RLSA-2024:4928

See a problem?
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2024:4928.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2024:4928
Related
Published
2024-08-01T01:29:12.010642Z
Modified
2024-08-01T01:30:39.310418Z
Summary
Moderate: kernel security update
Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned (CVE-2023-52458)

  • kernel: ext4: avoid allocating blocks from corrupted group in ext4mbtrybestfound() (CVE-2024-26773)

  • kernel: bpf: Fix racing between bpftimercancelandfree and bpftimercancel (CVE-2024-26737)

  • kernel: dm: call the resume method on internal suspend (CVE-2024-26880)

  • kernel: net/ipv6: avoid possible UAF in ip6routempath_notify() (CVE-2024-26852)

  • kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)

  • kernel: nfp: flower: handle acti_netdevs allocation failure (CVE-2024-27046)

  • kernel: octeontx2-af: Use separate handlers for interrupts (CVE-2024-27030)

  • kernel: icmp: prevent possible NULL dereferences from icmpbuildprobe() (CVE-2024-35857)

  • kernel: mlxbfgige: call requestirq() after NAPI initialized (CVE-2024-35907)

  • kernel: mlxbf_gige: stop interface during shutdown (CVE-2024-35885)

  • kernel: scsi: libfc: Fix potential NULL pointer dereference in fclportptp_setup() (CVE-2023-52809)

  • kernel: can: j1939: j1939netdevstart(): fix UAF for rxkref of j1939priv (CVE-2021-47459)

  • kernel: scsi: lpfc: Release hbalock before calling lpfcworkerwake_up() (CVE-2024-36924)

  • kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952)

  • kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743)

  • kernel: epoll: be better about file lifetimes (CVE-2024-38580)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:9 / kernel

Package

Name
kernel
Purl
pkg:rpm/rocky-linux/kernel?distro=rocky-linux-9&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.14.0-427.28.1.el9_4