RXSA-2024:1248

Synopsis

Important: kernel security update

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

* kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation (CVE-2024-0193)

* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

* kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)

* kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717)

* kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)

* kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)

* kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)

* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

* kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)

* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 SIG Cloud aarch64 Rocky Linux 9 SIG Cloud x86_64

Fixes

2235306 2246945 2253611 2253614 2253908 2254052 2254053 2254054 2255139 2255653 2259866

CVEs

CVE-2023-4244 CVE-2023-51042 CVE-2023-5717 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-6606 CVE-2023-6610 CVE-2023-6817 CVE-2024-0193 CVE-2024-0646

Affected packages

Rocky Linux 9 SIG Cloud aarch64 - cloud-kernel

bpftool-0:7.2.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm bpftool-debuginfo-0:7.2.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-0:5.14.0-362.24.1.el9_3.cloud.0.6.src.rpm kernel-abi-stablelists-0:5.14.0-362.24.1.el9_3.cloud.0.6.noarch.rpm kernel-core-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-cross-headers-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-debug-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-debug-core-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-debug-debuginfo-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-debug-devel-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-debug-devel-matched-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-debuginfo-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-debug-modules-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-debug-modules-core-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-debug-modules-extra-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-devel-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-devel-matched-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-doc-0:5.14.0-362.24.1.el9_3.cloud.0.6.noarch.rpm kernel-headers-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-modules-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-modules-core-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-modules-extra-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-tools-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-tools-debuginfo-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-tools-libs-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm kernel-tools-libs-devel-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm perf-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm perf-debuginfo-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm python3-perf-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm python3-perf-debuginfo-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm rtla-0:5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm

Rocky Linux 9 SIG Cloud x86_64 - cloud-kernel

bpftool-0:7.2.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm bpftool-debuginfo-0:7.2.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-0:5.14.0-362.24.1.el9_3.cloud.0.6.src.rpm kernel-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-abi-stablelists-0:5.14.0-362.24.1.el9_3.cloud.0.6.noarch.rpm kernel-core-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-cross-headers-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-debug-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-debug-core-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-debug-debuginfo-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-debug-devel-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-debug-devel-matched-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-debuginfo-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-debug-modules-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-debug-modules-core-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-debug-modules-extra-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-devel-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-devel-matched-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-doc-0:5.14.0-362.24.1.el9_3.cloud.0.6.noarch.rpm kernel-headers-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-modules-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-modules-core-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-modules-extra-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-tools-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-tools-debuginfo-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-tools-libs-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm kernel-tools-libs-devel-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm perf-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm perf-debuginfo-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm python3-perf-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm python3-perf-debuginfo-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm rtla-0:5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm

Rocky Linux 9 SIG Cloud x86_64 - cloud-common

kernel-0:5.14.0-362.24.1.el9_3.cloud.0.6.src.rpm

Rocky Linux 9 SIG Cloud aarch64 - cloud-common

kernel-0:5.14.0-362.24.1.el9_3.cloud.0.6.src.rpm