(RHSA-2024:2004) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security fixes:

• kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

• Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)

• kernel: irdma: Improper access control (CVE-2023-25775)

• kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

• kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)

This update also fixes the following bugs:

• NFS client closes active connection (RHEL-22193)

• kernel panic at __list_del_entry from smb2_reconnect_server (RHEL-26301)

• kernel: race condition when call to VT_RESIZEX ioctl and vc_cons[i].d is already NULL, causing a NULL pointer dereference. (RHEL-28639)

• kernel: net/sched: sch_hfsc UAF (RHEL-16458)

• kernel: irdma: Improper access control (RHEL-6299)

• The message in RHEL 7 ?stack-protector: Kernel stack is corrupted in:? is triggered because perf_trace_buf_prepare() does not verify that per_cpu array perf_trace_buf has allocated per_cpu buffers in it. (RHEL-18052)

• [rhel7] gfs2: Invalid metadata access in punch_hole (RHEL-28785)

• UDP packets dropped due to SELinux denial (RHEL-27751)

• Boot fails with kernel panic at acpi_device_hid+0x6 (RHEL-8721)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.