RXSA-2024:4349

See a problem?
Import Source
https://storage.googleapis.com/resf-osv-data/RXSA-2024:4349.json
JSON Data
https://api.osv.dev/v1/vulns/RXSA-2024:4349
Related
  • CVE-2021-47400
  • CVE-2023-52626
  • CVE-2023-52667
  • CVE-2024-26801
  • CVE-2024-26974
  • CVE-2024-27393
  • CVE-2024-35870
  • CVE-2024-35960
Published
2024-07-15T12:20:29.479474Z
Modified
2024-07-15T12:20:37.054346Z
Summary
Moderate: kernel security and bug fix update
Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (CVE-2023-52626)

  • kernel: Bluetooth: Avoid potential use-after-free in hcierrorreset (CVE-2024-26801)

  • kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974)

  • kernel: xen-netfront: Add missing skbmarkfor_recycle (CVE-2024-27393)

  • kernel: net/mlx5e: fix a potential double-free in fsanycreate_groups (CVE-2023-52667)

  • kernel: smb: client: fix UAF in smb2reconnectserver() (CVE-2024-35870)

  • kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)

  • kernel: net: hns3: do not allow call hns3nicnet_open repeatedly (CVE-2021-47400)

Bug Fix(es):

  • cifs - kernel panic with cifsputsmb_ses (JIRA:Rocky Linux SIG Cloud-28943)

  • BUG: unable to handle page fault for address: ff16bf752f593ff8 [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-35672)

  • [HPE 9.4 Bug] Request merge of AMD address translation library patch series [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36220)

  • [Rocky Linux SIG Cloud9] kernel BUG at lib/list_debug.c:51! [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36687)

  • ice: DPLL-related fixes [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36716)

  • CNB95: net/sched: update TC core to upstream v6.8 [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-37641)

  • IPv6: SR: backport fixes from upstream [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-37669)

  • [RFE] Backport tmpfs noswap mount option [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-38252)

  • Isolated cores causing issues on latest Rocky Linux SIG Cloud9.4 kernel and not functioning as desired. [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-38595)

  • [ice] Add automatic VF reset on Tx MDD events [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-39083)

  • [HPEMC Rocky Linux SIG Cloud 9.4 REGRESSION] turbostat: turbostat broken on 10+ sockets. [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-34953)

  • bnx2x: fix crashes in PCI error handling, resource leaks [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-43272)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:9 / kernel

Package

Name
kernel
Purl
pkg:rpm/rocky-linux/kernel?distro=rocky-linux-9-sig-cloud&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.14.0-427.24.1.el9_4.cloud.3.0