[Apollo] Advisories Statistics light light Login

RLSA-2024:8617

Security Mirrored from RHSA-2024:8617
Issued at: 2024-11-08
Updated at: 2024-11-08

Synopsis

Moderate: kernel security update



Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201)

* kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)

* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)

* kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935)

* kernel: tty: Fix out-of-bound vmalloc access in imageblit (CVE-2021-47383)

* kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244)

* kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472)

* kernel: netfilter: nft_inner: validate mandatory meta and payload (CVE-2024-39504)

* kernel: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CVE-2024-40904)

* kernel: mptcp: ensure snd_una is properly initialized on connect (CVE-2024-40931)

* kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960)

* kernel: ext4: do not create EA inode under buffer lock (CVE-2024-40972)

* kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CVE-2024-40977)

* kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995)

* kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998)

* kernel: netpoll: Fix race condition in netpoll_owner_active (CVE-2024-41005)

* kernel: xfs: don't walk off the end of a directory data block (CVE-2024-41013)

* kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)

* kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

* kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64

Fixes

2268118 2270100 2275604 2277171 2278176 2278235 2282357 2293654 2296067 2297476 2297488 2297515 2297544 2297556 2297561 2297579 2297582 2297589 2300296 2300297 2311715

CVEs

CVE-2021-47383 CVE-2024-2201 CVE-2024-26640 CVE-2024-26826 CVE-2024-26923 CVE-2024-26935 CVE-2024-26961 CVE-2024-36244 CVE-2024-39472 CVE-2024-39504 CVE-2024-40904 CVE-2024-40931 CVE-2024-40960 CVE-2024-40972 CVE-2024-40977 CVE-2024-40995 CVE-2024-40998 CVE-2024-41005 CVE-2024-41013 CVE-2024-41014 CVE-2024-43854 CVE-2024-45018

Affected packages

Rocky Linux 9 ppc64le - BaseOS

kernel-0:5.14.0-427.42.1.el9_4.ppc64le.rpm bpftool-0:7.3.0-427.42.1.el9_4.ppc64le.rpm bpftool-debuginfo-0:7.3.0-427.42.1.el9_4.ppc64le.rpm kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-abi-stablelists-0:5.14.0-427.42.1.el9_4.noarch.rpm kernel-core-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-debug-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-debug-core-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-debug-debuginfo-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-debuginfo-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-debug-modules-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-debug-modules-core-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-debug-modules-extra-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-modules-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-modules-core-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-modules-extra-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-tools-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-tools-debuginfo-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-tools-libs-0:5.14.0-427.42.1.el9_4.ppc64le.rpm python3-perf-0:5.14.0-427.42.1.el9_4.ppc64le.rpm python3-perf-debuginfo-0:5.14.0-427.42.1.el9_4.ppc64le.rpm

Rocky Linux 9 s390x - BaseOS

kernel-0:5.14.0-427.42.1.el9_4.s390x.rpm bpftool-0:7.3.0-427.42.1.el9_4.s390x.rpm bpftool-debuginfo-0:7.3.0-427.42.1.el9_4.s390x.rpm kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-abi-stablelists-0:5.14.0-427.42.1.el9_4.noarch.rpm kernel-core-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-debug-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-debug-core-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-debug-debuginfo-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-debuginfo-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-debug-modules-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-debug-modules-core-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-debug-modules-extra-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-modules-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-modules-core-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-modules-extra-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-tools-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-tools-debuginfo-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-zfcpdump-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-zfcpdump-core-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-zfcpdump-debuginfo-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-zfcpdump-modules-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-zfcpdump-modules-core-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-zfcpdump-modules-extra-0:5.14.0-427.42.1.el9_4.s390x.rpm python3-perf-0:5.14.0-427.42.1.el9_4.s390x.rpm python3-perf-debuginfo-0:5.14.0-427.42.1.el9_4.s390x.rpm

Rocky Linux 9 aarch64 - BaseOS

bpftool-0:7.3.0-427.42.1.el9_4.aarch64.rpm bpftool-debuginfo-0:7.3.0-427.42.1.el9_4.aarch64.rpm kernel-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-64k-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-core-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-debug-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-debug-core-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-debug-debuginfo-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-debuginfo-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-debug-modules-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-debug-modules-core-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-debug-modules-extra-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-modules-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-modules-core-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-modules-extra-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-abi-stablelists-0:5.14.0-427.42.1.el9_4.noarch.rpm kernel-core-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-debug-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-debug-core-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-debug-debuginfo-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-debuginfo-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-debug-modules-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-debug-modules-core-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-debug-modules-extra-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-modules-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-modules-core-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-modules-extra-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-tools-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-tools-debuginfo-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-tools-libs-0:5.14.0-427.42.1.el9_4.aarch64.rpm python3-perf-0:5.14.0-427.42.1.el9_4.aarch64.rpm python3-perf-debuginfo-0:5.14.0-427.42.1.el9_4.aarch64.rpm

Rocky Linux 9 x86_64 - BaseOS

bpftool-0:7.3.0-427.42.1.el9_4.x86_64.rpm bpftool-debuginfo-0:7.3.0-427.42.1.el9_4.x86_64.rpm kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-abi-stablelists-0:5.14.0-427.42.1.el9_4.noarch.rpm kernel-core-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-debug-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-debug-core-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-debug-debuginfo-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-debuginfo-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-debug-modules-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-debug-modules-core-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-debug-modules-extra-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-debug-uki-virt-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-modules-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-modules-core-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-modules-extra-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-tools-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-tools-debuginfo-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-tools-libs-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-uki-virt-0:5.14.0-427.42.1.el9_4.x86_64.rpm python3-perf-0:5.14.0-427.42.1.el9_4.x86_64.rpm python3-perf-debuginfo-0:5.14.0-427.42.1.el9_4.x86_64.rpm

