Release Info

Advisory: CLSA-2025:1749480611

OS: AlmaLinux 9.2 ESU

Public date: 2025-06-09 14:50:14

Project: kernel

Version: 7.0.0-284.1101.el9_2.tuxcare.7.els14

Errata link: https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2025-1749480611.html

Changelog

- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow {CVE-2024-38577} - tcp: fix mptcp DSS corruption due to large pmtu xmit {CVE-2024-50083} - vsock: Keep the binding until socket destruction {CVE-2025-21756} - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove {CVE-2025-22020} - drm/i915: Fix potential bit_17 double-free {CVE-2023-52930} - netfilter: nft_tunnel: fix geneve_opt type confusion addition {CVE-2025-22056} - mm: shmem: fix data-race in shmem_getattr() {CVE-2024-46828} - nvmet-auth: assign dh_key to NULL after kfree_sensitive {CVE-2024-50215} - net: explicitly clear the sk pointer, when pf->create fails {CVE-2024-50186} - net: wwan: fix global oob in wwan_rtnl_policy {CVE-2024-50128} - ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free {CVE-2024-49983} - vhost_vdpa: assign irq bypass producer token correctly {CVE-2024-47748} - wifi: rtw88: always wait for both firmware loading attempts {CVE-2024-47718} - sched: sch_cake: fix bulk flow accounting logic for host fairness {CVE-2024-46828} - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF {CVE-2024-46786} - net: bridge: mcast: wait for previous gc cycles when removing port {CVE-2024-44934} - vhost/vsock: always initialize seqpacket_allow {CVE-2024-43873} - ext4: check dot and dotdot of dx_root before making dir indexed {CVE-2024-42305} - nfsd: make sure exp active before svc_export_show {CVE-2024-56558} - SUNRPC: make sure cache entry active before cache_show {CVE-2024-53174} - Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync {CVE-2024-53208} - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one {CVE-2024-56663} - Bluetooth: fix use-after-free in device_for_each_child() {CVE-2024-53237} - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails {CVE-2022-49029} - tracing: Free buffers when a used dynamic event is removed {CVE-2022-49006} - net: tun: Fix use-after-free in tun_detach() {CVE-2022-49014}

Update

Update command: dnf update kernel*

Packages list

bpftool-7.0.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-abi-stablelists-5.14.0-284.1101.el9_2.tuxcare.7.els14.noarch.rpm kernel-core-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-cross-headers-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-debug-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-debug-core-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-debug-devel-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-debug-devel-matched-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-debug-modules-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-debug-modules-core-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-debug-modules-extra-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-debug-modules-internal-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-debug-modules-partner-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-debug-uki-virt-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-devel-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-devel-matched-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-doc-5.14.0-284.1101.el9_2.tuxcare.7.els14.noarch.rpm kernel-headers-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-ipaclones-internal-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-modules-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-modules-core-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-modules-extra-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-modules-internal-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-modules-partner-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-selftests-internal-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-tools-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-tools-libs-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-tools-libs-devel-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm kernel-uki-virt-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm libbpf-1.0.0-2.el9_2.tuxcare.7.els14.i686.rpm libbpf-1.0.0-2.el9_2.tuxcare.7.els14.x86_64.rpm libbpf-devel-1.0.0-2.el9_2.tuxcare.7.els14.i686.rpm libbpf-devel-1.0.0-2.el9_2.tuxcare.7.els14.x86_64.rpm libbpf-static-1.0.0-2.el9_2.tuxcare.7.els14.i686.rpm libbpf-static-1.0.0-2.el9_2.tuxcare.7.els14.x86_64.rpm perf-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm python3-perf-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm rtla-5.14.0-284.1101.el9_2.tuxcare.7.els14.x86_64.rpm

CVEs

CVE-2024-46786
CVE-2025-22056
CVE-2025-22020
CVE-2025-21756
CVE-2024-38577
CVE-2024-42305
CVE-2024-56558
CVE-2022-49029
CVE-2024-53237
CVE-2024-53208
CVE-2024-53174
CVE-2024-46828
CVE-2024-47718
CVE-2024-43873
CVE-2024-49983
CVE-2024-50083
CVE-2024-56663
CVE-2023-52930
CVE-2024-50215
CVE-2024-50186
CVE-2024-47748
CVE-2024-44934
CVE-2022-49006
CVE-2022-49014
CVE-2024-50128