(RHSA-2024:5257) Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)

• kernel: KVM: s390: vsie: fix race during shadow creation (CVE-2023-52639)

• kernel: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (CVE-2024-26808)

• kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

• kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

• kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823)

• kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

• kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393)

• kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403)

• kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)

• kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion (CVE-2024-35897)

• kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)

• kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978)

• kernel: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (CVE-2021-47624)

• kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)

• kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)

• kernel: KEV - Beaky Buzzard (CVE-2024-36971)

Bug Fix(es):

• updating nvme firmware, ‘# nvme list’ output does not reflect the new firmware version without rebooting. (JIRA:RHEL-46809)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.