{"schema_version": "1.3.1", "id": "RLSA-2024:8856", "modified": "2024-11-08T15:59:23.942443Z", "published": "2024-11-08T15:56:34.521391Z", "related": ["CVE-2022-48773", "CVE-2022-48936", "CVE-2023-52492", "CVE-2024-24857", "CVE-2024-26851", "CVE-2024-26924", "CVE-2024-26976", "CVE-2024-27017", "CVE-2024-27062", "CVE-2024-35839", "CVE-2024-35898", "CVE-2024-35939", "CVE-2024-38540", "CVE-2024-38541", "CVE-2024-38586", "CVE-2024-38608", "CVE-2024-39503", "CVE-2024-40924", "CVE-2024-40961", "CVE-2024-40983", "CVE-2024-40984", "CVE-2024-41009", "CVE-2024-41042", "CVE-2024-41066", "CVE-2024-41092", "CVE-2024-41093", "CVE-2024-42070", "CVE-2024-42079", "CVE-2024-42244", "CVE-2024-42284", "CVE-2024-42292", "CVE-2024-42301", "CVE-2024-43854", "CVE-2024-43880", "CVE-2024-43889", "CVE-2024-43892", "CVE-2024-44935", "CVE-2024-44989", "CVE-2024-44990", "CVE-2024-45018", "CVE-2024-46826", "CVE-2024-47668"], "summary": "Moderate: kernel security update", "details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)\n\n* kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)\n\n* kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)\n\n* kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)\n\n* kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)\n\n* kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)\n\n* kernel: nouveau: lock the client object tree. (CVE-2024-27062)\n\n* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)\n\n* kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)\n\n* kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)\n\n* kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)\n\n* kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)\n\n* kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)\n\n* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)\n\n* kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)\n\n* kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)\n\n* kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)\n\n* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)\n\n* kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)\n\n* kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)\n\n* kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)\n\n* kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)\n\n* kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)\n\n* kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)\n\n* kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)\n\n* kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)\n\n* kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)\n\n* kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)\n\n* kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)\n\n* kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)\n\n* kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)\n\n* kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)\n\n* kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)\n\n* kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)\n\n* kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)\n\n* kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)\n\n* kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)\n\n* kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)\n\n* kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)\n\n* kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)\n\n* kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)\n\n* kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "affected": [{"package": {"ecosystem": "Rocky Linux:8", "name": "kernel", "purl": "pkg:rpm/rocky-linux/kernel?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:4.18.0-553.27.1.el8_10"}], "database_specific": {"yum_repository": "BaseOS"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2024:8856"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266247"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269183"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275750"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277168"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278262"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278350"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278387"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281284"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281669"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281817"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293356"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293402"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293458"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293459"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297475"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297508"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297545"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297567"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297568"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298109"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298412"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300412"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300442"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300487"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300488"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300508"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300517"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307862"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307865"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307892"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309852"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309853"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311715"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315178"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317601"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}