MontaVista CVE List and Response

MontaVista continually monitors the security community and customers for threats. We follow the community on CVE scoring (NVD) and set fix priority accordingly for affected products. Please view the following CVEs that have been remediated or are in process by clicking the CVE Year to the left or use the CVE Filters below.

For inquiries regarding Security Vulnerabilities, please see our Vulnerability Response Policy or email our PSIRT team security@mvista.com. Email messages and attachments can be encrypted using PGP and a MontaVista PSIRT PGP key, which is available for download here.

Year
Product
Score
Severity
Status
CVE
CVE Score Severity Package Description Published
CVE-2022-21505
8.4 (i)
CGX 3.1 Released
Rocky 8.4 Wont Fix
CGX 2.4 Wont Fix
CGX 4.0 Released
Rocky 8.5 Wont Fix
Centos 8.3 Wont Fix
Centos 7.9 Wont Fix
Centos 8.1 Wont Fix
Centos 7.8 Wont Fix
Centos 7.7 Wont Fix
Centos 7.6 Wont Fix
Centos 6.10 Wont Fix
Centos 7.5 Wont Fix
HIGHkernel ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2024-06-15
CVE-2024-4741
5.6 (i)
Centos 6.10 Out of Support Scope
Rocky 9.1 Out of Support Scope
Rocky 9.2 Out of Support Scope
Rocky 8.8 Out of Support Scope
Centos 7.5 Out of Support Scope
Centos 7.6 Out of Support Scope
Centos 7.7 Out of Support Scope
Centos 7.8 Out of Support Scope
Centos 8.3 Out of Support Scope
Centos 8.2 Out of Support Scope
CGX 2.0 Out of Support Scope
CGX 2.2 Out of Support Scope
CGX 2.2 Out of Support Scope
CGE 7.0 Out of Support Scope
CGX 2.4 Out of Support Scope
Rocky 8.5 Out of Support Scope
Centos 8.1 Out of Support Scope
Rocky 8.4 Out of Support Scope
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
CGX 4.0 Under Investigation
Rocky 9.3 Out of Support Scope
Rocky 8.9 Under Investigation
CGE 6.0 Out of Support Scope
MEDIUMopenssl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2024-06-15
CVE-2024-5742
4.7 (i)
Rocky 9.1 Out of Support Scope
Rocky 9.2 Out of Support Scope
Rocky 8.8 Out of Support Scope
Centos 7.7 Out of Support Scope
Centos 8.3 Out of Support Scope
Centos 8.2 Out of Support Scope
CGX 2.0 Out of Support Scope
CGX 2.2 Out of Support Scope
CGX 2.4 Out of Support Scope
Rocky 8.5 Out of Support Scope
Rocky 8.4 Out of Support Scope
CGX 3.1 Under Investigation
Centos 7.9 Under Investigation
Rocky 9.3 Under Investigation
Rocky 8.9 Under Investigation
Centos 5.11 Out of Support Scope
Centos 6.10 Out of Support Scope
MEDIUMnano A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. 2024-06-12
CVE-2024-35235
4.4 (i)
Centos 7.8 Out of Support Scope
Rocky 8.9 Under Investigation
CGE 6.0 Out of Support Scope
Rocky 9.1 Out of Support Scope
Rocky 9.2 Out of Support Scope
Rocky 8.8 Out of Support Scope
Centos 7.5 Out of Support Scope
Centos 7.6 Out of Support Scope
Centos 7.7 Out of Support Scope
CGE 7.0 Out of Support Scope
CGX 2.4 Out of Support Scope
Centos 8.2 Out of Support Scope
Rocky 8.5 Out of Support Scope
CGX 2.0 Out of Support Scope
CGX 2.2 Out of Support Scope
Rocky 8.4 Out of Support Scope
CGX 3.1 Under Investigation
Centos 7.9 Under Investigation
CGX 4.0 Under Investigation
Rocky 9.3 Under Investigation
Centos 5.11 Out of Support Scope
Centos 6.10 Out of Support Scope
MEDIUMcups OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue. 2024-06-11
CVE-2024-36971
7.8 (i)
Centos 7.9 Under Investigation
Rocky 9.1 Out of Support Scope
Rocky 9.2 Out of Support Scope
Rocky 8.8 Out of Support Scope
Centos 7.5 Wont Fix
Centos 7.6 Wont Fix
Centos 7.7 Wont Fix
Centos 7.8 Wont Fix
Centos 7.8 Out of Support Scope
Centos 8.3 Out of Support Scope
Centos 8.2 Out of Support Scope
CGX 2.0 Not Affected
CGX 2.0 Not Affected
Centos 8.2 Out of Support Scope
CGX 2.2 Out of Support Scope
CGE 7.0 Not Affected
CGX 2.4 Out of Support Scope
Rocky 8.5 Out of Support Scope
