| Description: | Summary:
The remote host is missing an update for the 'bpftool'
package(s) announced via the CESA-2024:1249 advisory.
Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* (CVE-2024-26602, ?)
* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)
* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)
* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)
* kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)
* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* [rhel-7] INFO: possible circular locking dependency detected: store+0x70/0xe0 kernfs_fop_write+0xe3/0x190 (BZ#2161654)
* qedf: Reading /sys/kernel/debug/qedf/hostX/stop_io_on_error can cause panic (BZ#2224973)
Affected Software/OS:
'bpftool' package(s) on CentOS 7.
Solution:
Please install the updated package(s).
CVSS Score:
8.3
CVSS Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C
|
