Linux Kernel Security Update Advisory

Apr 30 2024

Overview

We have released an update to address a vulnerability in the Linux Kernel. users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-26907

Linux Kernel Versions: ~ 5.10.214 (excluded)
Linux Kernel Versions : 5.11 (inclusive) to 5.15.153 (excluded)
Linux Kernel Versions : 5.16 (inclusive) to 6.1.83 (excluded)
Linux Kernel Versions : 6.2 (inclusive) to 6.6.23 (exclusive)
Linux Kernel Versions : 6.7 (inclusive) to 6.7.11 (excluded)

CVE-2024-26913

Linux Kernel Versions : ~ 6.7.6 (excluded)

CVE-2024-26883

Linux Kernel Versions : ~ 4.19.311 (excluded)
Linux Kernel Versions : 4.20 (inclusive) to 5.4.273 (excluded)
Linux Kernel Versions : 5.5 (inclusive) to 5.10.214 (excluded)
Linux Kernel Versions : 5.11 (inclusive) to 5.15.153 (excluded)
Linux Kernel Versions : 5.16 (inclusive) to 6.1.83 (excluded)
Linux Kernel Versions : 6.2 (inclusive) to 6.6.23 (exclusive)
Linux Kernel Versions : 6.7 (inclusive) to 6.7.11 (exclusive)
Linux Kernel Versions : 6.8 (inclusive) to 6.8.2 (excluded)

CVE-2024-26898

Linux Kernel Versions : 2.6.22 (inclusive) to 4.19.311 (excluded)
Linux Kernel Versions : 4.20 (inclusive) to 5.4.273 (excluded)
Linux Kernel Versions : 5.5 (inclusive) to 5.10.214 (excluded)
Linux Kernel Versions : 5.11 (inclusive) to 5.15.153 (excluded)
Linux Kernel Versions : 5.16 (inclusive) to 6.1.83 (excluded)
Linux Kernel Versions : 6.2 (inclusive) to 6.6.23 (exclusive)
Linux Kernel Versions : 6.7 (inclusive) to 6.7.11 (exclusive)
Linux Kernel Versions : 6.8 (inclusive) to 6.8.2 (excluded)

CVE-2024-26884

Linux Kernel Versions: 3.19 (inclusive) through 4.19.311 (excluded)
Linux Kernel Versions: 4.20 (inclusive) to 5.4.273 (excluded)
Linux Kernel version: 5.5 (inclusive) to 5.10.214 (excluded)
Linux Kernel version: 5.11 (inclusive) to 5.15.153 (excluded)
Linux Kernel versions: 5.16 (inclusive) to 6.1.83 (excluded)
Linux Kernel versions: 6.2 (inclusive) to 6.6.23 (excluded)
Linux Kernel versions: 6.7 (inclusive) to 6.7.11 (excluded)
Linux Kernel versions: 6.8 (inclusive) to 6.8.2 (excluded)

CVE-2024-26885

Linux Kernel Versions : 5.4 (inclusive) to 5.10.214 (excluded)
Linux Kernel Versions: 5.11 (inclusive) to 5.15.153 (excluded)
Linux Kernel Versions: 5.16 (inclusive) to 6.1.83 (excluded)
Linux Kernel versions: 6.2 (inclusive) to 6.6.23 (excluded)
Linux Kernel versions: 6.7 (inclusive) to 6.7.11 (excluded)
Linux Kernel versions: 6.8 (inclusive) to 6.8.2 (excluded)

Resolved Vulnerabilities

CVE-2024-26907: Memory copy error vulnerability when accessing Eth(segment) in the mlx5_ib_post_send function in the RDMA/mlx5 module in the Linux Kernel(7.8 High, CVSS V3.1 Date Added: 2024.04.29)

CVE-2024-26913 : Underflow/Corruption vulnerability in the dcn35 8k30 screen in the drm/amd/display module of the Linux kernel (7.8 High, CVSS V3.1 Date Added: 2024.04.29)

CVE-2024-26883: Stackmap Overflow Vulnerability in the bpf Module in the Linux Kernel on 32-bit Architectures (7.8 High, CVSS V3.1 Date Added: 2024.04.29)

CVE-2024-26898: Use-after-free vulnerability in the ATA over Ethernet (AoE) driver in the Linux kernel (7.8 High, CVSS V3.1 Date Added: 2024.04.29)

CVE-2024-26884: Hashtab Overflow Vulnerability in the bpf Module in the Linux Kernel on 32-bit Architectures (7.8 High, CVSS V3.1 Date Added: 2024.04.29)

CVE-2024-26885: DEVMAP_HASH Overflow Vulnerability in the bpf Module in the Linux Kernel on 32-bit Architectures (7.8 High, CVSS V3.1 Date Added: 2024.04.29)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-26907