RXSA-2023:0334
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077)
* kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Intel 9.2: Important iavf bug fixes (BZ#2127884)
* vfio zero page mappings fail after 2M instances (BZ#2128514)
* nvme-tcp automatic reconnect fails intermittently during EMC powerstore NDU operation (BZ#2131359)
* ice: Driver Update to 5.19 (BZ#2132070)
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134588)
* drm: duplicated call of drm_privacy_screen_register_notifier() in drm_connector_register() (BZ#2134619)
* updating the appid field through sysfs is returning an -EINVAL error (BZ#2136914)
* DELL EMC: System is not booting into RT Kernel with perc12. (BZ#2139213)
* No signal showed in the VGA monitor when installing Rocky Linux SIG Cloud9 in the legacy bios mode (BZ#2140153)
* Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142168)
* ppc64le: unexpected oom panic when there's enough memory left in zswap test (BZ#2143976)
* fatal error: error in backend: Branch target out of insn range (BZ#2144902)
* AMdCLIENT: The kernel command line parameter "nomodeset" not working properly (BZ#2145217)
* Azure: PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150910)
* Azure z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2151605)
* DELL 9.0 RT - On PE R760 system, call traces are observed dmesg when system is running stress (BZ#2154407)
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 9
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077)
* kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Intel 9.2: Important iavf bug fixes (BZ#2127884)
* vfio zero page mappings fail after 2M instances (BZ#2128514)
* nvme-tcp automatic reconnect fails intermittently during EMC powerstore NDU operation (BZ#2131359)
* ice: Driver Update to 5.19 (BZ#2132070)
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134588)
* drm: duplicated call of drm_privacy_screen_register_notifier() in drm_connector_register() (BZ#2134619)
* updating the appid field through sysfs is returning an -EINVAL error (BZ#2136914)
* DELL EMC: System is not booting into RT Kernel with perc12. (BZ#2139213)
* No signal showed in the VGA monitor when installing Rocky Linux SIG Cloud9 in the legacy bios mode (BZ#2140153)
* Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142168)
* ppc64le: unexpected oom panic when there's enough memory left in zswap test (BZ#2143976)
* fatal error: error in backend: Branch target out of insn range (BZ#2144902)
* AMdCLIENT: The kernel command line parameter "nomodeset" not working properly (BZ#2145217)
* Azure: PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150910)
* Azure z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2151605)
* DELL 9.0 RT - On PE R760 system, call traces are observed dmesg when system is running stress (BZ#2154407)
rocky-linux-9-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
c5c71d1a7a28354fdce1d50fa1a0a0dd03a01f5333f54c0cb5c771c913a9673c
kernel-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
261412fa68127c5f544ae9fab069908eeffccf8e45284bbc33016632ebbf1418
kernel-abi-stablelists-5.14.0-162.12.1.el9_1.cloud.0.1.noarch.rpm
7d125f0361e0211faa3702c9cc9cb98f6c92bd56ec193d4dbc5a4d913eb1a3fa
kernel-core-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
9139c1b7651d48c7149ee5b591386f9a2a89a75ee1732ce932c75f78549430ec
kernel-cross-headers-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
f21403201337062e81e6fdc5df3087ffc27ff64494423c69267eb5a747d7347f
kernel-debug-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
c7550ae753ac053f2d927371a53f1808657decc6ea038d210b991f69097d39a1
kernel-debug-core-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
d421808ffd867bace45e9ffd87038cddb43021130d3bca6f63fdfab5d99985d6
kernel-debug-devel-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
ab04cfe75adca91f1d811e2f0cdf7e22fdc5f688c1289d4d28f68ee4d6028a66
kernel-debug-devel-matched-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
4b3f44095ab5d39d3fb13fad57f7b8e64144795433bcc80a04b0a919b1de2aa2
kernel-debug-modules-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
60eb2b208474d3a02a2ff21e9963f845a87025445b258e0ae8e5a9d059b18254
kernel-debug-modules-extra-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
e8a3fa2e00572a857d02724771c5c02a0d4051677b509ac238af7443480c5397
kernel-devel-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
9bb96476683e3555065807ff70d9d3c48a0fa21235b1ce6e12ed1371f85cb721
kernel-devel-matched-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
672856352c1867aaa68bb2c41bd09a5d95c05b23565bc39a60c112389c12b9b1
kernel-doc-5.14.0-162.12.1.el9_1.cloud.0.1.noarch.rpm
