A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660 https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2262128]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0930 https://access.redhat.com/errata/RHSA-2024:0930
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1019 https://access.redhat.com/errata/RHSA-2024:1019
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1018 https://access.redhat.com/errata/RHSA-2024:1018
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:1249 https://access.redhat.com/errata/RHSA-2024:1249
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:1332 https://access.redhat.com/errata/RHSA-2024:1332
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:1404
*** Bug 2269217 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1607 https://access.redhat.com/errata/RHSA-2024:1607
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1614 https://access.redhat.com/errata/RHSA-2024:1614
Hi. https://access.redhat.com/security/cve/CVE-2024-1086 does not mention RHEL 9 latest at all (it only mentions other major versions and 9.2 EUS), whereas 9.3 is in fact affected - the published exploit just works all the way to a root shell. I wonder if this maybe slipped through the cracks, and actually delays fixing the issue for 9.3/9.4? And even if not, it's something to fix on that access page. Thanks!
> https://access.redhat.com/security/cve/CVE-2024-1086 does not mention RHEL 9 latest at all Oops, I was wrong, sorry! It does say RHEL 9 is Affected on the second page of results (the first page is "1-10 of 12"). I find this UI non-intuitive, and keep forgetting more pages of results may exist. Anyway, good to know the issue is known and acknowledged.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:2697 https://access.redhat.com/errata/RHSA-2024:2697
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2024:3319 https://access.redhat.com/errata/RHSA-2024:3319
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Via RHSA-2024:3318 https://access.redhat.com/errata/RHSA-2024:3318
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:3427 https://access.redhat.com/errata/RHSA-2024:3427
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:3414 https://access.redhat.com/errata/RHSA-2024:3414
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:3421 https://access.redhat.com/errata/RHSA-2024:3421
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2024:3530 https://access.redhat.com/errata/RHSA-2024:3530
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:3528 https://access.redhat.com/errata/RHSA-2024:3528
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2024:3529 https://access.redhat.com/errata/RHSA-2024:3529
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2024:3805 https://access.redhat.com/errata/RHSA-2024:3805
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Via RHSA-2024:4075 https://access.redhat.com/errata/RHSA-2024:4075
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:4074 https://access.redhat.com/errata/RHSA-2024:4074
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:4073 https://access.redhat.com/errata/RHSA-2024:4073
(In reply to errata-xmlrpc from comment #55) > This issue has been addressed in the following products: > > Red Hat Enterprise Linux 7 > https://pokerogue.io > Via RHSA-2024:4073 https://access.redhat.com/errata/RHSA-2024:4073 Great!
This comment was flagged as spam, view the edit history to see the original text if required.
From caves and cliffs to lush caves and deep darks, Minecraft’s updates always keep things exciting.https://theminecraft.com.in/