- kernel-4.18.0-477.21.1.lve.1.el8 (cl8)
- 4.18.0-513.9.1.lve.el8
- 2024-01-27 00:11:06
- 2024-02-05 07:39:26
- K20240127_05
- CVE-2023-4004
- Description:
netfilter: nft_set_pipapo: fix improper element removal
- CVE: https://access.redhat.com/security/cve/CVE-2023-4004
- Patch: rhel8/4.18.0-477.27.1.el8_8/CVE-2023-4004-netfilter-nft-set-pipapo-fix-improper-element-removal.patch
- From: 4.18.0-477.27.1.el8_8
- CVE-2023-3390
- Description:
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
- CVE: https://access.redhat.com/security/cve/CVE-2023-3390
- Patch: rhel8/4.18.0-477.27.1.el8_8/CVE-2023-3390-netfilter-nf-tables-incorrect-error-path-handling-with.patch
- From: 4.18.0-477.27.1.el8_8
- CVE-2023-3090
- Description:
ipvlan:Fix out-of-bounds caused by unclear skb->cb
- CVE: https://access.redhat.com/security/cve/CVE-2023-3090
- Patch: rhel8/4.18.0-477.27.1.el8_8/CVE-2023-3090-ipvlan-fix-out-of-bounds-caused-by-unclear-skb-cb.patch
- From: 4.18.0-477.27.1.el8_8
- CVE-2023-35788
- Description:
net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
- CVE: https://access.redhat.com/security/cve/CVE-2023-35788
- Patch: rhel8/4.18.0-477.27.1.el8_8/CVE-2023-35788-net-sched-flower-fix-possible-oob-write-in-fl-set-geneve-opt.patch
- From: 4.18.0-477.27.1.el8_8
- CVE-2023-20593
- Description:
hw: amd: Cross-Process Information Leak
- CVE: https://access.redhat.com/security/cve/cve-2023-20593
- Patch: rhel8/4.18.0-477.27.1.el8_8/CVE-2023-20593-zenbleed.patch
- From: 4.18.0-477.27.1.el8_8
- CVE-2023-3776
- Description:
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
- CVE: https://access.redhat.com/security/cve/CVE-2023-3776
- Patch: rhel8/4.18.0-477.27.1.el8_8/CVE-2023-3776-net-sched-cls-fw-fix-improper-refcount-update-leads-to.patch
- From: 4.18.0-477.27.1.el8_8
- CVE-2023-35001
- Description:
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- CVE: https://access.redhat.com/security/cve/CVE-2023-35001
- Patch: rhel8/4.18.0-477.27.1.el8_8/CVE-2023-35001-netfilter-nf_tables-prevent-OOB-access-in-nft_byteorder_eval.patch
- From: 4.18.0-477.27.1.el8_8
- CVE-2023-2002
- Description:
bluetooth: Perform careful capability checks in hci_sock_ioctl()
- CVE: https://access.redhat.com/security/cve/CVE-2023-2002
- Patch: rhel8/4.18.0-477.27.1.el8_8/CVE-2023-2002-bluetooth-perform-careful-capability-checks-in-hci_sock_ioctl.patch
- From: 4.18.0-477.27.1.el8_8
- CVE-2023-1118
- Description:
media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
- CVE: https://access.redhat.com/security/cve/CVE-2023-1118
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1118-media-rc-fix-use-after-free-bugs-caused-by-ene-tx-irqsim.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-1989
- Description:
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
- CVE: https://access.redhat.com/security/cve/CVE-2023-1989
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1989-Bluetooth-btsdio-fix-use-after-free-bug-in-btsdio_remove.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-3141
- Description:
memstick: r592: Fix UAF bug in r592_remove due to race condition
- CVE: https://access.redhat.com/security/cve/CVE-2023-3141
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-3141-memstick-r592-Fix-UAF-bug-in-r592_remove-due-to-race.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-3268
- Description:
kernel/relay.c: fix read_pos error when multiple readers
- CVE: https://access.redhat.com/security/cve/CVE-2023-3268
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-3268-kernel-relay.c-fix-read_pos-error-when-multiple-readers.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-3609
- Description:
net/sched: cls_u32: Fix reference counter leak leading to overflow
- CVE: https://access.redhat.com/security/cve/CVE-2023-3609
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-3609-net-sched-cls-u32-fix-reference-counter-leak-leading-to-overflow.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-3611
- Description:
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
- CVE: https://access.redhat.com/security/cve/CVE-2023-3611
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-3611-net-sched-sch-qfq-account-for-stab-overhead-in-qfq-enqueue.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-4128 CVE-2023-4206
- Description:
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
- CVE: https://access.redhat.com/security/cve/CVE-2023-4128
