(RHSA-2024:6206) Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel:TCP-spoofed ghost ACKs and leak leak initial sequence number (CVE-2023-52881,RHV-2024-1001)

• kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069)

• kernel: drm: Don’t unref the same fb many times by mistake due to deadlock handling (CVE-2023-52486)

• kernel: pstore/ram: Fix crash when setting number of cpus to an odd number (CVE-2023-52619)

• kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720)

• kernel: vfio/pci: Lock external INTx masking ops (CVE-2024-26810)

• kernel: igc: avoid returning frame twice in XDP_REDIRECT (CVE-2024-26853)

• kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852)

• kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

• kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974)

• kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823)

• kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (CVE-2024-35789)

• kernel: wifi: iwlwifi: dbg-tlv: ensure NUL termination (CVE-2024-35845)

• kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47385)

• kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883)

• kernel: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (CVE-2024-36017)

• kernel: wifi: nl80211: don't free NULL coalescing rule (CVE-2024-36941)

• kernel: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (CVE-2024-36904)

• kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979)

• kernel: drm/amdgpu: Fix possible null pointer dereference (CVE-2023-52883)

• kernel: phylib: fix potential use-after-free (CVE-2022-48754)

• kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743)

• kernel: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (CVE-2024-38596)

• kernel: net: fix information leakage in /proc/net/ptype (CVE-2022-48757)

• kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

• kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)

• kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

• kernel: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (CVE-2024-33621)

• kernel: tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CVE-2024-37356)

• kernel: tls: fix missing memory barrier in tls_init (CVE-2024-36489)

• kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)

• kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)

• kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)

• kernel: NFSv4: Fix memory leak in nfs4_set_security_label (CVE-2024-41076)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.