Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Moderate Release date: 2024-06-05 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) * kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744) * kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593) * kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445) * kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever (CVE-2024-26603) * kernel: use after free in i2c (CVE-2019-25162) * kernel: i2c: validate user data in compat ioctl (CVE-2021-46934) * kernel: media: dvbdev: Fix memory leak in dvb_media_device_free() (CVE-2020-36777) * kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors (CVE-2023-52477) * kernel: mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055) * kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump (CVE-2024-26615) * kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627) * kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307) * kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu() (CVE-2023-52565) * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578) * kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (CVE-2023-52528) * kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520) * kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513) * kernel: pid: take a reference when initializing `cad_pid` (CVE-2021-47118) * kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610) * kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643) * kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642) * kernel: i2c: i801: Don't generate an interrupt on bus reset (CVE-2021-47153) * kernel: xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659) * kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664) * kernel: wifi: mac80211: fix race condition on enabling fast-xmit (CVE-2024-26779) * kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter (CVE-2024-26744) * kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743) * kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (CVE-2021-47185) * kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901) * kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872) * kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919) * kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964) * kernel: USB: core: Fix deadlock in usb_deauthorize_interface() (CVE-2024-26934) * kernel: USB: core: Fix deadlock in port "disable" sysfs attribute (CVE-2024-26933) * kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) * kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973) * kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (CVE-2024-27059) * kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013) * kernel: net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171) * kernel: powerpc/pseries: Fix potential memleak in papr_get_attr() (CVE-2022-48669) * kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439) * kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (CVE-2023-52594) * kernel: wifi: rt2x00: restart beacon queue when hardware reset (CVE-2023-52595) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-3618.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team