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-4128-net-sched-cls_route-No-longer-copy-tcf_result-on-update.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-4128 CVE-2023-4207
- Description:
net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
- CVE: https://access.redhat.com/security/cve/CVE-2023-4128
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-4128-net-sched-cls_fw-No-longer-copy-tcf_result-on-update.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-4128 CVE-2023-4208
- Description:
net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
- CVE: https://access.redhat.com/security/cve/CVE-2023-4128
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-4128-net-sched-cls_u32-No-longer-copy-tcf_result-on-update.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-31436
- Description:
net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
- CVE: https://access.redhat.com/security/cve/CVE-2023-31436
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-31436-net-sched-sch_qfq-prevent-slab-out-of-bounds-in-qfq_activate_agg.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-35823
- Description:
media: saa7134: fix use after free bug in saa7134_finidev due to race condition
- CVE: https://access.redhat.com/security/cve/CVE-2023-35823
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-35823-media-saa7134-fix-use-after-free-bug-in-saa7134_fini.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-35824
- Description:
media: dm1105: Fix use after free bug in dm1105_remove due to race condition
- CVE: https://access.redhat.com/security/cve/CVE-2023-35824
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-35824-media-dm1105-Fix-use-after-free-bug-in-dm1105_remove.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2021-43975
- Description:
atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
- CVE: https://access.redhat.com/security/cve/CVE-2021-43975
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2021-43975-atlantic-fix-oob-read-and-write-in-hw-atl-utils-fw-rpc-wait.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-2513
- Description:
ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
- CVE: https://access.redhat.com/security/cve/CVE-2023-2513
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-2513-ext4-add-EXT4_INODE_HAS_XATTR_SPACE-macro-in-xattr.h.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-2513
- Description:
ext4: fix use-after-free in ext4_xattr_set_entry
- CVE: https://access.redhat.com/security/cve/CVE-2023-2513
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-2513-ext4-fix-use-after-free-in-ext4-xattr-set-entry.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-28772
- Description:
seq_buf: Fix overflow in seq_buf_putmem_hex()
- CVE: https://access.redhat.com/security/cve/CVE-2023-28772
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-28772-seq-buf-fix-overflow-in-seq-buf-putmem-hex.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-1073
- Description:
HID: check empty report_list in hid_validate_values()
- CVE: https://access.redhat.com/security/cve/CVE-2023-1073
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1073-hid-check-empty-report-list-in-hid-validate-values.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2022-40982
- Description:
Complex adaptation required.
- CVE:
- Patch: skipped/CVE-2022-40982.patch
- From:
- CVE-2022-42895
- Description:
Bluetooth: L2CAP: Fix attempting to access uninitialized memory
- CVE: https://access.redhat.com/security/cve/CVE-2022-42895
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2022-42895-bluetooth-l2cap-fix-attempting-to-access-uninitialized-memory.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-30456
- Description:
KVM: nVMX: add missing consistency checks for CR0 and CR4
- CVE: https://access.redhat.com/security/cve/CVE-2023-30456
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-30456-kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-33203
- Description:
net: qcom/emac: Fix use after free bug in emac_remove due to race condition
- CVE: https://access.redhat.com/security/cve/CVE-2023-33203
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-33203-net-qcom-emac-fix-use-after-free-bug-in-emac-remove-due-to-race.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-1206
- Description:
This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.
