The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)
- kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)
- kernel: inactive elements in nftpipapowalk (CVE-2023-6817)
- kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)
- kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)
- kernel: nfp: use-after-free in areacacheget() (CVE-2022-3545)
- kernel: null-ptr-deref vulnerabilities in sltxtimeout in drivers/net/slip (CVE-2022-41858)
- kernel: HID: check empty reportlist in hidvalidate_values() (CVE-2023-1073)
- kernel: Possible use-after-free since the two fdget() during vhostnetset_backend() (CVE-2023-1838)
- kernel: NULL pointer dereference in canrcvfilter (CVE-2023-2166)
- kernel: Slab-out-of-bound read in comparenetdevand_ip (CVE-2023-2176)
- kernel: A heap out-of-bounds write when function perfreadgroup is called and siblinglist is smaller than its child's siblinglist (CVE-2023-5717)
- kernel: NULL pointer dereference in nvmettcpbuild_iovec (CVE-2023-6356)
- kernel: NULL pointer dereference in nvmettcpexecute_request (CVE-2023-6535)
- kernel: NULL pointer dereference in _nvmetreq_complete (CVE-2023-6536)
- kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)
- kernel: OOB Access in smb2dumpdetail (CVE-2023-6610)
- kernel: use-after-free in l2capsockrelease in net/bluetooth/l2cap_sock.c (CVE-2023-40283)
- kernel: SEV-ES local priv escalation (CVE-2023-46813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.