(RHSA-2024:1188) Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)

• kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)

• kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)

• kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)

• kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674)

• kernel: use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720)

• kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721)

• kernel: Denial of service in beacon protection for P2P-device (CVE-2022-42722)

• kernel: KVM: x86/mmu: race condition in direct_page_fault() (CVE-2022-45869)

• kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)

• kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

• kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

• kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)

• kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (CVE-2023-51043)

Bug Fix(es):

• kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() (JIRA:RHEL-18732)

• kernel: use-after-free in bss_ref_get in net/wireless/scan.c (JIRA:RHEL-18733)

• kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (JIRA:RHEL-18734)

• kernel: Denial of service in beacon protection for P2P-device (JIRA:RHEL-18735)

• kernel: x86/mm: Randomize per-cpu entry area (JIRA:RHEL-18817)

• kernel: KVM: x86/mmu: race condition in direct_page_fault() (JIRA:RHEL-18829)

• kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20297)

• kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (JIRA:RHEL-20363)

• kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21660)

• kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:RHEL-22075)

• kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (JIRA:RHEL-23475)

• kernel: memory leak in drivers/hid/hid-elo.c (JIRA:RHEL-18557)

• kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (JIRA:RHEL-18798)

• kernel: use-after-free when psi trigger is destroyed while being polled (JIRA:RHEL-21919)

• [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release (JIRA:RHEL-23061)

• backport smartpqi: fix disable_managed_interrupts (JIRA:RHEL-26137)

Enhancement(s):

• [MCHP 8.7 FEAT] Update smartpqi driver to latest upstream Second Set of Patches (JIRA:RHEL-21592)

• [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:RHEL-25809)