- CVE:
- Patch: skipped/CVE-2023-1206.patch
- From:
- CVE-2023-1855
- Description:
hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
- CVE: https://access.redhat.com/security/cve/CVE-2023-1855
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1855-patch-hwmon-xgene-fix-use-after-free-bug-in-xgene-hwmon-remove.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-3161
- Description:
fbcon: Check font dimension limits
- CVE: https://access.redhat.com/security/cve/CVE-2023-3161
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-3161-fbcon-check-font-dimension-limits.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2022-3640
- Description:
Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
- CVE: https://access.redhat.com/security/cve/CVE-2022-3640
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2022-3640-Bluetooth-L2CAP-fix-use-after-free-in-l2cap_conn_del.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2022-28388
- Description:
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
- CVE: https://access.redhat.com/security/cve/CVE-2022-28388
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2022-28388-can-usb_8dev-usb_8dev_start_xmit-fix-double-dev_kfree_skb.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-1074
- Description:
sctp: fail if no bound addresses can be used for a given scope
- CVE: https://access.redhat.com/security/cve/CVE-2023-1074
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1074-sctp-fail-if-no-bound-addresses-can-be-used-for-given-scope.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-3772
- Description:
xfrm: add NULL check in xfrm_update_ae_params
- CVE: https://access.redhat.com/security/cve/cve-2023-3772
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-3772-xfrm-add-NULL-check-in-xfrm_update_ae_params.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2022-45869
- Description:
KVM: x86/mmu: Fix race condition in direct_page_fault
- CVE: https://access.redhat.com/security/cve/CVE-2022-45869
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2022-45869-kvm-x86-mmu-fix-race-condition-in-direct-page-fault.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-1998
- Description:
x86/speculation: Allow enabling STIBP with legacy IBRS
- CVE: https://access.redhat.com/security/cve/CVE-2023-1998
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1998-x86-speculation-Allow-enabling-STIBP-with-legacy-IB.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-1998
- Description:
x86/speculation: Allow enabling STIBP with legacy IBRS
- CVE: https://access.redhat.com/security/cve/CVE-2023-1998
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1998-x86-speculation-Allow-enabling-STIBP-with-legacy-IB-kpatch.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-1252
- Description:
ovl: fix use after free in struct ovl_aio_req
- CVE: https://access.redhat.com/security/cve/CVE-2023-1252
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1252-ovl-fix-use-after-free-in-struct-ovl_aio_req.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-1252
- Description:
ovl: fix use after free in struct ovl_aio_req
- CVE: https://access.redhat.com/security/cve/CVE-2023-1252
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1252-ovl-fix-use-after-free-in-struct-ovl_aio_req-kpatch.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2022-38457 CVE-2022-40133
- Description:
drm/vmwgfx: Remove rcu locks from user resources
- CVE: https://access.redhat.com/security/cve/CVE-2022-40133
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2022-38457-CVE-2022-40133-1-drm-vmwgfx-clean-up-some-error-pointer-checking.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2022-38457 CVE-2022-40133
- Description:
drm/vmwgfx: Remove rcu locks from user resources
- CVE: https://access.redhat.com/security/cve/CVE-2022-40133
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2022-38457-CVE-2022-40133-drm-vmwgfx-Remove-rcu-locks-from-user-resources.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-1079
- Description:
HID: asus: use spinlock to safely schedule workers
- CVE: https://access.redhat.com/security/cve/CVE-2023-1079
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1079-HID-asus-use-spinlock-to-safely-schedule-workers.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-1079
- Description:
HID: asus: use spinlock to safely schedule workers
- CVE: https://access.redhat.com/security/cve/CVE-2023-1079
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1079-HID-asus-use-spinlock-to-safely-schedule-workers-kpatch.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-31084
