Release Info

Advisory: CLSA-2024:1712570434

OS: AlmaLinux 9.2 ESU

Public date: 2024-04-08 06:00:36

Project: kernel

Version: 7.0.0-284.11.1.el9_2.tuxcare.5.els2

Errata link: https://errata.tuxcare.com/els_os/almalinux9.2fips/CLSA-2024-1712570434.html

Changelog

- bpf: Fix re-attachment branch in bpf_tracing_prog_attach {CVE-2024-26591} - ext4: improve error recovery code paths in __ext4_remount() {CVE-2024-0775} - smb: client: fix OOB in receive_encrypted_standard() {CVE-2024-0565} - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier {CVE-2023-52449} - net: prevent mss overflow in skb_segment() {CVE-2023-52435} - smb: client: fix potential OOBs in smb2_parse_contexts() {CVE-2023-52434} - atm: Fix Use-After-Free in do_vcc_ioctl {CVE-2023-51780} - ida: Fix crash in ida_free when the bitmap is empty {CVE-2023-6915} - nvmet: nul-terminate the NQNs passed in the connect command {CVE-2023-6121} - netfilter: nf_tables: Reject tables of unsupported family {CVE-2023-6040} - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work {CVE-2023-1989} - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() {CVE-2023-1652} - x86/bugs: Flush IBP in ib_prctl_set() {CVE-2023-0045} - Bluetooth: L2CAP: Fix u8 overflow {CVE-2022-45934} - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm {CVE-2022-42896} - x86: Clear .brk area at early boot {CVE-2022-36123} - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os {CVE-2022-3424} - Fix double fget() in vhost_net_set_backend() {CVE-2023-1838} - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() {CVE-2023-1380} - netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one {CVE-2023-39197} - relayfs: fix out-of-bounds access in relay_file_read {CVE-2023-3268} - ipv6: rpl: Fix Route of Death. {CVE-2023-2156} - ipv6: Fix out-of-bounds access in ipv6_find_tlv() {CVE-2023-2156} - net: rpl: fix rpl header size calculation {CVE-2023-2156} - memstick: r592: Fix UAF bug in r592_remove due to race condition {CVE-2023-3141} - ovl: fix use after free in struct ovl_aio_req {CVE-2023-1252} - drm/amdgpu: Fix potential fence use-after-free v2 {CVE-2023-51042} - netfilter: nf_tables: reject QUEUE/DROP verdict parameters {CVE-2024-1086} - perf: Fix perf_event_validate_size() lockdep splat {CVE-2023-6931} - perf: Fix perf_event_validate_size() {CVE-2023-6931} - drm/atomic: Fix potential use-after-free in nonblocking commits {CVE-2023-51043} - nvmet-tcp: Fix the H2C expected PDU len calculation {CVE-2023-6356} - nvmet-tcp: remove boilerplate code {CVE-2023-6356} - nvmet-tcp: fix a crash in nvmet_req_complete() {CVE-2023-6356} - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length {CVE-2023-6356} - net: tls, update curr on splice as well {CVE-2024-0646} - smb: client: fix potential OOB in smb2_dump_detail() {CVE-2023-6610} - smb: client: fix potential OOB in cifs_dump_detail() {CVE-2023-6610} - smb: client: fix OOB in smbCalcSize() {CVE-2023-6606} - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet {CVE-2023-6932} - RDMA/core: Update CMA destination address on rdma_resolve_addr {CVE-2023-2176} - RDMA/core: Refactor rdma_bind_addr {CVE-2023-2176} - nfp: fix use-after-free in area_cache_get() {CVE-2022-3545} - netfilter: nf_tables: skip bound chain on rule flush {CVE-2023-3777} - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb {CVE-2023-40283} - drivers: net: slip: fix NPD bug in sl_tx_timeout() {CVE-2022-41858} - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623} - net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623} - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF {CVE-2023-3567} - nvmet-tcp: Fix a possible UAF in queue intialization setup {CVE-2023-5178} - net: tun: fix bugs for oversize packet when napi frags enabled {CVE-2023-3812} - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c {CVE-2023-42753} - bpf: Fix incorrect verifier pruning due to missing register precision taints {CVE-2023-2163} - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free {CVE-2023-4206} - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free {CVE-2023-4207} - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free {CVE-2023-4208} - net/sched: cls_u32: Fix reference counter leak leading to overflow {CVE-2023-3609} - libceph: harden msgr2.1 frame segment length checks {CVE-2023-44466}

Update

Update command: dnf update kernel*

Packages list

bpftool-7.0.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-abi-stablelists-5.14.0-284.11.1.el9_2.tuxcare.5.els2.noarch.rpm kernel-core-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-cross-headers-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-debug-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-debug-core-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-debug-devel-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-debug-devel-matched-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-debug-modules-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-debug-modules-core-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-debug-modules-extra-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-debug-modules-internal-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-debug-modules-partner-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-debug-uki-virt-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-devel-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-devel-matched-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-doc-5.14.0-284.11.1.el9_2.tuxcare.5.els2.noarch.rpm kernel-headers-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-ipaclones-internal-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-modules-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-modules-core-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-modules-extra-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-modules-internal-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-modules-partner-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-selftests-internal-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-tools-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-tools-libs-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-tools-libs-devel-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm kernel-uki-virt-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm perf-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm python3-perf-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm rtla-5.14.0-284.11.1.el9_2.tuxcare.5.els2.x86_64.rpm

CVEs

CVE-2023-6356
CVE-2022-36123
CVE-2023-1989
CVE-2023-3141
CVE-2023-3567
CVE-2023-3812
CVE-2023-44466
CVE-2023-51780
CVE-2023-6915
CVE-2023-6040
CVE-2023-6121
CVE-2023-39197
CVE-2023-52434
CVE-2022-3545
CVE-2023-6610
CVE-2023-4207
CVE-2023-0045
CVE-2023-3777
CVE-2023-4206
CVE-2024-0565
CVE-2024-0646
CVE-2024-0775
CVE-2023-51043
CVE-2024-1086
CVE-2023-1838
CVE-2022-45934
CVE-2023-2176
CVE-2022-42896
CVE-2022-3424
CVE-2023-1380
CVE-2023-1652
CVE-2023-2156
CVE-2023-3609
CVE-2023-2163
CVE-2023-4623
CVE-2023-42753
CVE-2023-5178
CVE-2023-6932
CVE-2023-6931
CVE-2023-51042
CVE-2023-52435
CVE-2023-52449
CVE-2024-26591
CVE-2022-41858
CVE-2023-3268
CVE-2023-4208
CVE-2023-6606
CVE-2023-1252
CVE-2023-40283