Security Advisory

Linux Kernel Security Update Advisory

  • Apr 18 2024

Overview

 

We have released security updates to fix vulnerabilities in our Linux Kernel products. users of affected products are advised to update to the latest version.

 

Affected Products

 

CVE-2023-52468

  • Linux Kernel Versions: 6.4 (inclusive) to 6.6.14 (excluded)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (excluded)

 

CVE-2023-52469

  • Linux Kernel Versions: 4.2.0 (inclusive) to 4.19.306 (excluded)
  • Linux Kernel Versions: 4.20.0 (inclusive) to 5.4.268 (excluded)
  • Linux Kernel Versions: 5.5.0 (inclusive) to 5.10.209 (excluded)
  • Linux Kernel versions: 5.11.0 (inclusive) to 5.15.148 (exclusive)
  • Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.75 (excluded)
  • Linux Kernel versions: 6.2.0 (inclusive) to 6.6.14 (exclusive)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (exclusive)

 

CVE-2023-52464

  • Linux Kernel Versions: 4.12.0 (inclusive) to 4.19.306 (excluded)
  • Linux Kernel Versions: 4.20.0 (inclusive) to 5.4.268 (excluded)
  • Linux Kernel Versions: 5.5.0 (inclusive) to 5.10.209 (excluded)
  • Linux Kernel versions: 5.11.0 (inclusive) to 5.15.148 (exclusive)
  • Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.75 (excluded)
  • Linux Kernel versions: 6.2.0 (inclusive) to 6.6.14 (exclusive)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (exclusive)

 

CVE-2024-26599

  • Linux Kernel Versions: 5.17 (inclusive) to 6.1.75 (excluded)
  • Linux Kernel Versions: 6.2.0 (inclusive) to 6.6.14 (excluded)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (excluded)

 

CVE-2023-52474

  • Linux Kernel Versions: 4.3.0 (inclusive) to 5.10.180 (excluded)
  • Linux Kernel Versions: 5.11.0 (inclusive) to 5.15.111 (excluded)
  • Linux Kernel versions: 5.16.0 (inclusive) to 6.1.28 (excluded)
  • Linux Kernel versions: 6.2.0 (inclusive) to 6.2.15 (exclusive)
  • Linux Kernel Versions: 6.3.0 (inclusive) to 6.3.2 (excluded)

 

CVE-2024-26597

  • Linux Kernel Versions: 4.17.0 (inclusive) to 4.19.306 (excluded)
  • Linux Kernel Versions: 4.20.0 (inclusive) to 5.4.268 (excluded)
  • Linux Kernel Versions: 5.5.0 (inclusive) to 5.10.209 (excluded)
  • Linux Kernel versions: 5.11.0 (inclusive) to 5.15.148 (exclusive)
  • Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.75 (excluded)
  • Linux Kernel versions: 6.2.0 (inclusive) to 6.6.14 (exclusive)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (exclusive)

 

CVE-2024-26598

  • Linux Kernel < 5.4.269 (excluded)
  • Linux Kernel Versions: 5.5.0 (inclusive) to 5.10.209 (excluded)
  • Linux Kernel version: 5.11.0 (inclusive) to 5.15.148 (excluded)
  • Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.75 (excluded)
  • Linux Kernel versions: 6.2.0 (inclusive) to 6.6.14 (exclusive)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (exclusive)

 

Resolved Vulnerabilities

 

CVE-2023-52468: Use-after-free vulnerability in class: class_register() in Linux Kernel (7.8 High, CVSS V3.1 Date Added: 2024.04.17)

CVE-2023-52464: Out-of-bounds string access fix vulnerability in EDAC/thunderx in the Linux Kernel (7.8 High, CVSS V3.1 Date Added: 2024.04.17)

CVE-2024-26599: Out-of-Bounds Access Fix Vulnerability in pwm: of_pwm_single_xlate() in Linux Kernel (7.8 High, CVSS V3.1 Date Added: 2024.04.17)

CVE-2023-52474: Vulnerability in IB/hfi1 in the Linux Kernel during user SDMA request handling, which allows malformed data transfer and memory overrun, resulting in data corruption on the system (7.8 High, CVSS V3.1 Date Added: 2024.04.17)

