ALAS2LIVEPATCH-2024-162 --- kernel-livepatch-4.14.327-246.539ID: oval:org.secpod.oval:def:1702112 | Date: (C)2024-02-28 (M)2024-04-25 |
Class: PATCH | Family: unix |
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter table, lack of a safeguard against invalid nf_tables family values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1
Product: |
kernel-livepatch-4.14.327-246.539 |