6f5c9063dbf11a75fe42bab60b2f726c99c2ef358f4375ad0daccd67613836e9
kernel-headers-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
36d284d87b30792fdea97d4aa5c7078a11e54407ce034ef992cb73980d74b376
kernel-modules-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
770c929f208cf323dbc1b54a318c6cb267bf69c3d8c33a0d7a2c87175b6ab2c1
kernel-modules-extra-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
d24bbf0aea49a256ffa9f56d903738ca49d851d204a9323996aa1df3428b6887
kernel-tools-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
e01ed9d63e4f5d4b68b33ade96b01e97d6e948be62cbbcc94b2a8e0676567faa
kernel-tools-libs-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
730c095e026094d1e81c5b42fa77e03c55eba7a875b0e3ba41ecc39af56828f9
kernel-tools-libs-devel-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
aaedb5b495b99718240889ff2e81ecd7d738106d64b1df4708da86a7c44f137f
perf-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
f98fa290ed5410e8c78db78d37a3fcce13a0e093255d227520f79d7256de9297
python3-perf-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
1843f9c168a873f4e7daf4ec20102723ebe2058957f0584f63ac6281943707d5
RXSA-2023:0951
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379)
* kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux SIG Cloud 9.0: LTP Test failure and crash at fork14 on Sapphire Rapids Platinum 8280+ (BZ#2133083)
* Rocky Linux SIG Cloud 9.1 Extending NMI watchdog's timer during LPM (BZ#2140085)
* AMDSERVER 9.1: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151274)
* qla2xxx NVMe-FC: WARNING: CPU: 0 PID: 124072 at drivers/scsi/qla2xxx/qla_init.c:70 qla2xxx_rel_done_warning+0x25/0x30 [qla2xxx] (BZ#2152178)
* Regression: Kernel panic on Lenovo T480 with AH40 USB-C docking station (BZ#2153277)
* Scheduler Update (rhel9.2) (BZ#2153792)
* Rocky Linux SIG Cloud9.1, Nx_Gzip: nr_total_credits is not decremented when processing units are reduced by dlpar in shared mode. (FW1030 / DLPAR) (BZ#2154305)
* MSFT, MANA, NET Patch Rocky Linux SIG Cloud-9: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155145)
* Azure vPCI Rocky Linux SIG Cloud-9 add the support of multi-MSI (BZ#2155459)
* Azure Rocky Linux SIG Cloud-9: VM Deployment Failures Patch Request (BZ#2155930)
* The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158815)
* Rocky Linux SIG Cloud-9.2: Update NVMe driver to sync with upstream v6.0 (BZ#2161344)
* CEE cephfs: Rocky Linux SIG Cloud9 cephfs client crashing with RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] (BZ#2161418)
* block layer: update with upstream v6.0 (BZ#2162535)
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 9
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379)
* kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux SIG Cloud 9.0: LTP Test failure and crash at fork14 on Sapphire Rapids Platinum 8280+ (BZ#2133083)
* Rocky Linux SIG Cloud 9.1 Extending NMI watchdog's timer during LPM (BZ#2140085)
* AMDSERVER 9.1: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151274)
* qla2xxx NVMe-FC: WARNING: CPU: 0 PID: 124072 at drivers/scsi/qla2xxx/qla_init.c:70 qla2xxx_rel_done_warning+0x25/0x30 [qla2xxx] (BZ#2152178)
* Regression: Kernel panic on Lenovo T480 with AH40 USB-C docking station (BZ#2153277)
* Scheduler Update (rhel9.2) (BZ#2153792)
* Rocky Linux SIG Cloud9.1, Nx_Gzip: nr_total_credits is not decremented when processing units are reduced by dlpar in shared mode. (FW1030 / DLPAR) (BZ#2154305)
* MSFT, MANA, NET Patch Rocky Linux SIG Cloud-9: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155145)
* Azure vPCI Rocky Linux SIG Cloud-9 add the support of multi-MSI (BZ#2155459)
* Azure Rocky Linux SIG Cloud-9: VM Deployment Failures Patch Request (BZ#2155930)
* The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158815)
* Rocky Linux SIG Cloud-9.2: Update NVMe driver to sync with upstream v6.0 (BZ#2161344)
* CEE cephfs: Rocky Linux SIG Cloud9 cephfs client crashing with RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] (BZ#2161418)
* block layer: update with upstream v6.0 (BZ#2162535)
rocky-linux-9-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
2a13577f990e6837875a00a5c44a501c93c7b5ec303c51e51fcbd77e81694d43
kernel-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
d0fc4844b545216ab30cb2493c9150a45b9af150dcfc4bec22e62e9ede10c2b2
kernel-abi-stablelists-5.14.0-162.18.1.el9_1.cloud.noarch.rpm
6d651c9e8c0c7e3e5e8e554019824808af818c196187ef92527231e5a95847cb
kernel-core-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
eb7bf0eebe8c208a2b9b7a21cbf2f9d28bb789a6d97e2549e57b6c4f30f02027
kernel-cross-headers-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
