(RHSA-2024:2006) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

• kernel: vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() (CVE-2023-4459)

• kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

• kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

• kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)

• kernel: netfilter: divide error in nft_limit_init (CVE-2021-46915)

• kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

Bug Fix(es):

• kernel: use-after-free in smb2_is_status_io_timeout() (JIRA:RHEL-15155)

• kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (JIRA:RHEL-9225)

• kernel: vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() (JIRA:RHEL-18083)

• dm multipath device suspend deadlocks waiting on a flush request (JIRA:RHEL-19107)

• kernel NULL pointer at RIP: 0010:kyber_has_work+0x1c/0x60 (JIRA:RHEL-21781)

• rbd: don’t move requests to the running list on errors [8.x] (JIRA:RHEL-24200)

• TRIAGE CVE-2021-46915 kernel: netfilter: divide error in nft_limit_init (JIRA:RHEL-28178)

• kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20295)

• kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (JIRA:RHEL-26385)

• kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (JIRA:RHEL-29180)