Linux Kernel Security Update Advisory

Apr 22 2024

Overview

We have released security updates to fix vulnerabilities in our Linux Kernel products. users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-26581

Linux Kernel Version: 5.4.269 (excluded)
Linux Kernel Versions: 5.5.0 (inclusive) to 5.10.210 (excluded)
Linux Kernel Versions: 5.11.0 (inclusive) to 5.15.149 (excluded)
Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.78 (exclusive)
Linux Kernel Versions: 6.2.0 (inclusive) to 6.6.17 (exclusive)
Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.5 (excluded)

CVE-2022-48626

Linux Kernel Version: 4.9.301 (Excluded)
Linux Kernel Versions: 4.10.0 (inclusive) to 4.14.266 (excluded)
Linux Kernel Versions: 4.15.0 (inclusive) to 4.19.229 (excluded)
Linux Kernel Versions: 4.20.0 (inclusive) to 5.4.179 (excluded)
Linux Kernel Versions: 5.5.0 (inclusive) to 5.10.100 (excluded)
Linux Kernel Versions: 5.11.0 (inclusive) to 5.15.23 (excluded)
Linux Kernel Versions: 5.16.0 (inclusive) to 5.16.9 (excluded)

CVE-2024-26593

Linux Kernel Versions: 5.3.0 (inclusive) to 5.4.269 (excluded)
Linux Kernel Versions: 5.5.0 (inclusive) to 5.10.210 (excluded)
Linux Kernel Versions: 5.11.0 (inclusive) to 5.15.149 (excluded)
Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.79 (excluded)
Linux Kernel Versions: 6.2.0 (inclusive) to 6.6.18 (excluded)
Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.6 (excluded)

CVE-2023-52436

Linux Kernel Versions: 4.19.306 (excluded)
Linux Kernel Versions: 4.20.0 (inclusive) through 5.4.268 (excluded)
Linux Kernel Versions: 5.5.0 (inclusive) to 5.10.209 (excluded)
Linux Kernel versions: 5.11.0 (inclusive) to 5.15.148 (exclusive)
Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.74 (exclusive)
Linux Kernel Versions: 6.2.0 (inclusive) to 6.6.13 (exclusive)
Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.1 (exclusive)

CVE-2021-47194

Linux Kernel Versions: 3.6.0 (inclusive) to 4.4.293 (excluded)
Linux Kernel Versions: 4.5.0 (inclusive) to 4.9.291 (excluded)
Linux Kernel versions: 4.10.0 (inclusive) to 4.14.256 (excluded)
Linux Kernel Versions: 4.15.0 (inclusive) to 4.19.218 (exclusive)
Linux Kernel Versions: 4.20.0 (inclusive) to 5.4.162 (exclusive)
Linux Kernel Versions: 5.5.0 (inclusive) to 5.10.82 (excluded)
Linux Kernel Versions: 5.11.0 (inclusive) to 5.15.5 (excluded)

CVE-2021-47198

Linux Kernel Versions: 5.15.5 (excluded)

Resolved Vulnerabilities

CVE-2024-26581: DoS vulnerability in the nft_set_rbtree module in netfilter due to failure to skip end-spacing elements during lazy garbage collection (lazy GC) ( 7.8 High, CVSS V3.1 Date Added: 2024.04.19)

CVE-2022-48626: Use-after-free vulnerability in the moxart driver in the Linux Kernel (7.8 High, CVSS V3.1 Date Added: 2024.04.17)

CVE-2024-26593: Vulnerability in block process call transactions in the i801 module of the i2c driver due to failure to reset the block buffer index, resulting in malformed data being read (7.1 High, CVSS V3.1 Date Added: 2024.04.19)

CVE-2021-47194: Vulnerability in NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC transition in cfg80211 due to failure to call the cleanup function, cfg80211_stop_ap(), resulting in the use of uninitialized data (7.8 High, CVSS V3.1 Date Added: 2024.04.19)

CVE-2023-52436: Vulnerability in setting xattrs that occurs in the f2fs file system due to explicitly nulling the xattr list when setting xattrs, resulting in unused xattr space always being assumed to be zero (7.8 High, CVSS V3.1 Date Added: 2024.04.19)

CVE-2021-47198: Use-after-free vulnerability in the lpfc module of the scsi driver (7.8 High, CVSS V3.1 Date Added: 2024.04.19)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites[1] to update to the latest Vulnerability Patches version.

CVE-2024-26581