AZL-47465 CVE-2024-41087 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ataportalloc call in atahostalloc fails, we will jump to the errout label, which will call devresreleasegroup. devresreleasegroup will trigger a call to atahostrelease...

kernel: enforce a minimum SG_IO timeout

libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SGIO requests, which allows local users to cause a denial of service Programmed I/O mode on drives via multiple simultaneous invocations of an unspecified test program...