(RHSA-2024:0412) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)

• kernel: net/sched: multiple vulnerabilities (CVE-2023-3611, CVE-2023-4623)

• kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

• kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

• kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)

• kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)

• kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

• kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

• kernel: multiple race condition vulnerabilities (CVE-2022-3028, CVE-2022-3522, CVE-2023-33203, CVE-2023-35823, CVE-2023-35824, CVE-2022-3567, BZ#2230094)

• kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)

• kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)

• kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)

• kernel: USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)

• kernel: multiple NULL pointer dereference vulnerabilities (CVE-2022-4129, CVE-2022-47929, CVE-2023-0394, CVE-2023-3772, CVE-2023-4459)

• kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141)

• kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)

• hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)

• kernel: Report vmalloc UAF in dvb-core/dmxdev (CVE-2022-41218)

• kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

• kernel: memory corruption in usbmon driver (CVE-2022-43750)

• kernel: HID: multiple vulnerabilities (CVE-2023-1073, CVE-2023-1079)

• kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195)

• kernel: denial of service in tipc_conn_close (CVE-2023-1382)

• kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838)

• kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)

• Kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)

• kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194)

• kernel: ext4: use-after-free in ext4_xattr_set_entry() (CVE-2023-2513)

• kernel: fbcon: shift-out-of-bounds in fbcon_set_font() (CVE-2023-3161)

• kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)

• kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race (CVE-2023-3567)

• kernel: Race between task migrating pages and another task calling exit_mmap (CVE-2023-4732)

• kernel: slab-out-of-bounds read vulnerabilities in cbq_classify (CVE-2023-23454)

• kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)

• kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)

• kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c (CVE-2024-0562)

• kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

• kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• bpf_jit_limit hit again (BZ#2243013)

• HPE Edgeline 920t resets during kdump context when ice driver is loaded and when system is booted with intel_iommu=on iommu=pt (BZ#2244627)

• RHEL8.6 - s390/dasd: Use correct lock while counting channel queue length (BZ#2250882)