Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Moderate Release date: 2024-11-03 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201) * kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640) * kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826) * kernel: af_unix: Fix garbage collector racing against connect() (CVE-2024-26923) * kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961) * kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935) * kernel: tty: Fix out-of-bound vmalloc access in imageblit (CVE-2021-47383) * kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244) * kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472) * kernel: netfilter: nft_inner: validate mandatory meta and payload (CVE-2024-39504) * kernel: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CVE-2024-40904) * kernel: mptcp: ensure snd_una is properly initialized on connect (CVE-2024-40931) * kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960) * kernel: ext4: do not create EA inode under buffer lock (CVE-2024-40972) * kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CVE-2024-40977) * kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995) * kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998) * kernel: netpoll: Fix race condition in netpoll_owner_active (CVE-2024-41005) * kernel: xfs: don't walk off the end of a directory data block (CVE-2024-41013) * kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014) * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854) * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-8617.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team