Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Important Release date: 2024-11-03 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: nftables: nft_set_rbtree skip end interval element from gc (CVE-2024-26581) * kernel: netfilter: nft_limit: reject configurations that cause integer overflow (CVE-2024-26668) * kernel: vfio/pci: Lock external INTx masking ops (CVE-2024-26810) * kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (CVE-2024-26855) * kernel: x86/xen: Add some null pointer checking to smp.c (CVE-2024-26908) * kernel: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (CVE-2024-26925) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019) * kernel: netfilter: flowtable: validate pppoe header (CVE-2024-27016) * kernel: netfilter: bridge: confirm multicast packets before passing them up the stack (CVE-2024-27415) * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898) * kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion (CVE-2024-35897) * kernel: netfilter: validate user input for expected length (CVE-2024-35896) * kernel: netfilter: complete validation of user input (CVE-2024-35962) * kernel: ice: fix LAG and VF lock dependency in ice_reset_vf() (CVE-2024-36003) * kernel: cxl/port: Fix delete_endpoint() vs parent unregistration race (CVE-2023-52771) * kernel: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (CVE-2023-52880) * kernel: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (CVE-2024-36025) * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608) * kernel: crypto: bcm - Fix pointer arithmetic (CVE-2024-38579) * kernel: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (CVE-2024-38544) * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540) * kernel: net: bridge: xmit: make sure we have at least eth header len bytes (CVE-2024-38538) * kernel: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (CVE-2024-39476) * kernel: ipv6: fix possible race in __fib6_drop_pcpu_from() (CVE-2024-40905) * kernel: wifi: cfg80211: Lock wiphy in cfg80211_get_station (CVE-2024-40911) * kernel: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (CVE-2024-40912) * kernel: mm/huge_memory: don't unpoison huge_zero_folio (CVE-2024-40914) * kernel: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (CVE-2024-40929) * kernel: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (CVE-2024-40939) * kernel: wifi: iwlwifi: mvm: don't read past the mfuart notifcation (CVE-2024-40941) * kernel: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (CVE-2024-40957) * kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978) * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983) * kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090) * kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091) * kernel: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041) * kernel: NFSv4: Fix memory leak in nfs4_set_security_label (CVE-2024-41076) * kernel: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (CVE-2024-42110) * kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment (CVE-2024-42152) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-5928.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team