RLSA-2024:3618

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)

• kernel: Information disclosure in vhost/vhost.c:vhostnewmsg() (CVE-2024-0340)

• kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744)

• kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593)

• kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445)

• kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever (CVE-2024-26603)

• kernel: use after free in i2c (CVE-2019-25162)

• kernel: i2c: validate user data in compat ioctl (CVE-2021-46934)

• kernel: media: dvbdev: Fix memory leak in dvbmediadevice_free() (CVE-2020-36777)

• kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors (CVE-2023-52477)

• kernel: mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055)

• kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump (CVE-2024-26615)

• kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627)

• kernel: Integer Overflow in raid5cachecount (CVE-2024-23307)

• kernel: media: uvcvideo: out-of-bounds read in uvcqueryv4l2_menu() (CVE-2023-52565)

• kernel: net: bridge: data races indata-races in brhandleframe_finish() (CVE-2023-52578)

• kernel: net: usb: smsc75xx: Fix uninit-value access in _smsc75xxread_reg (CVE-2023-52528)

• kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520)

• kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513)

• kernel: pid: take a reference when initializing cad_pid (CVE-2021-47118)

• kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610)

• kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643)

• kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)

• kernel: i2c: i801: Don't generate an interrupt on bus reset (CVE-2021-47153)

• kernel: xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659)

• kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664)

• kernel: wifi: mac80211: fix race condition on enabling fast-xmit (CVE-2024-26779)

• kernel: RDMA/srpt: Support specifying the srptserviceguid parameter (CVE-2024-26744)

• kernel: RDMA/qedr: Fix qedrcreateuser_qp error flow (CVE-2024-26743)

• kernel: tty: ttybuffer: Fix the softlockup issue in flushto_ldisc (CVE-2021-47185)

• kernel: dosysnametohandle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901)

• kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872)

• kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919)

• kernel: usb: xhci: Add error handling in xhcimapurbfordma (CVE-2024-26964)

• kernel: USB: core: Fix deadlock in usbdeauthorizeinterface() (CVE-2024-26934)

• kernel: USB: core: Fix deadlock in port "disable" sysfs attribute (CVE-2024-26933)

• kernel: fs: sysfs: Fix reference leak in sysfsbreakactive_protection() (CVE-2024-26993)

• kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973)

• kernel: USB: usb-storage: Prevent divide-by-0 error in isd200atacommand (CVE-2024-27059)

• kernel: net:emac/emac-mac: Fix a use after free in emacmactxbufsend (CVE-2021-47013)

• kernel: net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171)

• kernel: powerpc/pseries: Fix potential memleak in paprgetattr() (CVE-2022-48669)

• kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439)

• kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9khtctxstatus() (CVE-2023-52594)

• kernel: wifi: rt2x00: restart beacon queue when hardware reset (CVE-2023-52595)