Issued:
2024-03-19
Updated:
2024-03-19

RHSA-2024:1404 - Important: kernel security and bug fix update

Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory Important

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

'Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)

  • kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)

  • kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

  • kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

  • kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)

  • kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

  • kernel: denial of service in tipc_conn_close (CVE-2023-1382)

  • kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)

  • kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

  • kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

  • kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

  • kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

  • kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

  • kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

  • kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

  • kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

Bug Fix(es):

  • The kernel is still getting hung up even after converting kernfs_mutex to kernfs_rwsem with massive concurrent kernfs access (open & lookup) performed by kubelet/node_exporter threads. (JIRA:RHEL-17149)

  • kernel: Rate limit overflow messages in r8152 in intr_callback (JIRA:RHEL-18810)

  • kernel: tun: avoid double free in tun_free_netdev (JIRA:RHEL-18813)

  • kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (JIRA:RHEL-18850)

  • kernel: NULL pointer dereference in can_rcv_filter (JIRA:RHEL-19461)

  • ipoib mcast lockup fix (JIRA:RHEL-19698)

  • kernel: denial of service in tipc_conn_close (JIRA:RHEL-18824)

  • Rhel-8.6 crash at qed_get_current_link+0x11 during tx_timeout recovery (JIRA:RHEL-20923)

  • kernel: use-after-free in sch_qfq network scheduler (JIRA:RHEL-14402)

  • RHEL8.6 - s390/qeth: NET2016 - fix use-after-free in HSCI (JIRA:RHEL-15849)

  • RHEL8.6 - s390/qeth: recovery and set offline lose routes and IPv6 addr (JIRA:RHEL-17883)

  • kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (JIRA:RHEL-18582)

  • kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (JIRA:RHEL-18799)

  • kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (JIRA:RHEL-18814)

  • kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (JIRA:RHEL-18998)

  • dm multipath device suspend deadlocks waiting on a flush request (JIRA:RHEL-19110)

  • kernel: Slab-out-of-bound read in compare_netdev_and_ip (JIRA:RHEL-19327)

  • kernel: A flaw leading to a use-after-free in area_cache_get() (JIRA:RHEL-19451)

  • [RHEL8] I/O blocked during fio background with IO schedule switch, cpu offline/online, pci nvme rescan/reset (JIRA:RHEL-20231)

  • kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20298)

  • kernel: inactive elements in nft_pipapo_walk (JIRA:RHEL-20697)

  • kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21661)

  • kernel NULL pointer at RIP: 0010:kyber_has_work+0x1c/0x60 (JIRA:RHEL-21784)

  • kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (JIRA:RHEL-22090)

  • backport timerlat user-space support (JIRA:RHEL-20361)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions8.8x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support8.8x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension8.8x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support8.8ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support8.8s390x
Red Hat Enterprise Linux for ARM 64 - Extended Update Support8.8aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions8.8ppc64le
Red Hat Enterprise Linux Server - TUS8.8x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support8.8x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support8.8ppc64le
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support8.8aarch64

Updated Packages

  • kernel-modules-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-debug-devel-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-cross-headers-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-tools-libs-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-doc-4.18.0-477.51.1.el8_8.noarch.rpm
  • perf-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-4.18.0-477.51.1.el8_8.src.rpm
  • kernel-tools-4.18.0-477.51.1.el8_8.s390x.rpm
  • perf-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-headers-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-devel-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-modules-extra-4.18.0-477.51.1.el8_8.s390x.rpm
  • perf-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-headers-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-headers-4.18.0-477.51.1.el8_8.x86_64.rpm
  • python3-perf-debuginfo-4.18.0-477.51.1.el8_8.x86_64.rpm
  • perf-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debug-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-debuginfo-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-tools-libs-devel-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-tools-debuginfo-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debug-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debug-4.18.0-477.51.1.el8_8.aarch64.rpm
  • perf-debuginfo-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-tools-libs-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-debug-core-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-debug-core-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • python3-perf-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-tools-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-headers-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-zfcpdump-modules-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-core-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-debug-debuginfo-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-devel-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debug-modules-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-tools-libs-devel-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • bpftool-debuginfo-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-tools-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-modules-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debuginfo-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debuginfo-common-aarch64-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-debuginfo-common-s390x-4.18.0-477.51.1.el8_8.s390x.rpm
  • bpftool-debuginfo-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-tools-debuginfo-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-devel-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-zfcpdump-devel-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debug-modules-extra-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-tools-debuginfo-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-4.18.0-477.51.1.el8_8.aarch64.rpm
  • bpftool-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-debug-debuginfo-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debug-modules-extra-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-modules-extra-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-debug-devel-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debuginfo-common-ppc64le-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-debug-modules-extra-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-debug-core-4.18.0-477.51.1.el8_8.x86_64.rpm
  • bpftool-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-tools-libs-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-zfcpdump-debuginfo-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debug-modules-extra-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-devel-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-debug-devel-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-debug-debuginfo-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-debug-modules-4.18.0-477.51.1.el8_8.x86_64.rpm
  • bpftool-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-modules-extra-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-cross-headers-4.18.0-477.51.1.el8_8.s390x.rpm
  • perf-debuginfo-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-modules-4.18.0-477.51.1.el8_8.x86_64.rpm
  • python3-perf-4.18.0-477.51.1.el8_8.x86_64.rpm
  • python3-perf-debuginfo-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • perf-debuginfo-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-modules-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-debug-devel-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-core-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-debug-core-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-zfcpdump-core-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-modules-extra-4.18.0-477.51.1.el8_8.x86_64.rpm
  • bpftool-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debug-modules-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-debug-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-debug-modules-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debuginfo-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-cross-headers-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-cross-headers-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • bpftool-debuginfo-4.18.0-477.51.1.el8_8.aarch64.rpm
  • bpftool-debuginfo-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-tools-libs-devel-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-debug-debuginfo-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-tools-debuginfo-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-core-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • kernel-abi-stablelists-4.18.0-477.51.1.el8_8.noarch.rpm
  • kernel-zfcpdump-4.18.0-477.51.1.el8_8.s390x.rpm
  • python3-perf-4.18.0-477.51.1.el8_8.ppc64le.rpm
  • python3-perf-4.18.0-477.51.1.el8_8.s390x.rpm
  • perf-debuginfo-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-tools-4.18.0-477.51.1.el8_8.aarch64.rpm
  • python3-perf-debuginfo-4.18.0-477.51.1.el8_8.aarch64.rpm
  • kernel-zfcpdump-modules-extra-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-core-4.18.0-477.51.1.el8_8.s390x.rpm
  • python3-perf-debuginfo-4.18.0-477.51.1.el8_8.s390x.rpm
  • kernel-debuginfo-common-x86_64-4.18.0-477.51.1.el8_8.x86_64.rpm
  • kernel-debuginfo-4.18.0-477.51.1.el8_8.aarch64.rpm

Fixes

CVEs

References

Additional information