RXSA-2024:1248

Source
https://errata.rockylinux.org/RXSA-2024:1248
Import Source
https://storage.googleapis.com/resf-osv-data/RXSA-2024:1248.json
JSON Data
https://api.osv.dev/v1/vulns/RXSA-2024:1248
Related
Published
2024-03-27T04:37:19.422545Z
Modified
2024-03-27T04:37:25.998331Z
Summary
Important: kernel security update
Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: inactive elements in nftpipapowalk (CVE-2023-6817)

  • kernel: netfilter: use-after-free in nfttransgccatchallsync leads to privilege escalation (CVE-2024-0193)

  • kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

  • kernel: Use-after-free in nftverdictdump due to a race between set GC and transaction (CVE-2023-4244)

  • kernel: A heap out-of-bounds write when function perfreadgroup is called and siblinglist is smaller than its child's siblinglist (CVE-2023-5717)

  • kernel: NULL pointer dereference in nvmettcpbuild_iovec (CVE-2023-6356)

  • kernel: NULL pointer dereference in nvmettcpexecute_request (CVE-2023-6535)

  • kernel: NULL pointer dereference in _nvmetreq_complete (CVE-2023-6536)

  • kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

  • kernel: OOB Access in smb2dumpdetail (CVE-2023-6610)

  • kernel: use-after-free in amdgpucswaitallfences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:9 / kernel

Package

Name
kernel
Purl
pkg:rpm/rocky-linux/kernel?distro=rocky-linux-9-sig-cloud&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.14.0-362.24.1.el9_3.cloud.0.6