The kernel packages contain the Linux kernel, the core of any Linux operating system.
The following packages have been upgraded to a later upstream version: kernel (4.18.0). (BZ#2122230, BZ#2122267)
Security Fix(es):
- use-after-free caused by l2capreassemblesdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
- net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)
- hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341)
- malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)
- when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds (CVE-2021-33656)
- possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462)
- use-after-free in ath9khtcprobe_device() could cause an escalation of privileges (CVE-2022-1679)
- KVM: NULL pointer dereference in kvmmmuinvpcid_gva (CVE-2022-1789)
- KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)
- netfilter: nfconntrackirc message handling issue (CVE-2022-2663)
- race condition in xfrmprobealgs can lead to OOB read/write (CVE-2022-3028)
- media: em28xx: initialize refcount before kref_get (CVE-2022-3239)
- race condition in hugetlbnopage() in mm/hugetlb.c (CVE-2022-3522)
- memory leak in ipv6renewoptions() (CVE-2022-3524)
- data races around icsk->icskafops in doipv6setsockopt (CVE-2022-3566)
- data races around sk->sk_prot (CVE-2022-3567)
- memory leak in l2caprecvacldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619)
- denial of service in followpagepte in mm/gup.c due to poisoned pte entry (CVE-2022-3623)
- use-after-free after failed devlink reload in devlinkparamget (CVE-2022-3625)
- USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)
- Double-free in split2MBgttentry when function intelgvtdmamapguestpage failed (CVE-2022-3707)
- l2tp: missing lock when clearing skuserdata can lead to NULL pointer dereference (CVE-2022-4129)
- igmp: use-after-free in ipcheckmc_rcu when opening and closing inet sockets (CVE-2022-20141)
- Executable Space Protection Bypass (CVE-2022-25265)
- Unprivileged users may use PTRACESEIZE to set PTRACEOSUSPENDSECCOMP option (CVE-2022-30594)
- unmapmappingrange() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188)
- TLB flush operations are mishandled in certain KVMVCPUPREEMPTED leading to guest malfunctioning (CVE-2022-39189)
- Report vmalloc UAF in dvb-core/dmxdev (CVE-2022-41218)
- u8 overflow problem in cfg80211updatenotlisted_nontrans() (CVE-2022-41674)
- use-after-free related to leaf anon_vma double reuse (CVE-2022-42703)
- use-after-free in bssrefget in net/wireless/scan.c (CVE-2022-42720)
- BSS list corruption in cfg80211addnontrans_list in net/wireless/scan.c (CVE-2022-42721)
- Denial of service in beacon protection for P2P-device (CVE-2022-42722)
- memory corruption in usbmon driver (CVE-2022-43750)
- NULL pointer dereference in traffic control subsystem (CVE-2022-47929)
- NULL pointer dereference in rawv6pushpending_frames (CVE-2023-0394)
- use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195)
- Soft lockup occurred during _pagemapcount (CVE-2023-1582)
- slab-out-of-bounds read vulnerabilities in cbq_classify (CVE-2023-23454)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.