CVE-2024-26597: Out-of-global-scope read-allow vulnerability in the Qualcomm rmnet driver in the Linux Kernel (7.1 High, CVSS V3.1 Date Added: 2024.04.17)

CVE-2024-26598: Use-after-free vulnerability via cache hit racing in KVM arm64 in the Linux kernel(7.8 High, CVSS V3.1 Date Added: 2024.04.17)

CVE-2023-52469: Use-after-free vulnerability in the kv_parse_power_table function in drivers/amd/pm in the Linux Kernel when memory allocated by kzalloc is equal to NUll (7.8 High, CVSS V3.1 Date Added: 2024.04.17)

Vulnerability Patches

 

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2023-52468

  • Linux Kernel 6.6.14 version
  • Linux Kernel 6.7.2
  • Linux Kernel 6.8-rc1 version

 

CVE-2023-52464

  • Linux Kernel 4.19.306 version
  • Linux Kernel 5.4.268 version
  • Linux Kernel 5.10.209 version
  • Linux Kernel 5.15.148 version
  • Linux Kernel 6.1.75 version
  • Linux Kernel 6.6.14 version
  • Linux Kernel 6.7.2 version
  • Linux Kernel 6.8-rc1 Version

 

CVE-2024-26599

  • Linux Kernel 6.1.75 version
  • Linux Kernel 6.6.14 version
  • Linux Kernel 6.7.2 Versions
  • Linux Kernel 6.8-rc1 Version

 

CVE-2023-52474

  • Linux Kernel 5.10.180 version
  • Linux Kernel 5.15.111 version
  • Linux Kernel 6.1.28 version
  • Linux Kernel 6.2.15 version
  • Linux Kernel 6.3.2 version
  • Linux Kernel 6.4 Versions

 

CVE-2024-26597

  • Linux Kernel 4.19.306 version
  • Linux Kernel 5.4.268 version
  • Linux Kernel 5.10.209 version
  • Linux Kernel 5.15.148 version
  • Linux Kernel 6.1.75 version
  • Linux Kernel 6.6.14 version
  • Linux Kernel 6.7.2 version
  • Linux Kernel 6.8-rc1 Version

 

CVE-2024-26598

  • Linux Kernel 5.4.269 version
  • Linux Kernel 5.10.209 version
  • Linux Kernel 5.15.148 version
  • Linux Kernel 6.1.75 version
  • Linux Kernel 6.6.14 version
  • Linux Kernel 6.7.2 version
  • Linux Kernel 6.8-rc1 Version

 

CVE-2023-52469

  • Linux Kernel 4.19.306 version
  • Linux Kernel 5.4.268 version
  • Linux Kernel 5.4.268 version
  • Linux Kernel 5.15.148 version
  • Linux Kernel 6.1.75 version
  • Linux Kernel 6.6.14 version
  • Linux Kernel 6.7.2 Versions

 

Referenced Sites

 

[1] CVE-2023-52468 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52468

[2] CVE-2023-52468: class: fix use-after-free in class_register()

https://lore.kernel.org/linux-cve-announce/2024022545-CVE-2023-52468-59a2@gregkh/

[3] CVE-2023-52464 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52464#VulnChangeHistorySection

[4] CVE-2023-52464: EDAC/thunderx: Fix possible out-of-bounds string access

https://lore.kernel.org/linux-cve-announce/2024022336-CVE-2023-52464-b17c@gregkh/

[5] CVE-2024-26599 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26599

[6] CVE-2024-26599: pwm: Fix out-of-bounds access in of_pwm_single_xlate()

https://lore.kernel.org/linux-cve-announce/2024022338-CVE-2024-26599-cd65@gregkh/

[7] CVE-2023-52474 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52474

[8] CVE-2023-52474: IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests

https://lore.kernel.org/linux-cve-announce/2024022603-CVE-2023-52474-6691@gregkh/

[9] CVE-2024-26597 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26597

[10] CVE-2024-26597: net: qualcomm: rmnet: fix global oob in rmnet_policy

https://lore.kernel.org/linux-cve-announce/2024022337-CVE-2024-26597-be75@gregkh/

[11] CVE-2024-26598 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26598

[12] CVE-2024-26598: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache

https://lore.kernel.org/linux-cve-announce/2024022338-CVE-2024-26598-24f4@gregkh/

Tags:

Previous Post

Next Post