CLSA-2024-1728936982

drm/amd/pm: Fix negative array index read {CVE-2024-46821}
drm/amd/display: Check gpio_id before used as array index {CVE-2024-46818}
drm/amd/display: Check link_index before accessing dc->links[] {CVE-2024-46813}
drm/amd/display: Fix index may exceed array range within fpuupdatebwboundingbox {CVE-2024-46811}
Squashfs: sanity check symbolic link size {CVE-2024-46744}
platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses {CVE-2024-46859}
net/sched: actapi: fix possible infinite loop in tcfidrcheckalloc() {CVE-2024-40995}
net/sched: actapi: rely on rcu in tcfidrcheckalloc {CVE-2024-40995}
netfilter: bridge: confirm multicast packets before passing them up the stack {CVE-2024-27415}
netfilter: let reset rules clean out conntrack entries {CVE-2024-27415}
mm/filemap: make MAXPAGECACHEORDER acceptable to xarray {CVE-2024-42243}
gpiolib: cdev: Fix use after free in lineinfochangednotify {CVE-2024-36899}
bpf, sockmap: Prevent lock inversion deadlock in map delete elem {CVE-2024-35895}
bpf, sockmap: Fix preemptrt splat when using rawspinlockt {CVE-2024-35895}
mm/hugememory: don't unpoison hugezero_folio {CVE-2024-40914}
cxgb4: fix use after free bugs caused by circular dependency problem {CVE-2023-4133}
timers: Restore ABI Compatibility with timer_delete Functions {CVE-2023-4133}
timers: Provide timer_shutdown_sync {CVE-2023-4133}
timers: Add shutdown mechanism to the internal functions {CVE-2023-4133}
timers: Split [tryto]del_timer_sync to prepare for shutdown mode {CVE-2023-4133}
timers: Silently ignore timers with a NULL function {CVE-2023-4133}
timers: Rename deltimer() to timerdelete() {CVE-2023-4133}
timers: Rename deltimersync() to timerdeletesync() {CVE-2023-4133}
timers: Use deltimersync() even on UP {CVE-2023-4133}
timers: Update kernel-doc for various functions {CVE-2023-4133}
timers: Replace BUG_ON()s {CVE-2023-4133}
timers: Get rid of delsingleshottimer_sync() {CVE-2023-4133}
clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function {CVE-2023-4133}
clocksource/drivers/armarchtimer: Do not use timer namespace for timer_shutdown() function {CVE-2023-4133}
mm: avoid overflows in dirty throttling logic {CVE-2024-42131}
ring-buffer: Fix a race between readers and resize checks {CVE-2024-38601}
igc: avoid returning frame twice in XDP_REDIRECT {CVE-2024-26853}
igc: Avoid transmit queue timeout for XDP {CVE-2024-26853}
nfsd: fix RELEASE_LOCKOWNER {CVE-2024-26629}
tty: ngsm: require CAPNETADMIN to attach NGSM0710 ldisc {CVE-2023-52880}
nvmet: fix a possible leak when destroy a ctrl during qp establishment {CVE-2024-42152}
net: ntbnetdev: Move ntbnetdevrxhandler() to call netif_rx() from _netifrx() {CVE-2024-42110}
x86: stop playing stack games in profile_pc() {CVE-2024-42096}
xdp: Remove WARN() from _xdpregmemmodel() {CVE-2024-42082}
NFSv4: Fix memory leak in nfs4setsecurity_label {CVE-2024-41076}
ppp: reject claimed-as-LCP but actually malformed packets {CVE-2024-41044}
udp: Set SOCKRCUFREE earlier in udplibget_port(). {CVE-2024-41041}
sched/deadline: Fix task_struct reference leak {CVE-2024-41023}
tipc: force a dst refcount before doing decryption {CVE-2024-40983}
scsi: qedi: Fix crash while reading debugfs attribute {CVE-2024-40978}
wifi: iwlwifi: mvm: don't read past the mfuart notifcation {CVE-2024-40941}
wifi: iwlwifi: mvm: check n_ssids before accessing the ssids {CVE-2024-40929}
xhci: Handle TD clearing for multiple streams case {CVE-2024-40927}
wifi: mac80211: Fix deadlock in ieee80211stapsdeliverwakeup() {CVE-2024-40912}
wifi: cfg80211: Lock wiphy in cfg80211getstation {CVE-2024-40911}
ipv6: fix possible race in _fib6droppcpufrom() {CVE-2024-40905}
md/raid5: fix deadlock that raid5d() wait for itself to clear MDSBCHANGE_PENDING {CVE-2024-39476}
usb-storage: alauda: Check whether the media is initialized {CVE-2024-38619}
usb-storage: alauda: Fix uninit-value in alaudacheckmedia() {CVE-2024-38619}
crypto: bcm - Fix pointer arithmetic {CVE-2024-38579}
scsi: qedf: Ensure the copied buf is NUL terminated {CVE-2024-38559}
