Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2023-10-03 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390) * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776) * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004) * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001) * kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788) * kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * low memory deadlock with md devices and external (imsm) metadata handling - requires a kernfs notification backport (BZ#2208540) * Intel 8.9 BUG, SPR EMR FHF ACPI: Fix system hang during S3 wakeup (BZ#2218025) * OCS 4.8, cephfs kernel crash: mds_dispatch ceph_handle_snap unable to handle kernel NULL (BZ#2218271) * st_gmac: tx-checksum offload on vlan is not consistent with st_gmac interface (BZ#2219907) * refcount_t overflow often happens in mem_cgroup_id_get_online() (BZ#2221010) * avoid unnecessary page fault retires on shared memory types (BZ#2221100) * enable conntrack clash resolution for GRE (BZ#2223542) * ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (BZ#2224515) * libceph: harden msgr2.1 frame segment length checks [8.x] (BZ#2227073) * Important iavf bug fixes July 2023 (BZ#2228161) * i40e error: Cannot set interface MAC/vlanid to 1e:b7:e2:02:b1:aa/0 for ifname ens4f0 vf 0: Resource temporarily unavailable (BZ#2228163) * oops on cifs_mount due to null tcon (BZ#2229128) * iptables argument "--suppl-groups" in extension "owner" does not work in AlmaLinux8 (BZ#2229715) * Hyper-V AlmaLinux 8: incomplete fc_transport implementation in storvsc causes null dereference in fc_timed_out() (BZ#2230743) * Withdrawal: GFS2: could not freeze filesystem: -16 (BZ#2231825) * AlmaLinux 8 Hyper-V: Excessive hv_storvsc driver logging with srb_status SRB_STATUS_INTERNAL_ERROR (0x30) (BZ#2231988) * AlmaLinux-8: crypto: rng - Fix lock imbalance in crypto_del_rng (BZ#2232215) * Intel 8.9 iavf: Driver Update (BZ#2232399) * Hyper-V AlmaLinux-8 hv_storvsc driver logging excessive storvsc_log events for storvsc_on_io_completion() function (BZ#2233227) Enhancement(s): * Intel 8.9 FEAT, EMR perf: Add EMR CPU PMU support (BZ#2230152) * Intel 8.9 FEAT, SPR EMR power: Add uncore frequency control driver (BZ#2230158) * Intel 8.9 FEAT EMR perf: RAPL PMU support on EMR (BZ#2230162) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2023-5244.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team