Issued:
2024-09-03
Updated:
2024-09-03

RHSA-2024:6206 - Important: kernel security update

Synopsis

Important: kernel security update

Type/Severity

Security Advisory Important

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel:TCP-spoofed ghost ACKs and leak leak initial sequence number (CVE-2023-52881,RHV-2024-1001)

  • kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069)

  • kernel: drm: Don't unref the same fb many times by mistake due to deadlock handling (CVE-2023-52486)

  • kernel: pstore/ram: Fix crash when setting number of cpus to an odd number (CVE-2023-52619)

  • kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720)

  • kernel: vfio/pci: Lock external INTx masking ops (CVE-2024-26810)

  • kernel: igc: avoid returning frame twice in XDP_REDIRECT (CVE-2024-26853)

  • kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852)

  • kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

  • kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974)

  • kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823)

  • kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (CVE-2024-35789)

  • kernel: wifi: iwlwifi: dbg-tlv: ensure NUL termination (CVE-2024-35845)

  • kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47385)

  • kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883)

  • kernel: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (CVE-2024-36017)

  • kernel: wifi: nl80211: don't free NULL coalescing rule (CVE-2024-36941)

  • kernel: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (CVE-2024-36904)

  • kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979)

  • kernel: drm/amdgpu: Fix possible null pointer dereference (CVE-2023-52883)

  • kernel: phylib: fix potential use-after-free (CVE-2022-48754)

  • kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743)

  • kernel: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (CVE-2024-38596)

  • kernel: net: fix information leakage in /proc/net/ptype (CVE-2022-48757)

  • kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

  • kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)

  • kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

  • kernel: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (CVE-2024-33621)

  • kernel: tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CVE-2024-37356)

  • kernel: tls: fix missing memory barrier in tls_init (CVE-2024-36489)

  • kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)

  • kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)

  • kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)

  • kernel: NFSv4: Fix memory leak in nfs4_set_security_label (CVE-2024-41076)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions8.8x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support8.8x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension8.8x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support8.8ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support8.8s390x
Red Hat Enterprise Linux for ARM 64 - Extended Update Support8.8aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions8.8ppc64le
Red Hat Enterprise Linux Server - TUS8.8x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support8.8x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support8.8ppc64le
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support8.8aarch64

Updated Packages

  • kernel-debuginfo-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-tools-4.18.0-477.70.1.el8_8.x86_64.rpm
  • python3-perf-debuginfo-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-abi-stablelists-4.18.0-477.70.1.el8_8.noarch.rpm
  • perf-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-debug-core-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-debug-devel-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-tools-libs-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-tools-libs-devel-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-modules-4.18.0-477.70.1.el8_8.x86_64.rpm
  • python3-perf-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-debug-core-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-debug-core-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-debug-modules-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-debug-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-cross-headers-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-devel-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-core-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-tools-debuginfo-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-debug-modules-extra-4.18.0-477.70.1.el8_8.x86_64.rpm
  • perf-debuginfo-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-debuginfo-common-aarch64-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-headers-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-core-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-zfcpdump-core-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-tools-debuginfo-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-zfcpdump-devel-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-core-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-debug-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-zfcpdump-modules-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-devel-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-core-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-debug-devel-4.18.0-477.70.1.el8_8.aarch64.rpm
  • bpftool-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-debug-devel-4.18.0-477.70.1.el8_8.x86_64.rpm
  • perf-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • python3-perf-debuginfo-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • python3-perf-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-headers-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-headers-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-debuginfo-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-zfcpdump-debuginfo-4.18.0-477.70.1.el8_8.s390x.rpm
  • bpftool-debuginfo-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-modules-extra-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-tools-4.18.0-477.70.1.el8_8.aarch64.rpm
  • perf-debuginfo-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-4.18.0-477.70.1.el8_8.src.rpm
  • kernel-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-tools-libs-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-tools-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-debug-modules-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-debuginfo-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-debug-modules-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-debuginfo-common-ppc64le-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-devel-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-tools-libs-devel-4.18.0-477.70.1.el8_8.aarch64.rpm
  • perf-4.18.0-477.70.1.el8_8.aarch64.rpm
  • python3-perf-debuginfo-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-debug-debuginfo-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-zfcpdump-modules-extra-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-debug-debuginfo-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-debuginfo-common-x86_64-4.18.0-477.70.1.el8_8.x86_64.rpm
  • bpftool-debuginfo-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-tools-libs-devel-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • perf-debuginfo-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-debug-core-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • perf-debuginfo-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-debug-modules-extra-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-modules-extra-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-cross-headers-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-debug-modules-extra-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-debug-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-zfcpdump-4.18.0-477.70.1.el8_8.s390x.rpm
  • python3-perf-debuginfo-4.18.0-477.70.1.el8_8.s390x.rpm
  • python3-perf-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-cross-headers-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-debug-debuginfo-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-debug-modules-extra-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-debug-debuginfo-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-tools-libs-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-tools-debuginfo-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-cross-headers-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-debug-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-debuginfo-common-s390x-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-debug-devel-4.18.0-477.70.1.el8_8.s390x.rpm
  • bpftool-debuginfo-4.18.0-477.70.1.el8_8.x86_64.rpm
  • kernel-headers-4.18.0-477.70.1.el8_8.s390x.rpm
  • bpftool-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-modules-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-modules-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-tools-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-tools-debuginfo-4.18.0-477.70.1.el8_8.s390x.rpm
  • perf-4.18.0-477.70.1.el8_8.s390x.rpm
  • bpftool-debuginfo-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-modules-extra-4.18.0-477.70.1.el8_8.aarch64.rpm
  • kernel-modules-extra-4.18.0-477.70.1.el8_8.s390x.rpm
  • bpftool-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • python3-perf-4.18.0-477.70.1.el8_8.x86_64.rpm
  • bpftool-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-devel-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-modules-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-debug-modules-4.18.0-477.70.1.el8_8.s390x.rpm
  • kernel-debuginfo-4.18.0-477.70.1.el8_8.ppc64le.rpm
  • kernel-doc-4.18.0-477.70.1.el8_8.noarch.rpm

Fixes

CVEs

References

Additional information