- Description:
media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
- CVE: https://access.redhat.com/security/cve/CVE-2022-31084
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-31084-media-dvb-core-Fix-kernel-WARNING-for-blocking-opera.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-0597
- Description:
Medium severity vulnerability CVE requiring extremely complex adaptation (if at all possible)
- CVE:
- Patch: skipped/CVE-2023-0597.patch
- From:
- CVE-2022-4744
- Description:
Not possible to trigger in rhel8
- CVE:
- Patch: skipped/CVE-2022-4744.patch
- From:
- CVE-2023-28328
- Description:
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
- CVE: https://access.redhat.com/security/cve/CVE-2023-28328
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-28328-media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2022-3594
- Description:
r8152: Rate limit overflow messages
- CVE: https://access.redhat.com/security/cve/CVE-2022-3594
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2022-3594-r8152-rate-limit-overflow-messages.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-0458
- Description:
prlimit: do_prlimit needs to have a speculation check
- CVE: https://access.redhat.com/security/cve/CVE-2023-0458
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-0458-prlimit-do-prlimit-needs-to-have-a-speculation-check.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2022-45887
- Description:
media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
- CVE: https://access.redhat.com/security/cve/CVE-2022-3594
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2022-45887-patch-media-ttusb-dec-fix-memory-leak-in-ttusb-dec-exit-dvb.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-23455
- Description:
net: sched: atm: dont intepret cls results when asked to drop
- CVE: https://access.redhat.com/security/cve/CVE-2023-23455
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-23455-net-sched-atm-dont-intepret-cls-results-when-asked-to-drop.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-26545
- Description:
net: mpls: fix stale pointer if allocation fails during device rename
- CVE: https://access.redhat.com/security/cve/CVE-2023-26545
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-26545-net-mpls-fix-stale-pointer-if-allocation-fails-during-device-rename.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-4155
- Description:
net: sched: atm: dont intepret cls results when asked to drop
- CVE: https://access.redhat.com/security/cve/CVE-2023-23455
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-4155-kvm-sev-only-access-ghcb-fields-once.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-4132
- Description:
media: usb: siano: Fix use after free bugs caused by do_submit_urb
- CVE: https://access.redhat.com/security/cve/CVE-2023-4132
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-4132-media-usb-siano-fix-use-after-free-bugs-caused-by-do-submit-urb.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-4132
- Description:
media: usb: siano: Fix use after free bugs caused by do_submit_urb
- CVE: https://access.redhat.com/security/cve/CVE-2023-4132
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-4132-media-usb-siano-fix-warning-due-to-null-work-func-t-function.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-0590
- Description:
net: sched: fix race condition in qdisc_graft()
- CVE: https://access.redhat.com/security/cve/CVE-2023-0590
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-0590-net-sched-fix-race-condition-in-qdisc-graft.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-3212
- Description:
gfs2: Don't deref jdesc in evict
- CVE: https://access.redhat.com/security/cve/CVE-2023-3212
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-3212-gfs2-don-t-deref-jdesc-in-evict.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-1382
- Description:
tipc: set con sock in tipc_conn_alloc
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-1382
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1382-tipc-set-con-sock-in-tipc_conn_alloc.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-1382
- Description:
tipc: add an extra conn_get in tipc_conn_alloc
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-1382
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1382-tipc-add-an-extra-conn_get-in-tipc_conn_alloc.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-1075
- Description:
net/tls: tls_is_tx_ready() checked list_entry
- CVE: https://ubuntu.com/security/CVE-2023-1075