Centos 8.1 Out of Support Scope
Rocky 8.4 Out of Support Scope
CGX 3.1 Under Investigation
Centos 7.9 Wont Fix
CGX 4.0 Under Investigation
Rocky 9.3 Under Investigation
Centos 7.9 Wont Fix
Rocky 8.9 Under Investigation
Centos 5.11 Wont Fix
CGE 6.0 Not Affected
Centos 6.10 Wont Fix
HIGHkernel In the Linux kernel, the following vulnerability has been resolved:net: fix __dst_negative_advice() race__dst_negative_advice() does not enforce proper RCU rules whensk->dst_cache must be cleared, leading to possible UAF.RCU rules are that we must first clear sk->sk_dst_cache,then call dst_release(old_dst).Note that sk_dst_reset(sk) is implementing this protocol correctly,while __dst_negative_advice() uses the wrong order.Given that ip6_negative_advice() has special logicagainst RTF_CACHE, this means each of the three ->negative_advice()existing methods must perform the sk_dst_reset() themselves.Note the check against NULL dst is centralized in__dst_negative_advice(), there is no need to duplicateit in various callbacks.Many thanks to Clement Lecigne for tracking this issue.This old bug became visible after the blamed commit, using UDP sockets. 2024-06-10
CVE-2024-4577
9.8 (i)
Centos 7.8 Wont Fix
CGE 6.0 Not Affected
Rocky 9.1 Wont Fix
Rocky 9.2 Wont Fix
Rocky 8.8 Wont Fix
Centos 7.5 Wont Fix
Centos 7.6 Wont Fix
Centos 7.7 Wont Fix
Centos 8.2 Wont Fix
CGE 7.0 Not Affected
Rocky 8.5 Wont Fix
Rocky 8.4 Wont Fix
Centos 7.9 Wont Fix
Rocky 9.3 Wont Fix
Rocky 8.9 Wont Fix
CGE 6.0 Not Affected
CRITICALphp In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. 2024-06-09
CVE-2024-2408
5.9 (i)
CGE 6.0 Out of Support Scope
Rocky 9.2 Out of Support Scope
Rocky 9.1 Out of Support Scope
Rocky 8.8 Out of Support Scope
Centos 7.5 Out of Support Scope
Centos 7.6 Out of Support Scope
Centos 7.8 Out of Support Scope
Centos 7.7 Out of Support Scope
Centos 8.2 Out of Support Scope
CGE 7.0 Out of Support Scope
Centos 7.9 Under Investigation
Rocky 9.3 Under Investigation
Rocky 8.5 Out of Support Scope
Rocky 8.9 Under Investigation
Rocky 8.4 Out of Support Scope
MEDIUMphp The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable.PHP Windows builds for the versions 8.1.29, 8.2.20 and 8.3.8 and above include OpenSSL patches that fix the vulnerability. 2024-06-09
CVE-2024-5585
8.8 (i)
Rocky 9.2 Wont Fix
Rocky 8.9 Wont Fix
Rocky 9.1 Wont Fix
Centos 7.6 Wont Fix
Centos 7.7 Wont Fix
Centos 7.8 Wont Fix
Rocky 8.8 Wont Fix
Centos 7.5 Wont Fix
Centos 8.2 Wont Fix
CGE 7.0 Not Affected
Rocky 8.5 Wont Fix
Rocky 8.4 Wont Fix
Centos 7.9 Wont Fix
Rocky 9.3 Wont Fix
CGE 6.0 Not Affected
HIGHphp In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. 2024-06-09
CVE-2024-5458
5.3 (i)
Rocky 8.9 Under Investigation
CGE 6.0 Out of Support Scope
Rocky 9.1 Out of Support Scope
Rocky 9.2 Out of Support Scope
Rocky 8.8 Out of Support Scope
Centos 7.7 Out of Support Scope
Centos 7.8 Out of Support Scope
Centos 7.5 Out of Support Scope
Centos 7.6 Out of Support Scope
Centos 8.2 Out of Support Scope
CGE 7.0 Out of Support Scope
Rocky 8.5 Out of Support Scope
Rocky 8.4 Out of Support Scope
Centos 7.9 Under Investigation
Rocky 9.3 Under Investigation
MEDIUMphp In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. 2024-06-09
CVE-2023-49441
6.5 (i)
Rocky 9.1 Under Investigation
Rocky 9.2 Under Investigation
Rocky 8.8 Under Investigation
Centos 7.7 Under Investigation
Centos 8.3 Under Investigation
CGX 2.4 Out of Support Scope
Rocky 8.5 Under Investigation
Rocky 8.4 Under Investigation
Centos 8.2 Under Investigation
CGX 2.0 Out of Support Scope
CGX 2.2 Out of Support Scope
CGE 7.0 Out of Support Scope
CGX 3.1 Under Investigation
Centos 7.9 Under Investigation
CGX 4.0 Released
Rocky 9.3 Under Investigation
Rocky 8.9 Under Investigation
MEDIUMdnsmasq dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query. 2024-06-06