[Security Advisory] ALSA-2024:0897: kernel security update (Important)
Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2024-02-22 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/sched: sch_hfsc UAF (CVE-2023-4623) * kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921) * kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817) * kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871) * kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646) * kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545) * kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858) * kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073) * kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838) * kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166) * kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176) * kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717) * kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356) * kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535) * kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536) * kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606) * kernel: OOB Access in smb2_dump_detail (CVE-2023-6610) * kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283) * kernel: SEV-ES local priv escalation (CVE-2023-46813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-0897.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team
participants (1)
-
AlmaLinux Errata Notifications