ab9a2030d03b3ce5f3dab0e853fd06454b0d91936e1de7066a21c822f6a7e1ef
kernel-debug-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
0bbd81ee7944801a24ddbfdbde409c544b9bd1324abd48dde7692238baa630d3
kernel-debug-core-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
c474836dc2f3aabac1387634dcb107397909f7539ac3772cde495e1e926cc6b0
kernel-debug-devel-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
eead46ca35ea6c0ac8680669854e0dff953bd578ecc8c349f10913015c7b93c2
kernel-debug-devel-matched-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
f7f9182951fbdd82fd8664beed356f33f092b2d5dc297f52af4d09f5886b7ea1
kernel-debug-modules-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
f72fdbefbd9a76fbc6bd457779c4673df7c2b4cb76ac39534bac2c9357ae455f
kernel-debug-modules-extra-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
54305dfa0829408d43dc7e6f1592d0ec84dfbc892d7678b04b01d34deb9d6a33
kernel-devel-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
55b45ac9d50a12ff55dacb9cc5a87abfc2fc4fcd5451157e9af192d0f568ddc9
kernel-devel-matched-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
4491465f8ed9b977b0f8fbb7f432d788fffc658af6b4f4734ba17d1adc7464e6
kernel-doc-5.14.0-162.18.1.el9_1.cloud.noarch.rpm
76525ebe57cbdc9d27923428193192082f6b8d3ee560cb46f39cee46beade212
kernel-headers-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
36fa0e6ab4be5dafc29b7ec08cc43f5ec123ae8ed58070252a124b474a4bde15
kernel-modules-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
460caac9b9a7b244b3f83d3ebcccda98c101e0e571f9e618bd375a0e67658559
kernel-modules-extra-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
a979e6edb47ac27edfc901a08f906f58914a2ad8d4a50ee25df1e59acf8111d3
kernel-tools-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
4bce181c715ca4b378cfb1b57da23280c71ed8830cde45a39262b893952a8645
kernel-tools-libs-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
5b2f0297b9148001dad77d0d4d2ab9ab1793e72e0e790610ead1560c59df96df
kernel-tools-libs-devel-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
9d5ed978da4a9f71529b4d020fd65d1cb18e27107611b23d17be12189e485c3e
perf-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
bee15ef59e1e19a6c34c36a3c41daa2efd227847caddf78a9bf5cf92ac3b960d
python3-perf-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
56262401f58ab4eb87780b7f45f509016a31adf2ceddb029e65b6cfc374bb3a9
RXSA-2024:1248
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)
* kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation (CVE-2024-0193)
* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)
* kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)
* kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717)
* kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)
* kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)
* kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)
* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)
* kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)
* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 9
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)
* kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation (CVE-2024-0193)
* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)
* kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)
* kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717)
* kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)
* kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)
* kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)
* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)
* kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)
* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
rocky-linux-9-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-7.2.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
22261e664f22999c08bf41117aaff1bcf43cd916fa98eece9f214b0eee5e26cd
kernel-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
0265342d6fa595e80243547068ad004288036e3e25e17ae31290e8cd14b67843
kernel-abi-stablelists-5.14.0-362.24.1.el9_3.cloud.0.6.noarch.rpm
7f9d7cfdcb1aba22fae0431defc61a8e352fea84a33b40c56557757d72e3f51b
kernel-core-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
5205478c86dea2b50ad4792f1cd73a01335d24415af54a658722f19fbe05ed3d
kernel-cross-headers-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
65c4d6a730b43a22d7b06af89c72c30bec8871c0fd40d149e9480f64c952e5b3
kernel-debug-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
b3c982c2265b7cb83431df4b710ccc1597fa09edab30a6873b51c20695fe6e32
kernel-debug-core-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
