Rocky Linux: RLSA-2024:6567 kernel security update Security Advisories Updates
Summary
An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: nfsd: fix RELEASE_LOCKOWNER (CVE-2024-26629) * kernel: mm: cachestat: fix folio read-after-free in cache walk (CVE-2024-26630) * kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720) * kernel: Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886) * kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946) * kernel: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (CVE-2024-35791) * kernel: mm: cachestat: fix two shmem bugs (CVE-2024-35797) * kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875) * kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000) * kernel: iommufd: Fix missing update of domains_itree after splitting iopt_area (CVE-2023-52801) * kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883) * kernel: regmap: maple: Fix cache corruption in regcache_maple_drop() (CVE-2024-36019) * kernel: usb-storage: alauda: Check whether the media is initialized (CVE-2024-38619) * kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979) * kernel: scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559) * kernel: xhci: Handle TD clearing for multiple streams case (CVE-2024-40927) * kernel: cxl/region: Fix memregion leaks in devm_cxl_add_region() (CVE-2024-40936) * kernel: net/sched: Fix UAF when resolving a clash (CVE-2024-41040) * kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044) * kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055) * kernel: PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096) * kernel: xdp: Remove WARN() from __xdp_reg_mem_model() (CVE-2024-42082) * kernel: x86: stop playing stack games in profile_pc() (CVE-2024-42096) * kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102) * kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131) * kernel: nvme: avoid double free special payload (CVE-2024-41073) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RPMs
bpftool-0:7.3.0-427.35.1.el9_4.aarch64.rpm
bpftool-0:7.3.0-427.35.1.el9_4.ppc64le.rpm
bpftool-0:7.3.0-427.35.1.el9_4.s390x.rpm
bpftool-0:7.3.0-427.35.1.el9_4.x86_64.rpm
bpftool-debuginfo-0:7.3.0-427.35.1.el9_4.aarch64.rpm
bpftool-debuginfo-0:7.3.0-427.35.1.el9_4.ppc64le.rpm
bpftool-debuginfo-0:7.3.0-427.35.1.el9_4.s390x.rpm
bpftool-debuginfo-0:7.3.0-427.35.1.el9_4.x86_64.rpm
kernel-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-0:5.14.0-427.35.1.el9_4.src.rpm
kernel-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-64k-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-core-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-debug-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-debug-core-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-debug-debuginfo-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-debug-devel-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-debug-devel-matched-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-debuginfo-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-debug-modules-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-debug-modules-core-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-debug-modules-extra-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-devel-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-devel-matched-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-modules-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-modules-core-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-64k-modules-extra-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-abi-stablelists-0:5.14.0-427.35.1.el9_4.noarch.rpm
kernel-core-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-core-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-core-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-core-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-cross-headers-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-cross-headers-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-cross-headers-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-cross-headers-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-debug-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-debug-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-debug-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-debug-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-debug-core-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-debug-core-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-debug-core-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-debug-core-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-debug-debuginfo-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-debug-debuginfo-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-debug-debuginfo-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-debug-debuginfo-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-debug-devel-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-debug-devel-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-debug-devel-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-debug-devel-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-debug-devel-matched-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-debug-devel-matched-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-debug-devel-matched-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-debug-devel-matched-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-debuginfo-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-debuginfo-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-debuginfo-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-debuginfo-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-debug-modules-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-debug-modules-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-debug-modules-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-debug-modules-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-debug-modules-core-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-debug-modules-core-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-debug-modules-core-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-debug-modules-core-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-debug-modules-extra-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-debug-modules-extra-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-debug-modules-extra-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-debug-modules-extra-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-debug-uki-virt-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-devel-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-devel-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-devel-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-devel-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-devel-matched-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-devel-matched-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-devel-matched-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-devel-matched-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-doc-0:5.14.0-427.35.1.el9_4.noarch.rpm
