{"schema_version": "1.3.1", "id": "RLSA-2024:3618", "modified": "2024-06-14T14:02:18.249662Z", "published": "2024-06-14T13:59:16.809606Z", "related": ["CVE-2019-25162", "CVE-2020-36777", "CVE-2021-46934", "CVE-2021-47013", "CVE-2021-47055", "CVE-2021-47118", "CVE-2021-47153", "CVE-2021-47171", "CVE-2021-47185", "CVE-2022-48627", "CVE-2022-48669", "CVE-2023-52439", "CVE-2023-52445", "CVE-2023-52477", "CVE-2023-52513", "CVE-2023-52520", "CVE-2023-52528", "CVE-2023-52565", "CVE-2023-52578", "CVE-2023-52594", "CVE-2023-52595", "CVE-2023-52598", "CVE-2023-52606", "CVE-2023-52607", "CVE-2023-52610", "CVE-2023-6240", "CVE-2024-0340", "CVE-2024-23307", "CVE-2024-25744", "CVE-2024-26593", "CVE-2024-26603", "CVE-2024-26610", "CVE-2024-26615", "CVE-2024-26642", "CVE-2024-26643", "CVE-2024-26659", "CVE-2024-26664", "CVE-2024-26693", "CVE-2024-26694", "CVE-2024-26743", "CVE-2024-26744", "CVE-2024-26779", "CVE-2024-26872", "CVE-2024-26892", "CVE-2024-26897", "CVE-2024-26901", "CVE-2024-26919", "CVE-2024-26933", "CVE-2024-26934", "CVE-2024-26964", "CVE-2024-26973", "CVE-2024-26993", "CVE-2024-27014", "CVE-2024-27048", "CVE-2024-27052", "CVE-2024-27056", "CVE-2024-27059"], "summary": "Moderate: kernel update", "details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Marvin vulnerability side-channel leakage in the RSA decryption\noperation (CVE-2023-6240)\n\n* kernel: Information disclosure in vhost/vhost.c:vhost_new_msg()\n(CVE-2024-0340)\n\n* kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744)\n\n* kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593)\n\n* kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445)\n\n* kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer\nthat cause loop forever (CVE-2024-26603)\n\n* kernel: use after free in i2c (CVE-2019-25162)\n\n* kernel: i2c: validate user data in compat ioctl (CVE-2021-46934)\n\n* kernel: media: dvbdev: Fix memory leak in dvb_media_device_free()\n(CVE-2020-36777)\n\n* kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors\n(CVE-2023-52477)\n\n* kernel: mtd: require write permissions for locking and badblock ioctls\n(CVE-2021-47055)\n\n* kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump\n(CVE-2024-26615)\n\n* kernel: vt: fix memory overlapping when deleting chars in the buffer\n(CVE-2022-48627)\n\n* kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307)\n\n* kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu()\n(CVE-2023-52565)\n\n* kernel: net: bridge: data races indata-races in br_handle_frame_finish()\n(CVE-2023-52578)\n\n* kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg\n(CVE-2023-52528)\n\n* kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520)\n\n* kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513)\n\n* kernel: pid: take a reference when initializing `cad_pid` (CVE-2021-47118)\n\n* kernel: net/sched: act_ct: fix skb leak and crash on ooo frags\n(CVE-2023-52610)\n\n* kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set\nwith timeout (CVE-2024-26643)\n\n* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag\n(CVE-2024-26642)\n\n* kernel: i2c: i801: Don't generate an interrupt on bus reset\n(CVE-2021-47153)\n\n* kernel: xhci: handle isoc Babble and Buffer Overrun events properly\n(CVE-2024-26659)\n\n* kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664)\n\n* kernel: wifi: mac80211: fix race condition on enabling fast-xmit\n(CVE-2024-26779)\n\n* kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter\n(CVE-2024-26744)\n\n* kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743)\n\n* kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc\n(CVE-2021-47185)\n\n* kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak\n(CVE-2024-26901)\n\n* kernel: RDMA/srpt: Do not register event handler until srpt device is fully\nsetup (CVE-2024-26872)\n\n* kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919)\n\n* kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964)\n\n* kernel: USB: core: Fix deadlock in usb_deauthorize_interface()\n(CVE-2024-26934)\n\n* kernel: USB: core: Fix deadlock in port "disable" sysfs attribute\n(CVE-2024-26933)\n\n* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection()\n(CVE-2024-26993)\n\n* kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973)\n\n* kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command\n(CVE-2024-27059)\n\n* kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013)\n\n* kernel: net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171)\n\n* kernel: powerpc/pseries: Fix potential memleak in papr_get_attr() (CVE-2022-48669)\n\n* kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439)\n\n* kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (CVE-2023-52594)\n\n* kernel: wifi: rt2x00: restart beacon queue when hardware reset (CVE-2023-52595)", "affected": [{"package": {"ecosystem": "Rocky Linux:8", "name": "kernel", "purl": "pkg:rpm/rocky-linux/kernel?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:4.18.0-553.5.1.el8_10"}], "database_specific": {"yum_repository": "BaseOS"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2024:3618"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250843"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257406"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263875"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265271"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265646"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265654"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265833"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266296"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266446"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266746"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266841"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267038"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267185"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267355"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267509"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267705"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267724"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267758"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267789"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267797"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267804"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268291"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268293"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268309"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268315"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268317"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269213"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269856"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270080"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270879"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270881"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271469"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271476"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272780"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272791"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273092"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273094"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273223"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273260"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273262"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274624"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275645"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275655"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275666"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275707"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275777"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278169"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278237"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278240"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278268"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278314"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278356"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278398"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278409"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278417"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278431"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278537"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}