7bc80ad84145ed33ff101b28f37d15f898f23901c1c45bc525294ea19b99be90
kernel-debug-devel-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
0e2d033bf9e1aa91cccbd0c2b5a02140c6f2635b72863ae27aaf8b677c30d35e
kernel-debug-devel-matched-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
a1f5bfebda35b8dba8ef4062eeb19e6e99a132d48a1affb4ac86787b6fdb4fe3
kernel-debug-modules-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
b2fe55f7ca53d4368cb64a500effe11c3846b4ef918809313b71bcac1a2f97c4
kernel-debug-modules-core-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
81e103c6d380db608764537e4f7c16200d9cf1c8dc185124c5567096556b4078
kernel-debug-modules-extra-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
e9e059b4bb43938f65dfe4ca7c4f98ec12e28a1fb87425ac381779bf89806858
kernel-devel-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
02359d1c5d75ad04e04003b2bca51f78f72913d0a5e754ba8fcdab12a9058250
kernel-devel-matched-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
1e005f1db34189cc215dc0b0725c7d3d574f7fab74b7aeacbac41772f37ebb66
kernel-doc-5.14.0-362.24.1.el9_3.cloud.0.6.noarch.rpm
99d6d50981d3094b0d07887f8b5b8256f66f510462b909d180df36c5d6a5a767
kernel-headers-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
d68f103f0deea09a0fcfbe17e68ac55afb61f68e7cdc614a9cfc392ba6c957ab
kernel-modules-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
0939da5bf6781bc0b325f50046148a7fa48a790186d5bd65db69fdb1f3f066d2
kernel-modules-core-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
b90ccaac2b258def824f319c317b10109212a19bd958fd04201b215d1ca0f2e4
kernel-modules-extra-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
c7b16c904da356d80e831e40c85c54878d5e5801a69b532667c84891edff36a5
kernel-tools-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
b355dff1a8e08087cd386bbdbe4d1f594c17d29c2b964c0755324085cac58acc
kernel-tools-libs-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
f687ac9943ca3835196f169a760f2898bd9f6aadb450128ed364610fdc14b644
kernel-tools-libs-devel-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
bdc07d8b0c43d7f6444d424f63aba706d957316ec8c366dcac164cfa4f792996
perf-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
ba98015ee36441b5b00fcac82165c5002410b3d5519b229feced4bd9b8978587
python3-perf-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
5d5161cf79172f94f22af53fa018cd849828057fcf34c9fc0eabc528319f332a
rtla-5.14.0-362.24.1.el9_3.cloud.0.6.x86_64.rpm
a05d6619a7097913e936dd5d1363af795d2a89791d19804eaae0b1ad8b49d0db
RXSA-2024:4349
Moderate: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (CVE-2023-52626)
* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801)
* kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974)
* kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393)
* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)
* kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)
* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)
* kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400)
Bug Fix(es):
* cifs - kernel panic with cifs_put_smb_ses (JIRA:Rocky Linux SIG Cloud-28943)
* BUG: unable to handle page fault for address: ff16bf752f593ff8 [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-35672)
* [HPE 9.4 Bug] Request merge of AMD address translation library patch series [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36220)
* [Rocky Linux SIG Cloud9] kernel BUG at lib/list_debug.c:51! [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36687)
* ice: DPLL-related fixes [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36716)
* CNB95: net/sched: update TC core to upstream v6.8 [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-37641)
* IPv6: SR: backport fixes from upstream [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-37669)
* [RFE] Backport tmpfs noswap mount option [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-38252)
* Isolated cores causing issues on latest Rocky Linux SIG Cloud9.4 kernel and not functioning as desired. [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-38595)
* [ice] Add automatic VF reset on Tx MDD events [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-39083)
* [HPEMC Rocky Linux SIG Cloud 9.4 REGRESSION] turbostat: turbostat broken on 10+ sockets. [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-34953)
* bnx2x: fix crashes in PCI error handling, resource leaks [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-43272)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 9
1
Moderate
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (CVE-2023-52626)
* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801)
* kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974)
* kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393)
* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)
* kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)
* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)
* kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400)
Bug Fix(es):
* cifs - kernel panic with cifs_put_smb_ses (JIRA:Rocky Linux SIG Cloud-28943)
* BUG: unable to handle page fault for address: ff16bf752f593ff8 [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-35672)
* [HPE 9.4 Bug] Request merge of AMD address translation library patch series [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36220)
* [Rocky Linux SIG Cloud9] kernel BUG at lib/list_debug.c:51! [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36687)
* ice: DPLL-related fixes [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36716)
* CNB95: net/sched: update TC core to upstream v6.8 [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-37641)
* IPv6: SR: backport fixes from upstream [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-37669)
* [RFE] Backport tmpfs noswap mount option [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-38252)
* Isolated cores causing issues on latest Rocky Linux SIG Cloud9.4 kernel and not functioning as desired. [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-38595)
* [ice] Add automatic VF reset on Tx MDD events [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-39083)
* [HPEMC Rocky Linux SIG Cloud 9.4 REGRESSION] turbostat: turbostat broken on 10+ sockets. [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-34953)
* bnx2x: fix crashes in PCI error handling, resource leaks [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-43272)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.
rocky-linux-9-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-7.3.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
980e2b04a3b6a66177094ce987cb9b7caca4286013f7ed061e58ff8cb86ab54b
kernel-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
e67791c603c0edfb468626941263edc265bea33505cb480c158203e75ad92dad
kernel-abi-stablelists-5.14.0-427.24.1.el9_4.cloud.3.0.noarch.rpm
a5bd650270ae4bdf0dad5b1b93eb24c3ca73254f2917d52f95ac6e4463e87cd8
kernel-core-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
385ee5a2be8088bc9891735e6f7cbadec0bb2c71b047a92f51a9af25d6689506
kernel-cross-headers-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
740c7d625768d0dcfb8203efc753f02449725d119047108fa9e1576d1e752cd1
kernel-debug-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
4cb0b8b06b7505ac5a7e264a5f70428f23b8ac6b1fa9e6bd8f542d05a9ca8a47
kernel-debug-core-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
52bbf6f03168fe0629eeac231fcea0cf8f338f1894723916cbb6d4b3c73d6e46
kernel-debug-devel-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
a2b28167e8f9aded48c029911797064a266fb334112f7154c28ca7d8428f1310
kernel-debug-devel-matched-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
aa78884e027f5cd1e616cb4b1ed442c4ead8a1fe419a1b652f44a8af5d9d886b
kernel-debug-modules-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
f8a2e526695fd038b5a4bb288089814cdcc986ed8569fa532cbae19104dd8772
kernel-debug-modules-core-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
21e480579505ca8e2d4bd278ca43f3af5a5d62f27a2008316c13598c2bde072a
kernel-debug-modules-extra-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
4de843df62ed01f67adaa215f280b5783b4d0b49edde8f75fb20027566122759
kernel-devel-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
652f1b7f39d77f5ba44172941ac0ccf5dd0535adf38b3772d932e36cac8ea57f
kernel-devel-matched-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
e98e58668d6a061b29925ccd1025e5cc84a7710b1ffe8aca6a0a38e2ee48e736
kernel-doc-5.14.0-427.24.1.el9_4.cloud.3.0.noarch.rpm
22790939295dc0cc23678a6ab07c69b4f90a0b557750c4d71961df5f2a440fa2
kernel-headers-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
2efaab7b1b19212116dc9adee2d547da7826710307bdb1de28b0e9bf904491b1
kernel-modules-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
f2988010cee4de4f38c8a045744a8a338f6e7c8ea2c0e05cb2e073cf0df17be7
kernel-modules-core-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
0014c3446b390f535131a4c8aa0b2d0fc3ad092fe5b054ed3e0d7b96aee4b3f6
kernel-modules-extra-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
75cba3b220a82339c858cc52767d5e84ac0319c543575b2b39b040fc88f8268f
kernel-tools-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
ebb1cf5ea457179fa82448bd287a52872de59e5a24bbeeeeef40152c4d1935aa
