Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2024-07-08 Summary: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: tls (CVE-2024-26585,CVE-2024-26584, CVE-2024-26583 * kernel-rt: kernel: PCI interrupt mapping cause oops [almalinux-8] (CVE-2021-46909) * kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069) * kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615) * kernel-rt: kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656) * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset CVE-2024-26801) * kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) * kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397) * kernel: wifi: mac80211: (CVE-2024-35789, CVE-2024-35838, CVE-2024-35845) * kernel: wifi: nl80211: reject iftype change with mesh ID change (CVE-2024-27410) * kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835) * kernel:TCP-spoofed ghost ACKs and leak initial sequence number (CVE-2023-52881) * kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555) * kernel: ovl: fix leaked dentry (CVE-2021-46972) * kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073) * kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560) * kernel: ppp_async: limit MRU to 64K (CVE-2024-26675) * kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759) * kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907) * kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906) * kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804) * kernel: net/usb: kalmia: avoid printing uninitialized value on error path (CVE-2023-52703) * kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090) * kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464) * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) * kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826) * kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859) * kernel: crypto: (CVE-2024-26974, CVE-2023-52813) * kernel: can: (CVE-2023-52878, CVE-2021-47456) * kernel: usb: (CVE-2023-52781, CVE-2023-52877) * kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667) * kernel: usbnet: sanity check for maxpacket (CVE-2021-47495) * kernel: gro: fix ownership transfer (CVE-2024-35890) * kernel: erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888) * kernel: tipc: fix kernel warning when sending SYN message (CVE-2023-52700) * kernel: net/mlx5/mlxsw: (CVE-2024-35960, CVE-2024-36007, CVE-2024-35855) * kernel: net/mlx5e: (CVE-2024-35959, CVE-2023-52626, CVE-2024-35835) * kernel: mlxsw: (CVE-2024-35854, CVE-2024-35853, CVE-2024-35852) * kernel: net: (CVE-2024-35958, CVE-2021-47311, CVE-2021-47236, CVE-2021-47310) * kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004) * kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356) * kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353) Bug Fix(es): * kernel-rt: update RT source tree to the latest AlmaLinux-8.10.z kernel (JIRA:AlmaLinux-40882) * [almalinux8.9][cxgb4]BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/54735 (JIRA:AlmaLinux-8779) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-4352.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team