RedHatRHSA-2024:0412(RHSA-2024:0412) Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)
-
kernel: net/sched: multiple vulnerabilities (CVE-2023-3611, CVE-2023-4623)
-
kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)
-
kernel: use after free in unix_stream_sendpage (CVE-2023-4622)
-
kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)
-
kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)
-
kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)
-
kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)
-
kernel: multiple race condition vulnerabilities (CVE-2022-3028, CVE-2022-3522, CVE-2023-33203, CVE-2023-35823, CVE-2023-35824, CVE-2022-3567, BZ#2230094)
-
kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)
-
kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)
-
kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)
-
kernel: USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)
-
kernel: multiple NULL pointer dereference vulnerabilities (CVE-2022-4129, CVE-2022-47929, CVE-2023-0394, CVE-2023-3772, CVE-2023-4459)
-
kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141)
-
kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
-
hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)
-
kernel: Report vmalloc UAF in dvb-core/dmxdev (CVE-2022-41218)
-
kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)
-
kernel: memory corruption in usbmon driver (CVE-2022-43750)
-
kernel: HID: multiple vulnerabilities (CVE-2023-1073, CVE-2023-1079)
-
kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195)
-
kernel: denial of service in tipc_conn_close (CVE-2023-1382)
-
kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838)
-
kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
-
Kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)
-
kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194)
-
kernel: ext4: use-after-free in ext4_xattr_set_entry() (CVE-2023-2513)
-
kernel: fbcon: shift-out-of-bounds in fbcon_set_font() (CVE-2023-3161)
-
kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)
-
kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race (CVE-2023-3567)
-
kernel: Race between task migrating pages and another task calling exit_mmap (CVE-2023-4732)
-
kernel: slab-out-of-bounds read vulnerabilities in cbq_classify (CVE-2023-23454)
-
kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)
-
kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)
-
kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c (CVE-2024-0562)
-
kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)
-
kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
bpf_jit_limit hit again (BZ#2243013)
-
HPE Edgeline 920t resets during kdump context when ice driver is loaded and when system is booted with intel_iommu=on iommu=pt (BZ#2244627)
-
RHEL8.6 - s390/dasd: Use correct lock while counting channel queue length (BZ#2250882)
Related