kernel-tools-libs-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
fce2cd6fdce50dafdbdbcd1570e498403ba99de67f1147038564235c1782f0f1
kernel-tools-libs-devel-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
88e63a2b593dc7d578db2cb4cade16b4095efb04a5673ec3524f6c1466e87581
perf-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
3920a32c54c2dcf9ccbf9150e5c9a259797f94d6aadea83fbe6564a51a85fdf9
python3-perf-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
36cbe6c14313546b96e023d89d7d5f601be48562de29c1dfd8a99f8edf78d47f
rtla-5.14.0-427.24.1.el9_4.cloud.3.0.x86_64.rpm
8767bfcae9bbff106b53d1d91302abb800d970848267de45bf24bc0fa531795e
RXSA-2024:4928
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned (CVE-2023-52458)
* kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (CVE-2024-26773)
* kernel: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (CVE-2024-26737)
* kernel: dm: call the resume method on internal suspend (CVE-2024-26880)
* kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852)
* kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)
* kernel: nfp: flower: handle acti_netdevs allocation failure (CVE-2024-27046)
* kernel: octeontx2-af: Use separate handlers for interrupts (CVE-2024-27030)
* kernel: icmp: prevent possible NULL dereferences from icmp_build_probe() (CVE-2024-35857)
* kernel: mlxbf_gige: call request_irq() after NAPI initialized (CVE-2024-35907)
* kernel: mlxbf_gige: stop interface during shutdown (CVE-2024-35885)
* kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (CVE-2023-52809)
* kernel: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (CVE-2021-47459)
* kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (CVE-2024-36924)
* kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952)
* kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743)
* kernel: epoll: be better about file lifetimes (CVE-2024-38580)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 9
1
Moderate
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned (CVE-2023-52458)
* kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (CVE-2024-26773)
* kernel: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (CVE-2024-26737)
* kernel: dm: call the resume method on internal suspend (CVE-2024-26880)
* kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852)
* kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)
* kernel: nfp: flower: handle acti_netdevs allocation failure (CVE-2024-27046)
* kernel: octeontx2-af: Use separate handlers for interrupts (CVE-2024-27030)
* kernel: icmp: prevent possible NULL dereferences from icmp_build_probe() (CVE-2024-35857)
* kernel: mlxbf_gige: call request_irq() after NAPI initialized (CVE-2024-35907)
* kernel: mlxbf_gige: stop interface during shutdown (CVE-2024-35885)
* kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (CVE-2023-52809)
* kernel: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (CVE-2021-47459)
* kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (CVE-2024-36924)
* kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952)
* kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743)
* kernel: epoll: be better about file lifetimes (CVE-2024-38580)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
rocky-linux-9-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-7.3.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
42d0d9dd475d95ccc5d0c37dedcd00a13480379c2431692c0a7e2d4a053630e5
kernel-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
2339085d07a32ad40a15e7137c327bb57cf4b1d16e90de9b6fec659b66586fdb
kernel-abi-stablelists-5.14.0-427.28.1.el9_4.cloud.1.0.noarch.rpm
0f5505d20d92ee1403cde0d42b055270a58d8dea5502f9d4c9495fff9c07fd7a
kernel-core-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
4424156cf7c3b309f68317ee6fdff70b8f7304caf7e300d9e8c17f6c2e36577f
kernel-cross-headers-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
7267adcbed2bb7f526c91346abc9f819fcbb5c081a6446e06ec70f268cc269cd
kernel-debug-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
b84ff217ae91e79d9ab52f7cb27312b5ba71628072a9883392be89ac634692f2
kernel-debug-core-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
28d5cc99d7e8e32a9751761986d40f5868aa0a6fabbd2a6e71ffa0571cb5d1e4
kernel-debug-devel-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
516db16f438e809eb3c835f5d460b1fc7a5dfb4f933ab55c2b8d842c57687f8a
kernel-debug-devel-matched-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
9471d6f834c1d8f8c2047a99b6e1b37dc6c3140096939565aa6f10ebfaf44734
kernel-debug-modules-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
f06ea78c1fa26af64f729cb820b68ac13d85f506b41f8c02c4c3ce5daba1568d
