kernel security update

An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

• kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation (CVE-2024-0193)

• kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

• kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)

• kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child’s sibling_list (CVE-2023-5717)

• kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)

• kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)

• kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)

• kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

• kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)

• kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.