The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)
kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)
kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)
kernel: media: em28xx: initialize refcount before kref_get (CVE-2022-3239)
kernel: use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625)
kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)
hw: cpu: arm64: Spectre-BHB (CVE-2022-23960)
kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)
kernel: vmwgfx: integer overflow in vmwgfx_execbuf.c (CVE-2022-36402)
kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)
kernel: vmwgfx: use-after-free in vmw_cmd_res_check (CVE-2022-38457)
kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context (CVE-2022-40133)
kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)
kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event’s read_size (CVE-2023-6931)
kernel: KVM: nVMX: missing consistency checks for CR0 and CR4 (CVE-2023-30456)
kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)
kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)
kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.