kernel-debug-modules-core-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
8b15f4c49063ed5e7f0d2f3cd30fc44c7083bd42e097660328ac99cb71b5378b
kernel-debug-modules-extra-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
5488185ae178259dd139bc2dac8d69f14680f1c16e90b2c5cf13b61ae209c312
kernel-devel-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
84ec21941799baebe838cc8cdc94f7285e847f97c4b23e3f2415f997b855a12a
kernel-devel-matched-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
45cb7dabcc7862d243a8a70eb2e434e36cc55feb9439de0fd75bcfc61cc7b564
kernel-doc-5.14.0-427.28.1.el9_4.cloud.1.0.noarch.rpm
d634a5ae6d178d45a878db264f0463d655b23030e00710da55aba679ad64f845
kernel-headers-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
7b6c23518869d42c36faddb0a5c39ca94f5b5413c6f7f556e74f103853d13098
kernel-modules-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
fedc2916c423a5094423f6b72531135610b8d3224ff0a8fefa2cc5d43cd41f8d
kernel-modules-core-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
064c327794bae885efcc7a3a793f8bce9e7d7250bd53408531eed250aad777d8
kernel-modules-extra-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
2f58191a85053522110f97ec8e11d69a6c3dea3959220fb348937a57076d53bc
kernel-tools-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
a5ebfb60c83ef2cb74f5ea66020c6095e78faa9b00dd4a90494769acb1acb7fd
kernel-tools-libs-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
a8fcecd3ca937c8167de5fdff6506b7b5fd147bb9dffdc50d8b8255799ecdd58
kernel-tools-libs-devel-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
2c2bc43da28da3e120f90228610bab1e740661bc415bab2ef518dc6c91d6e8b5
perf-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
feef6dee3229928a5efdd66e3e7b7c09e11fd1b604b2d2f663dbb26b4f2878ea
python3-perf-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
323be68a22db0df8b3c5232281d2dc819bb927607cd5926d08e88aedbc3dc6f6
rtla-5.14.0-427.28.1.el9_4.cloud.1.0.x86_64.rpm
043e381460862f9dc348c9f5fe3d525466585dfdd041d274e9571f9c3583a5ba
RXSA-2024:6567
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)
* kernel: nfsd: fix RELEASE_LOCKOWNER (CVE-2024-26629)
* kernel: mm: cachestat: fix folio read-after-free in cache walk (CVE-2024-26630)
* kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720)
* kernel: Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886)
* kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)
* kernel: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (CVE-2024-35791)
* kernel: mm: cachestat: fix two shmem bugs (CVE-2024-35797)
* kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875)
* kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000)
* kernel: iommufd: Fix missing update of domains_itree after splitting iopt_area (CVE-2023-52801)
* kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883)
* kernel: regmap: maple: Fix cache corruption in regcache_maple_drop() (CVE-2024-36019)
* kernel: usb-storage: alauda: Check whether the media is initialized (CVE-2024-38619)
* kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979)
* kernel: scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559)
* kernel: xhci: Handle TD clearing for multiple streams case (CVE-2024-40927)
* kernel: cxl/region: Fix memregion leaks in devm_cxl_add_region() (CVE-2024-40936)
* kernel: net/sched: Fix UAF when resolving a clash (CVE-2024-41040)
* kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)
* kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)
* kernel: PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096)
* kernel: xdp: Remove WARN() from __xdp_reg_mem_model() (CVE-2024-42082)
* kernel: x86: stop playing stack games in profile_pc() (CVE-2024-42096)
* kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)
* kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131)
* kernel: nvme: avoid double free special payload (CVE-2024-41073)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 9
1
Moderate
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)
* kernel: nfsd: fix RELEASE_LOCKOWNER (CVE-2024-26629)
* kernel: mm: cachestat: fix folio read-after-free in cache walk (CVE-2024-26630)
* kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720)
* kernel: Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886)
* kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)
* kernel: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (CVE-2024-35791)
* kernel: mm: cachestat: fix two shmem bugs (CVE-2024-35797)
* kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875)
* kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000)