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-1075-net-tls-tls_is_tx_ready-checked-list_entry.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-33951 CVE-2023-33952
- Description:
drm/vmwgfx: Do not drop the reference to the handle too soon
- CVE: https://access.redhat.com/security/cve/cve-2023-33951
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-33951-CVE-2023-33952-drm-vmwgfx-Do-not-drop-the-reference-to-the-handle-t.patch
- From: kernel-4.18.0-513.5.1.el8_9
- CVE-2023-4732
- Description:
mm: thp: fix wrong cache flush in remove_migration_pmd()
- CVE: https://access.redhat.com/security/cve/CVE-2023-4732
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-4732-1-mm-thp-fix-wrong-cache-flush-in-remove_migration_pmd.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-4732
- Description:
mm/thp: simplify copying of huge zero page pmd when fork
- CVE: https://access.redhat.com/security/cve/CVE-2023-4732
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-4732-2-mm-thp-simplify-copying-of-huge-zero-page-pmd-when-f.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-4732
- Description:
mm/userfaultfd: fix uffd-wp special cases for
- CVE: https://access.redhat.com/security/cve/CVE-2023-4732
- Patch: rhel8/4.18.0-513.5.1.el8_9/CVE-2023-4732-mm-userfaultfd-fix-uffd-wp-special-cases-for-fork-pre-477.21.1.patch
- From: 4.18.0-513.5.1.el8_9
- CVE-2023-2163
- Description:
bpf: Fix incorrect verifier pruning due to missing register precision taints
- CVE: https://access.redhat.com/security/cve/CVE-2023-2163
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2023-2163-bpf-fix-incorrect-verifier-pruning-due-to-missing-register-precision.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2023-3812
- Description:
net: tun: fix bugs for oversize packet when napi frags enabled
- CVE: https://access.redhat.com/security/cve/CVE-2023-3812
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2023-3812-net-tun-fix-bugs-for-oversize-packet-when-napi-frags-enabled.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2023-5178
- Description:
nvmet-tcp: Fix a possible UAF in queue intialization setup
- CVE: https://access.redhat.com/security/cve/CVE-2023-5178
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2023-5178-nvmet-tcp-fix-a-possible-uaf-in-queue-intialization-setup.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45884
- Description:
media: dvbdev: remove double-unlock
- CVE: https://access.redhat.com/security/cve/CVE-2022-45884
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45884-7808-media-dvbdev-remove-double-unlock.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45884
- Description:
media: dvbdev: Fix memleak in dvb_register_device
- CVE: https://access.redhat.com/security/cve/CVE-2022-45884
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45884-7810-media-dvbdev-Fix-memleak-in-dvb_register_device.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45884
- Description:
media: dvbdev: fix error logic at dvb_register_device()
- CVE: https://access.redhat.com/security/cve/CVE-2022-45884
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45884-7811-media-dvbdev-fix-error-logic-at-dvb_register_device.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45884
- Description:
media: dvbdev: adopts refcnt to avoid UAF
- CVE: https://access.redhat.com/security/cve/CVE-2022-45884
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45884-7812-media-dvbdev-adopts-refcnt-to-avoid-UAF.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45884
- Description:
media: dvbdev: fix refcnt bug
- CVE: https://access.redhat.com/security/cve/CVE-2022-45884
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45884-7813-media-dvbdev-fix-refcnt-bug.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45884
- Description:
media: dvbdev: adopts refcnt to avoid UAF (adaptation)
- CVE: https://access.redhat.com/security/cve/CVE-2022-45884
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45884-7812-kpatch.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45884
- Description:
media: dvb-core: Fix use-after-free due to race at dvb_register_device()
- CVE: https://access.redhat.com/security/cve/CVE-2022-45884
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45884-7814-media-dvb-core-Fix-use-after-free-due-to-race-at-dvb_register_device.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45884
- Description:
media: dvb-core: Fix use-after-free due to race at dvb_register_device() (adaptation)
- CVE: https://access.redhat.com/security/cve/CVE-2022-45884
