Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2024-08-08 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: powerpc: Fix access beyond end of drmem array (CVE-2023-52451) * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939) * kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622) * kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669) * kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802) * kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843) * kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878) * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886) * kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653) * kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823) * kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658) * kernel: ext4: fix corruption during on-line resize (CVE-2024-35807) * kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801) * kernel: dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947) * kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893) * kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876) * kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864) * kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845) * (CVE-2023-28746) * (CVE-2023-52847) * (CVE-2021-47548) * (CVE-2024-36921) * (CVE-2024-26921) * (CVE-2021-47579) * (CVE-2024-36927) * (CVE-2024-39276) * (CVE-2024-33621) * (CVE-2024-27010) * (CVE-2024-26960) * (CVE-2024-38596) * (CVE-2022-48743) * (CVE-2024-26733) * (CVE-2024-26586) * (CVE-2024-26698) * (CVE-2023-52619) Bug Fix(es): * AlmaLinux8.6 - Spinlock statistics may show negative elapsed time and incorrectly formatted output (JIRA:AlmaLinux-17678) * [AWS][8.9]There are call traces found when booting debug-kernel for Amazon EC2 r8g.metal-24xl instance (JIRA:AlmaLinux-23841) * [almalinux8] gfs2: Fix glock shrinker (JIRA:AlmaLinux-32941) * lan78xx: Microchip LAN7800 never comes up after unplug and replug (JIRA:AlmaLinux-33437) * [Hyper-V][AlmaLinux-8.10.z] Update hv_netvsc driver to TOT (JIRA:AlmaLinux-39074) * Use-after-free on proc inode-i_sb triggered by fsnotify (JIRA:AlmaLinux-40167) * blk-cgroup: Properly propagate the iostat update up the hierarchy [almalinux-8.10.z] (JIRA:AlmaLinux-40939) * (JIRA:AlmaLinux-31798) * (JIRA:AlmaLinux-10263) * (JIRA:AlmaLinux-40901) * (JIRA:AlmaLinux-43547) * (JIRA:AlmaLinux-34876) Enhancement(s): * [RFE] Add module parameters 'soft_reboot_cmd' and 'soft_active_on_boot' for customizing softdog configuration (JIRA:AlmaLinux-19723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-5101.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team