024-27020-5158@gregkh/

[21] CVE-2024-27018 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-27018

[22] CVE-2024-27018: netfilter: br_netfilter: skip conttrack input hook for promisc packets

https://lore.kernel.org/linux-cve-announce/2024050150-CVE-2024-27018-d8a7@gregkh/

[23] CVE-2022-48670 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48670

[24] CVE-2022-48670: peci: cpu: Fix use-after-free in adev_release()

https://lore.kernel.org/linux-cve-announce/2024050314-CVE-2022-48670-f9f1@gregkh/

[25] CVE-2024-26934 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26934

[26] CVE-2024-26934: USB: core: Fix deadlock in usb_deauthorize_interface()

https://lore.kernel.org/linux-cve-announce/2024050123-CVE-2024-26934-e2fc@gregkh/

[27] CVE-2023-52827 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52827

[28] CVE-2023-52827: wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()

https://lore.ker nel.org/linux-cve-announce/2024052107-CVE-2023-52827-c62f@gregkh/

[29] CVE-2023-52769 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52769

[30] CVE-2023-52769: wifi: ath12k: fix htt mlo-offset event locking

https://lore.kernel.org/linux-cve-announce/2024052150-CVE-2023-52769-8bac@gregkh/

[31] CVE-2024-27022 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-27022

[32] CVE-2024-27022: fork: defer linking file vma until vma is fully initialized

https://lore.kernel.org/linux-cve-announce/2024050143-CVE-2024-27022-4325@gregkh/

[33] CVE-2024-26932 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26932#VulnChangeHistorySection

[34] CVE-2024-26932: usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd()

https://lore.kernel.org/linux-cve-announce/2024050123-CVE-2024-26932-587d@gregkh/

[35] CVE-2022-48657 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48657

[36] CVE-2022-48657: arm64: topology: fix possible overflow in amu_fie_setup()

https://lore.kernel.org/linux-cve-announce/2024042859-CVE-2022-48657-d23e@gregkh/

[37] CVE-2024-27021 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-27021

[38] CVE-2024-27021: r8169: fix LED-related deadlock on module removal

https://lore.kernel.org/linux-cve-announce/2024050151-CVE-2024-27021-6a83@gregkh/

[39] CVE-2022-48689 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48689

[40] CVE-2022-48689: tcp: TX zerocopy should not sense pfmemalloc status

https://lore.kernel.org/linux-cve-announce/2024050345-CVE-2022-48689-5ee7@gregkh/

[41] CVE-2023-52760 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52760

[42] CVE-2023-52760: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc

https://lore.kernel.org/linux-cve-announce/2024052147-CVE-2023-52760-5ac4@gregkh/

[43] CVE-2023-52752 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52752

[44] CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show()

https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2023-52752-2342@gregkh/

Linux Kernel Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Google Chrome Browser (125.0.6422.76/.77) Security Update Advisory

GitLab Product Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Google Chrome Browser (125.0.6422.76/.77) Security Update Advisory

GitLab Product Security Update Advisory