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45884-7814-kpatch.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45886
- Description:
media: dvb_net: avoid speculation from net slot
- CVE: https://access.redhat.com/security/cve/CVE-2022-45886
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45886-7817-media-dvb_net-avoid-speculation-from-net-slot.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45886
- Description:
media: dvb-core: Fix use-after-free due on race condition at dvb_net
- CVE: https://access.redhat.com/security/cve/CVE-2022-45886
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45886-7818-media-dvb-core-Fix-UAF-due-to-race-condition-at-dvb_net.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45886
- Description:
media: dvb-core: Fix use-after-free due on race condition at dvb_net (adaptation)
- CVE: https://access.redhat.com/security/cve/CVE-2022-45886
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45886-7818-kpatch.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45919
- Description:
media: dvb_ca_en50221: off by one in dvb_ca_en50221_io_do_ioctl()
- CVE: https://access.redhat.com/security/cve/CVE-2022-45919
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45919-7819-media-dvb_ca_en50221-off-by-one-in-dvb_ca_en50221_io_do_ioctl.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45919
- Description:
media: dvb_ca_en50221: avoid speculation from CA slot
- CVE: https://access.redhat.com/security/cve/CVE-2022-45919
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45919-7821-media-dvb_ca_en50221-avoid-speculation-from-CA-slot.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45919
- Description:
media: dvb_ca_en50221: fix a size write bug
- CVE: https://access.redhat.com/security/cve/CVE-2022-45919
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45919-7822-media-dvb_ca_en50221-fix-a-size-write-bug.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45919
- Description:
media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
- CVE: https://access.redhat.com/security/cve/CVE-2022-45919
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45919-7823-media-dvb-core-Fix-use-after-free-due-to-race-condition-at-dvb_ca_en50221.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2022-45919
- Description:
media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (adaptation)
- CVE: https://access.redhat.com/security/cve/CVE-2022-45919
- Patch: rhel8/4.18.0-513.9.1.el8_9/CVE-2022-45919-7823-kpatch.patch
- From: 4.18.0-513.9.1.el8_9
- CVE-2023-2162
- Description:
scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
- CVE: https://access.redhat.com/security/cve/CVE-2023-2162
- Patch: rhel8/4.18.0-513.11.1.el8_9/CVE-2023-2162-scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-t.patch
- From: 4.18.0-513.11.1.el8_9
- CVE-2023-42753
- Description:
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
- CVE: https://access.redhat.com/security/cve/CVE-2023-42753
- Patch: rhel8/4.18.0-513.11.1.el8_9/CVE-2023-42753-netfilter-ipset-add-the-missing-IP_SET_HASH_WITH_NET0-macro-for-ip_set_hash_netportnet-c.patch
- From: 4.18.0-513.11.1.el8_9
- CVE-2023-4622
- Description:
af_unix: Fix null-ptr-deref in unix_stream_sendpage().
- CVE: https://access.redhat.com/security/cve/CVE-2023-4622
- Patch: rhel8/4.18.0-513.11.1.el8_9/CVE-2023-4622-af_unix-Fix-null-ptr-deref-in-unix_stream_sendpage.patch
- From: 4.18.0-513.11.1.el8_9
- CVE-2023-20569
- Description:
A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.
- CVE:
- Patch: skipped/CVE-2023-20569.patch
- From:
- CVE-2023-5633
- Description:
drm/vmwgfx: Fix possible invalid drm gem put calls
- CVE: https://access.redhat.com/security/cve/CVE-2023-5633
- Patch: rhel8/4.18.0-513.11.1.el8_9/CVE-2023-5633-drm-vmwgfx-Fix-possible-invalid-drm-gem-put-calls.patch
- From: 4.18.0-513.11.1.el8_9
- CVE-2023-5633
- Description:
drm/vmwgfx: Keep a gem reference to user bos in surfaces
- CVE: https://access.redhat.com/security/cve/CVE-2023-5633
- Patch: rhel8/4.18.0-513.11.1.el8_9/CVE-2023-5633-drm-vmwgfx-Keep-a-gem-reference-to-user-bos-in-surfa-1.patch
- From: 4.18.0-513.11.1.el8_9
- N/A
- Description:
x86 xen add xenpv restore regs and return to usermode
- CVE: N/A
- Patch: 4.18.0/x86-xen-Add-xenpv_restore_regs_and_return_to_usermode-el8-372.patch
- From: N/A
- N/A
- Description:
kpatch add alt asm definitions
- CVE: N/A
- Patch: 4.18.0/kpatch-add-alt-asm-definitions-el8-372.patch
- From: N/A
- N/A
- Description:
kpatch add paravirt asm definitions
- CVE: N/A
- Patch: 4.18.0/0003-kpatch-add-paravirt-asm-definitions.patch
- From: N/A