Release Info

Advisory: CLSA-2024:1725871927

OS: CentOS Stream 8 ELS

Public date: 2024-09-09 04:52:09

Project: kernel

Version: 4.18.0-553.6.1.el8_10.tuxcare.els2

Errata link: https://errata.tuxcare.com/els_os/centos-stream8els/CLSA-2024-1725871927.html

Changelog

- gfs2: Fix potential glock use-after-free on unmount {CVE-2024-38570} - gfs2: Remove ill-placed consistency check {CVE-2024-38570} - gfs2: introduce new gfs2_glock_assert_withdraw {CVE-2024-38570} - gfs2: simplify gdlm_put_lock with out_free label {CVE-2024-38570} - wifi: mt76: replace skb_put with skb_put_zero {CVE-2024-42225} - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD {CVE-2024-42161} - drm/amdgpu/mes: fix use-after-free issue {CVE-2024-38581} - drm/amd/display: Fix potential index out of bounds in color transformation function {CVE-2024-38552} - net: bridge: mst: fix suspicious rcu usage in br_mst_set_state {CVE-2024-36979} - net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state {CVE-2024-36979} - net: bridge: mst: fix vlan use-after-free {CVE-2024-36979} - netfilter: nft_limit: reject configurations that cause integer overflow {CVE-2024-26668} - ima: Fix use-after-free on a dentry's dname.name {CVE-2024-39494} - ima: define ima_max_digest_data struct without a flexible array variable - ima: detect changes to the backing overlay file - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc {CVE-2024-42228} - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list {CVE-2024-40956} - drm/amdgpu: add error handle to avoid out-of-bounds {CVE-2024-39471} - net/sched: flower: Fix chain template offload {CVE-2024-26669} - userfaultfd: fix a race between writeprotect and exit_mmap() {CVE-2021-47461} - scsi: mpi3mr: Sanitise num_phys {CVE-2024-42159} - ata: libata-core: Fix double free on error {CVE-2024-41087} - net/mlx5: Discard command completions in internal error {CVE-2024-38555} - net: bridge: xmit: make sure we have at least eth header len bytes {CVE-2024-38538} - net: sched: sch_multiq: fix possible OOB write in multiq_tune() {CVE-2024-36978} - drm/vmwgfx: Fix invalid reads in fence signaled events {CVE-2024-36960} - tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). {CVE-2024-36904} - tipc: fix UAF in error path {CVE-2024-36886} - net: fix out-of-bounds access in ops_init {CVE-2024-36883} - tap: add missing verification for short frame {CVE-2024-41090} - tun: add missing verification for short frame {CVE-2024-41091} - netfilter: nf_tables: use timestamp to check for set element timeout {CVE-2024-27397} - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path {CVE-2024-26925} - netfilter: nf_tables: release batch on table validation from abort path {CVE-2024-26925} - netfilter: nf_tables: discard table flag update with pending basechain deletion {CVE-2024-26925} - netfilter: nf_tables: reject table flag and netdev basechain updates {CVE-2024-26925} - af_unix: Fix garbage collector racing against connect() {CVE-2024-26923} - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() {CVE-2024-26852} - sched/psi: Fix use-after-free in ep_remove_wait_queue() {CVE-2023-52707} - wait: add wake_up_pollfree() {CVE-2023-52707} - tcp_metrics: validate source addr length {CVE-2024-42154}

Update

Update command: dnf update kernel*

Packages list

bpftool-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-core-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-cross-headers-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-debug-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-debug-core-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-debug-devel-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-debug-modules-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-debug-modules-internal-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-devel-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-headers-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-ipaclones-internal-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-modules-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-modules-extra-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-modules-internal-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-selftests-internal-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-tools-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-tools-libs-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm perf-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm python3-perf-4.18.0-553.6.1.el8_10.tuxcare.els2.x86_64.rpm

CVEs

CVE-2024-26925
CVE-2024-42228
CVE-2024-36978
CVE-2024-42225
CVE-2024-40956
CVE-2024-42159
CVE-2024-38570
CVE-2024-26852
CVE-2024-36904
CVE-2024-41087
CVE-2024-41091
CVE-2024-41090
CVE-2024-38555
CVE-2021-47461
CVE-2024-42154
CVE-2024-26668
CVE-2024-38581
CVE-2024-36883
CVE-2024-36886
CVE-2023-52707
CVE-2024-42161
CVE-2024-38552
CVE-2024-36960
CVE-2024-39494
CVE-2024-27397
CVE-2024-26923
CVE-2024-39471
CVE-2024-36979
CVE-2024-38538
CVE-2024-26669