Rocky Linux 9 x86_64 - RT

kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-rt-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-core-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-core-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-debuginfo-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-devel-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debuginfo-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-modules-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-modules-core-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-modules-extra-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-devel-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-modules-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-modules-core-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-modules-extra-0:5.14.0-427.42.1.el9_4.x86_64.rpm

Rocky Linux 9 x86_64 - NFV

kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-rt-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-core-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-core-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-debuginfo-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-devel-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debuginfo-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-kvm-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-modules-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-modules-core-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-debug-modules-extra-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-devel-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-kvm-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-modules-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-modules-core-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-rt-modules-extra-0:5.14.0-427.42.1.el9_4.x86_64.rpm

Rocky Linux 9 x86_64 - CRB

kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-cross-headers-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-tools-libs-devel-0:5.14.0-427.42.1.el9_4.x86_64.rpm libperf-0:5.14.0-427.42.1.el9_4.x86_64.rpm libperf-debuginfo-0:5.14.0-427.42.1.el9_4.x86_64.rpm

Rocky Linux 9 x86_64 - AppStream

kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-debug-devel-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-debug-devel-matched-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-devel-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-devel-matched-0:5.14.0-427.42.1.el9_4.x86_64.rpm kernel-doc-0:5.14.0-427.42.1.el9_4.noarch.rpm kernel-headers-0:5.14.0-427.42.1.el9_4.x86_64.rpm perf-0:5.14.0-427.42.1.el9_4.x86_64.rpm perf-debuginfo-0:5.14.0-427.42.1.el9_4.x86_64.rpm rtla-0:5.14.0-427.42.1.el9_4.x86_64.rpm rv-0:5.14.0-427.42.1.el9_4.x86_64.rpm

Rocky Linux 9 aarch64 - AppStream

kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-64k-debug-devel-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-debug-devel-matched-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-devel-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-64k-devel-matched-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-debug-devel-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-debug-devel-matched-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-devel-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-devel-matched-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-doc-0:5.14.0-427.42.1.el9_4.noarch.rpm kernel-headers-0:5.14.0-427.42.1.el9_4.aarch64.rpm perf-0:5.14.0-427.42.1.el9_4.aarch64.rpm perf-debuginfo-0:5.14.0-427.42.1.el9_4.aarch64.rpm rtla-0:5.14.0-427.42.1.el9_4.aarch64.rpm rv-0:5.14.0-427.42.1.el9_4.aarch64.rpm

Rocky Linux 9 aarch64 - CRB

kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-cross-headers-0:5.14.0-427.42.1.el9_4.aarch64.rpm kernel-tools-libs-devel-0:5.14.0-427.42.1.el9_4.aarch64.rpm libperf-0:5.14.0-427.42.1.el9_4.aarch64.rpm libperf-debuginfo-0:5.14.0-427.42.1.el9_4.aarch64.rpm

Rocky Linux 9 aarch64 - NFV

kernel-0:5.14.0-427.42.1.el9_4.src.rpm

Rocky Linux 9 s390x - NFV

kernel-0:5.14.0-427.42.1.el9_4.src.rpm

Rocky Linux 9 s390x - AppStream

kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-debug-devel-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-debug-devel-matched-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-devel-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-devel-matched-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-doc-0:5.14.0-427.42.1.el9_4.noarch.rpm kernel-headers-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-zfcpdump-devel-0:5.14.0-427.42.1.el9_4.s390x.rpm kernel-zfcpdump-devel-matched-0:5.14.0-427.42.1.el9_4.s390x.rpm perf-0:5.14.0-427.42.1.el9_4.s390x.rpm perf-debuginfo-0:5.14.0-427.42.1.el9_4.s390x.rpm rtla-0:5.14.0-427.42.1.el9_4.s390x.rpm rv-0:5.14.0-427.42.1.el9_4.s390x.rpm

Rocky Linux 9 s390x - CRB

kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-cross-headers-0:5.14.0-427.42.1.el9_4.s390x.rpm libperf-0:5.14.0-427.42.1.el9_4.s390x.rpm libperf-debuginfo-0:5.14.0-427.42.1.el9_4.s390x.rpm

Rocky Linux 9 ppc64le - NFV

kernel-0:5.14.0-427.42.1.el9_4.src.rpm

Rocky Linux 9 ppc64le - AppStream

kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-debug-devel-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-debug-devel-matched-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-devel-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-devel-matched-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-doc-0:5.14.0-427.42.1.el9_4.noarch.rpm kernel-headers-0:5.14.0-427.42.1.el9_4.ppc64le.rpm perf-0:5.14.0-427.42.1.el9_4.ppc64le.rpm perf-debuginfo-0:5.14.0-427.42.1.el9_4.ppc64le.rpm rtla-0:5.14.0-427.42.1.el9_4.ppc64le.rpm rv-0:5.14.0-427.42.1.el9_4.ppc64le.rpm

Rocky Linux 9 ppc64le - CRB

kernel-0:5.14.0-427.42.1.el9_4.src.rpm kernel-cross-headers-0:5.14.0-427.42.1.el9_4.ppc64le.rpm kernel-tools-libs-devel-0:5.14.0-427.42.1.el9_4.ppc64le.rpm libperf-0:5.14.0-427.42.1.el9_4.ppc64le.rpm libperf-debuginfo-0:5.14.0-427.42.1.el9_4.ppc64le.rpm