kernel-headers-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-headers-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-headers-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-headers-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-modules-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-modules-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-modules-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-modules-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-modules-core-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-modules-core-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-modules-core-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-modules-core-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-modules-extra-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-modules-extra-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-modules-extra-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-modules-extra-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-core-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-debug-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-debug-core-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-debug-debuginfo-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-debug-devel-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-debuginfo-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-debug-kvm-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-debug-modules-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-debug-modules-core-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-debug-modules-extra-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-devel-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-kvm-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-modules-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-modules-core-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-rt-modules-extra-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-tools-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-tools-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-tools-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-tools-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-tools-debuginfo-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-tools-debuginfo-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-tools-debuginfo-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-tools-debuginfo-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-tools-libs-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-tools-libs-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-tools-libs-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-tools-libs-devel-0:5.14.0-427.35.1.el9_4.aarch64.rpm
kernel-tools-libs-devel-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
kernel-tools-libs-devel-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-uki-virt-0:5.14.0-427.35.1.el9_4.x86_64.rpm
kernel-zfcpdump-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-zfcpdump-core-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-zfcpdump-debuginfo-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-zfcpdump-devel-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-zfcpdump-devel-matched-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-zfcpdump-modules-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-zfcpdump-modules-core-0:5.14.0-427.35.1.el9_4.s390x.rpm
kernel-zfcpdump-modules-extra-0:5.14.0-427.35.1.el9_4.s390x.rpm
libperf-0:5.14.0-427.35.1.el9_4.aarch64.rpm
libperf-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
libperf-0:5.14.0-427.35.1.el9_4.s390x.rpm
libperf-0:5.14.0-427.35.1.el9_4.x86_64.rpm
libperf-debuginfo-0:5.14.0-427.35.1.el9_4.aarch64.rpm
libperf-debuginfo-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
libperf-debuginfo-0:5.14.0-427.35.1.el9_4.s390x.rpm
libperf-debuginfo-0:5.14.0-427.35.1.el9_4.x86_64.rpm
perf-0:5.14.0-427.35.1.el9_4.aarch64.rpm
perf-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
perf-0:5.14.0-427.35.1.el9_4.s390x.rpm
perf-0:5.14.0-427.35.1.el9_4.x86_64.rpm
perf-debuginfo-0:5.14.0-427.35.1.el9_4.aarch64.rpm
perf-debuginfo-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
perf-debuginfo-0:5.14.0-427.35.1.el9_4.s390x.rpm
perf-debuginfo-0:5.14.0-427.35.1.el9_4.x86_64.rpm
python3-perf-0:5.14.0-427.35.1.el9_4.aarch64.rpm
python3-perf-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
python3-perf-0:5.14.0-427.35.1.el9_4.s390x.rpm
python3-perf-0:5.14.0-427.35.1.el9_4.x86_64.rpm
python3-perf-debuginfo-0:5.14.0-427.35.1.el9_4.aarch64.rpm
python3-perf-debuginfo-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
python3-perf-debuginfo-0:5.14.0-427.35.1.el9_4.s390x.rpm
python3-perf-debuginfo-0:5.14.0-427.35.1.el9_4.x86_64.rpm
rtla-0:5.14.0-427.35.1.el9_4.aarch64.rpm
rtla-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
rtla-0:5.14.0-427.35.1.el9_4.s390x.rpm
rtla-0:5.14.0-427.35.1.el9_4.x86_64.rpm
rv-0:5.14.0-427.35.1.el9_4.aarch64.rpm
rv-0:5.14.0-427.35.1.el9_4.ppc64le.rpm
rv-0:5.14.0-427.35.1.el9_4.s390x.rpm
rv-0:5.14.0-427.35.1.el9_4.x86_64.rpm
References
No References
CVEs
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2265797
https://bugzilla.redhat.com/show_bug.cgi?id=2269434
https://bugzilla.redhat.com/show_bug.cgi?id=2269436
https://bugzilla.redhat.com/show_bug.cgi?id=2273141
https://bugzilla.redhat.com/show_bug.cgi?id=2275678
https://bugzilla.redhat.com/show_bug.cgi?id=2278206
https://bugzilla.redhat.com/show_bug.cgi?id=2281052
https://bugzilla.redhat.com/show_bug.cgi?id=2281151
https://bugzilla.redhat.com/show_bug.cgi?id=2281727
https://bugzilla.redhat.com/show_bug.cgi?id=2281968
https://bugzilla.redhat.com/show_bug.cgi?id=2282709
https://bugzilla.redhat.com/show_bug.cgi?id=2284271
https://bugzilla.redhat.com/show_bug.cgi?id=2284402
https://bugzilla.redhat.com/show_bug.cgi?id=2293273
https://bugzilla.redhat.com/show_bug.cgi?id=2293276
https://bugzilla.redhat.com/show_bug.cgi?id=2293440
https://bugzilla.redhat.com/show_bug.cgi?id=2297511
https://bugzilla.redhat.com/show_bug.cgi?id=2297520
https://bugzilla.redhat.com/show_bug.cgi?id=2300409
https://bugzilla.redhat.com/show_bug.cgi?id=2300414
https://bugzilla.redhat.com/show_bug.cgi?id=2300429
https://bugzilla.redhat.com/show_bug.cgi?id=2300491
https://bugzilla.redhat.com/show_bug.cgi?id=2300520
https://bugzilla.redhat.com/show_bug.cgi?id=2300713
https://bugzilla.redhat.com/show_bug.cgi?id=2301465
https://bugzilla.redhat.com/show_bug.cgi?id=2301496
https://bugzilla.redhat.com/show_bug.cgi?id=2301637