* kernel: iommufd: Fix missing update of domains_itree after splitting iopt_area (CVE-2023-52801)
* kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883)
* kernel: regmap: maple: Fix cache corruption in regcache_maple_drop() (CVE-2024-36019)
* kernel: usb-storage: alauda: Check whether the media is initialized (CVE-2024-38619)
* kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979)
* kernel: scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559)
* kernel: xhci: Handle TD clearing for multiple streams case (CVE-2024-40927)
* kernel: cxl/region: Fix memregion leaks in devm_cxl_add_region() (CVE-2024-40936)
* kernel: net/sched: Fix UAF when resolving a clash (CVE-2024-41040)
* kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)
* kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)
* kernel: PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096)
* kernel: xdp: Remove WARN() from __xdp_reg_mem_model() (CVE-2024-42082)
* kernel: x86: stop playing stack games in profile_pc() (CVE-2024-42096)
* kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)
* kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131)
* kernel: nvme: avoid double free special payload (CVE-2024-41073)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
rocky-linux-9-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-7.3.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
a97250ed9c747830d729ae9fa84701ad2c4c8bc128885a67e03d2b01eb0c699d
kernel-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
45db23438bc8ea8118f55d6dd131e9646ac9462931cc858b6c6ede906a102bab
kernel-abi-stablelists-5.14.0-427.35.1.el9_4.cloud.1.0.noarch.rpm
ddf8ca7ed1e0a4ba9158e649468efdae9ee5fa82138f2dec852629079604ab19
kernel-core-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
86c39513f4e7c47a2ff76183f17b5206cf583d7296818cc195795ccfd39ab44a
kernel-cross-headers-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
92e8a64ea5f17889f33bb804674a2565759681c0d6316c7cd2fdb2ddf65e561d
kernel-debug-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
703a80e6b275ea94f3b3fcc8c74c08c931c448cc19a26bfb2a7ce122daff7adb
kernel-debug-core-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
eb4a4519be4e9b2b4cdf99869f25c6a33ae3af4b878824fa762568e231a303e7
kernel-debug-devel-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
06cfdb40541446e445aa31c218883cbd4cd40a1e58278ba78e4579f3d83e86ca
kernel-debug-devel-matched-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
000fea7785adf94865383903a7e6c329aba106ce6f768abe15df477a4dcb6534
kernel-debug-modules-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
a3c215fbca14e5b80e9a52fc1f02f7e6da588a1a7d090776883262193c31452f
kernel-debug-modules-core-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
f5a7cd557ada2ae847d068760a0c8e610899a92394389c0331b550bd79e66a29
kernel-debug-modules-extra-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
4aa7c908ba6d71d16134e2bbaf724eed236fc17dfaf093fc56011c3629dde6c9
kernel-devel-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
b7716835af1bf27a74ddd254a353612c66c02033a6898796e6c6d053194dec09
kernel-devel-matched-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
297bfdc4825a9bcf699b2c5e4766abbe7e82b8608e21fb8854dfd7b750c838ef
kernel-doc-5.14.0-427.35.1.el9_4.cloud.1.0.noarch.rpm
7f5e0fd7b778a5de57cfbedbdf18e15b1a836a7f0704ac87e94a3aec9e6b7019
kernel-headers-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
47283bb57fff80d36e9e0ac5d7af7fb01c90ce5bdf4ff4c52ec7e5fae71b2ec4
kernel-modules-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
f8ab81be3efd6afde8a5bc6170080e7eb00c94ee3584c50e87b2a7b5c5c3ae0f
kernel-modules-core-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
825d7beda3c67966b4c5c7b718491795ee58fe32c6bf12bae428c2e7d58d2376
kernel-modules-extra-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
fcd6e6a20504c2a54e9a927d9a8f5fc5f01806d854a5f33d7530ca5e88e4d32e
kernel-tools-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
88089af7cb8f6ca4bb7a01b3fc722d950eead844c0c2c04dc49192d7c355ed56
kernel-tools-libs-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
2fccfd1d9838da1be63f68b5186695daa871c61d463f17e52a5e891427bc32ff
kernel-tools-libs-devel-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
c23d2720e729825804f76dac7bad8cc526fa5fa34575ab7b8e01ea31af7aab66
perf-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
40bb61a8b1a4080224a8b0c8db8e4b58d3c7395e83e93d9d4f0b286249257eb5
python3-perf-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
810e2c2293d14f72e47ed6c9d1130fbe00e0d6a596f1a51722e321a5aeb8289c
rtla-5.14.0-427.35.1.el9_4.cloud.1.0.x86_64.rpm
9ecf181ee62b74b168dd70502a93aa3d846cbfcd4c24452aed2ba642416e889a