wifi: nl80211: don't free NULL coalescing rule {CVE-2024-36941}
scsi: qla2xxx: Fix off by one in qlaedifapp_getstats() {CVE-2024-36025}
netfilter: nf_tables: Fix potential data-race in _nftflowtabletypeget() {CVE-2024-35898}
mlxsw: spectrumacltcam: Fix memory leak when canceling rehash work {CVE-2024-35852}
wifi: iwlwifi: dbg-tlv: ensure NUL termination {CVE-2024-35845}
KVM: SVM: Flush pages under kvm->lock to fix UAF in svmregisterenc_region() {CVE-2024-35791}
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes {CVE-2024-35789}
wifi: rtl8xxxu: add cancelworksync() for c2hcmd_work {CVE-2024-27052}
nfp: flower: handle acti_netdevs allocation failure {CVE-2024-27046}
octeontx2-af: Use separate handlers for interrupts {CVE-2024-27030}
netfilter: flowtable: validate pppoe header {CVE-2024-27016}
kprobes/x86: Use copyfromkernel_nofault() to read from unsafe address {CVE-2024-26946}
scsi: qla2xxx: Fix command flush on cable pull {CVE-2024-26931}
net: ice: Fix potential NULL pointer dereference in icebridgesetlink() {CVE-2024-26855}
bpf: Fix racing between bpftimercancelandfree and bpftimercancel {CVE-2024-26737}
Input: cyapa - add missing input core locking to suspend/resume functions {CVE-2023-52884}
bpf, sockmap: Don't let sockmap{close,destroy,unhash} call itself {CVE-2023-52735}
wifi: ath10k: fix NULL pointer dereference in ath10kwmitlvoppullmgmttxcomplev() {CVE-2023-52651}
net: tapopen(): set skuid from current_fsuid() {CVE-2023-4194}
net: tunchropen(): set skuid from currentfsuid() {CVE-2023-4194}
seg6: fix the iif in the IPv6 socket control block {CVE-2021-47515}
tty: Fix out-of-bound vmalloc access in imageblit {CVE-2021-47383}
bnx2x: Fix multiple UBSAN array-index-out-of-bounds {CVE-2024-42148}
hwmon: (adc128d818) Fix underflows seen when writing limit attributes {CVE-2024-46759}
net: bridge: mst: fix vlan use-after-free {CVE-2024-36979}
stm class: Fix a double free in stmregisterdevice() {CVE-2024-38627}
wifi: mac80211: Avoid address calculations via out of bounds array indexing {CVE-2024-41071}
of/irq: Prevent device address out-of-bounds read in interrupt map walk {CVE-2024-46743}
HID: cougar: fix slab-out-of-bounds Read in cougarreportfixup {CVE-2024-46747}
drm/amdgpu: fix mc_data out-of-bounds read warning {CVE-2024-46722}
drm/amdgpu: Fix out-of-bounds write warning {CVE-2024-46725}
drm/amdgpu: Fix out-of-bounds read of dfv17channelnumber {CVE-2024-46724}
wifi: nl80211: Avoid address calculations via out of bounds array indexing {CVE-2024-38562}
wifi: nl80211: convert cfg80211scanrequest allocation to *_size macros {CVE-2024-38562}
overflow: Implement size_t saturating arithmetic helpers {CVE-2024-38562}
cdrom: rearrange lastmediachange check to avoid unintentional overflow {CVE-2024-42136}
ftrace: Fix possible use-after-free issue in ftrace_location() {CVE-2024-38588}
ftrace: Fix possible warning on checking all pages used in ftraceprocesslocs() {CVE-2024-38588}
drm/amdgpu: fix ucode out-of-bounds read warning {CVE-2024-46723}
VMCI: Fix use-after-free when removing resource in vmciresourceremove() {CVE-2024-46738}
sch/netem: fix use after free in netem_dequeue {CVE-2024-46800}
firmware: cs_dsp: Fix overflow checking of wmfw header {CVE-2024-41039}
hwmon: (lm95234) Fix underflows seen when writing limit attributes {CVE-2024-46758}
HID: amdsfh: free driverdata after destroying hid device {CVE-2024-46746}
xfs: don't walk off the end of a directory data block {CVE-2024-41013}
hwmon: (w83627ehf) Fix underflows seen when writing limit attributes {CVE-2024-46756}
tunnels: fix out of bounds access when building IPv6 PMTU error {CVE-2024-26665}
hwmon: (nct6775-core) Fix underflows seen when writing limit attributes {CVE-2024-46757}
drm/amd/pm: fix the Out-of-bounds read warning {CVE-2024-46731}
drm/amdgpu/mes: fix mes ring buffer overflow {CVE-2024-46700}
exec: Fix ToCToU between perm check and set-uid/gid usage {CVE-2024-43882}
PCI/MSI: Fix UAF in msicapabilityinit {CVE-2024-41096}

References

https://errata.tuxcare.com/almalinux9.2-esu/CLSA-2024-1728936982.html

CLSA-2024-1728936982

Affected packages