RED HAT

Red Hat Enterprise Linux 9

124 Versions 184 CVEs

Versions

Recent CVEs

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

UNKNOWN Jan 14, 2025

CVE-2024-11614

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

UNKNOWN Dec 18, 2024

CVE-2024-52337

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.

UNKNOWN Nov 26, 2024

CVE-2024-52336

A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.

UNKNOWN Nov 26, 2024

CVE-2024-10573

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.

UNKNOWN Oct 31, 2024

CVE-2024-9632

A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.

UNKNOWN Oct 30, 2024

CVE-2024-10041

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

UNKNOWN Oct 23, 2024

CVE-2024-9050

A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.

UNKNOWN Oct 22, 2024

Red Hat Enterprise Linux 9

Versions

0:0.10.4-13.el9

0:5.1.1-2.el9_4

0:9.2.10-19.el9_4

0:11.5.0-2.el9_4

0:6.2.0-5.el9_4

0:1.3.20-1.el9_4

0:5.14.0-162.6.1.el9_1

4:4.9.4-3.el9_4

0:5.1.1-2.el9_3

0:1.2.22-4.el9_5

0:4.4.0-12.el9

4:4.9.4-5.el9_4

2:1.37.2-1.el9

0:3.2.3-20.el9_5.1

0:1.20.11-24.el9

0:5.14.0-362.8.1.el9_3

0:1.21.13-4.el9_4

0:2.34-60.el9_2.7

0:9.2.10-8.el9_3

0:22.1.9-5.el9

2:1.33.10-1.el9_4

7:5.5-6.el9_3.1

0:4.17.5-103.el9_2

0:5.14.0-427.13.1.el9_4

0:3.1.2-4.el9_3

0:1.13.1-8.el9_4.3

0:2.4.5-8.el9_4

0:1.13.1-3.el9_3.6

0:4.4.0-10.el9

7:5.5-6.el9_3.2

0:1.18.1-4.el9_4

0:1.20.11-26.el9

0:4.18.6-101.el9_3

0:10.5.0-7.el9_5

2:5.2.2-1.el9

1:1.31.5-1.el9_3

0:5.6.1-6.el9

0:4.18.6-100.el9

0:1.21.9-2.el9_4

0:4.11.0-15.el9_4

0:252-32.el9_4

0:3.21.0-9.el9_3

1:2.06-70.el9_3.2

4:5.32.1-481.el9

0:1.16.2-3.el9_3.5

0:7.3.0-13.el9_3

4:5.2.2-9.el9_5

0:6.2.0-1.el9

0:1.18.1-3.el9

0:1.5.1-21.el9_5

0:21.01.0-21.el9

0:1.13.1-8.el9

0:9.5.0-7.el9_3

0:4.4.0-12.el9_4.1

0:23.2.7-1.el9

7:5.5-5.el9_2.1

2:1.16.1-1.el9

0:3.7.6-23.el9_3.4

9030020231120082734.rhel9

0:2.9.4-6.el9_4

0:3.2.2-1.el9_2

17:9.0.0-10.el9_5

0:8.7p1-38.el9_4.1

0:1.8-6.el9_4

0:4.10.2-5.el9_3

0:6.2.0-2.el9_4

2:1.33.9-1.el9_4

4:4.9.4-13.el9_4

0:8.7p1-38.el9_4.4

0:2.24.0-2.el9_5

0:3.24.31-5.el9

1:2.06-77.el9

0:323.1-1.el9_5

0:101-1.el9

2:1.33.7-3.el9_4

2:1.37.5-1.el9_5

0:5.14.0-362.24.1.el9_3

0:1.14.1-1.el9_5