RXSA-2024:6567

Security

Mirrored from RHSA-2024:6567

Issued at: 2024-09-17

Updated at: 2024-09-17

Synopsis

Moderate: kernel security update

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)

* kernel: nfsd: fix RELEASE_LOCKOWNER (CVE-2024-26629)

* kernel: mm: cachestat: fix folio read-after-free in cache walk (CVE-2024-26630)

* kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720)

* kernel: Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886)

* kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)

* kernel: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (CVE-2024-35791)

* kernel: mm: cachestat: fix two shmem bugs (CVE-2024-35797)

* kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875)

* kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000)

* kernel: iommufd: Fix missing update of domains_itree after splitting iopt_area (CVE-2023-52801)

* kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883)

* kernel: regmap: maple: Fix cache corruption in regcache_maple_drop() (CVE-2024-36019)

* kernel: usb-storage: alauda: Check whether the media is initialized (CVE-2024-38619)

* kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979)

* kernel: scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559)

* kernel: xhci: Handle TD clearing for multiple streams case (CVE-2024-40927)

* kernel: cxl/region: Fix memregion leaks in devm_cxl_add_region() (CVE-2024-40936)

* kernel: net/sched: Fix UAF when resolving a clash (CVE-2024-41040)

* kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)

* kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)

* kernel: PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096)

* kernel: xdp: Remove WARN() from __xdp_reg_mem_model() (CVE-2024-42082)

* kernel: x86: stop playing stack games in profile_pc() (CVE-2024-42096)

* kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)

* kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131)

* kernel: nvme: avoid double free special payload (CVE-2024-41073)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 SIG Cloud aarch64

Rocky Linux 9 SIG Cloud x86_64

Fixes

2265797

2269434

2269436

2273141

2275678

2278206

2281052

2281151

2281727

2281968

2282709

2284271

2284402

2293273

2293276

2293440

2297511

2297520

2300409

2300414

2300429

2300491

2300520

2300713

2301465

2301496

2301637

CVEs

CVE-2023-52463

CVE-2023-52801

CVE-2024-26629

CVE-2024-26630

CVE-2024-26720

CVE-2024-26886

CVE-2024-26946

CVE-2024-35791

CVE-2024-35797

CVE-2024-35875

CVE-2024-36000

CVE-2024-36019

CVE-2024-36883

CVE-2024-36979

CVE-2024-38559

CVE-2024-38619

CVE-2024-40927

CVE-2024-40936

CVE-2024-41040

CVE-2024-41044

CVE-2024-41055

CVE-2024-41073

CVE-2024-41096

CVE-2024-42082

CVE-2024-42096

CVE-2024-42102

CVE-2024-42131

Affected packages

Rocky Linux 9 SIG Cloud aarch64 - cloud-kernel

bpftool-0:7.3.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

bpftool-debuginfo-0:7.3.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-0:5.14.0-427.35.1.el9_4.cloud.1.0.src.rpm

kernel-abi-stablelists-0:5.14.0-427.35.1.el9_4.cloud.1.0.noarch.rpm

kernel-core-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-cross-headers-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-debug-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-debug-core-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-debug-debuginfo-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-debug-devel-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-debug-devel-matched-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-debuginfo-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-debug-modules-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-debug-modules-core-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-debug-modules-extra-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-devel-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-devel-matched-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-doc-0:5.14.0-427.35.1.el9_4.cloud.1.0.noarch.rpm

kernel-headers-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-modules-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-modules-core-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-modules-extra-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-tools-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-tools-debuginfo-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-tools-libs-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

kernel-tools-libs-devel-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

perf-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

perf-debuginfo-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

python3-perf-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

python3-perf-debuginfo-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

rtla-0:5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm

Rocky Linux 9 SIG Cloud x86_64 - cloud-kernel

bpftool-0:7.3.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

bpftool-debuginfo-0:7.3.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-0:5.14.0-427.35.1.el9_4.cloud.1.0.src.rpm

kernel-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-abi-stablelists-0:5.14.0-427.35.1.el9_4.cloud.1.0.noarch.rpm

kernel-core-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-cross-headers-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-debug-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-debug-core-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-debug-debuginfo-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-debug-devel-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-debug-devel-matched-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-debuginfo-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-debug-modules-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-debug-modules-core-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-debug-modules-extra-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-devel-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-devel-matched-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-doc-0:5.14.0-427.35.1.el9_4.cloud.1.0.noarch.rpm

kernel-headers-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-modules-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-modules-core-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-modules-extra-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-tools-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-tools-debuginfo-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-tools-libs-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

kernel-tools-libs-devel-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

perf-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

perf-debuginfo-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

python3-perf-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

python3-perf-debuginfo-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

rtla-0:5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm

Rocky Linux 9 SIG Cloud x86_64 - cloud-common

kernel-0:5.14.0-427.35.1.el9_4.cloud.1.0.src.rpm

Rocky Linux 9 SIG Cloud aarch64 - cloud-common

kernel-0:5.14.0-427.35.1.el9_4.cloud.1.0.src.rpm