{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2024:1607","synopsis":"Important: kernel security, bug fix, and enhancement update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for kernel.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)\n\n* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)\n\n* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527)\n\n* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)\n\n* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers\/gpu\/drm\/amd\/amdgpu\/amdgpu_cs.c (CVE-2023-51042)\n\n* kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631)\n\n* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)\n\nBug Fix(es):\n\n* OCP 4.12 crashed due to use-after-free in libceph in rhel8 (JIRA:Rocky Linux-21394)\n\n* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux-24010)\n\n* Screen floods with random colour suggesting something not initialised (JIRA:Rocky Linux-21055)\n\n* kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux-22766)\n\n* tx-checksumming required for accessing port in OpenShift for Rocky Linux 8.6 (JIRA:Rocky Linux-20822)\n\n* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux-22077)\n\n* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux-22930)\n\n* rbd: don't move requests to the running list on errors [8.x] (JIRA:Rocky Linux-24204)\n\n* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers\/gpu\/drm\/amd\/amdgpu\/amdgpu_cs.c (JIRA:Rocky Linux-24479)\n\n* ceph: several cap and snap fixes (JIRA:Rocky Linux-20909)\n\n* [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release (JIRA:Rocky Linux-23063)\n\n* unable to access smsc95xx based interface unless you start outgoing traffic. (JIRA:Rocky Linux-25719)\n\n* [Rocky Linux8] ] BUG bio-696 (Not tainted): Poison overwritten (JIRA:Rocky Linux-26101)\n\n* kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux-19954)\n\n* backport smartpqi: fix disable_managed_interrupts (JIRA:Rocky Linux-26139)\n\n* kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux-26331)\n\n* ceph: always check dir caps asynchronously (JIRA:Rocky Linux-27496)\n\nEnhancement(s):\n\n* [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:Rocky Linux-25811)","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2133452","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2133452","description":""},{"ticket":"2252731","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2252731","description":""},{"ticket":"2255498","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2255498","description":""},{"ticket":"2258518","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2258518","description":""},{"ticket":"2259866","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2259866","description":""},{"ticket":"2261976","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2261976","description":""},{"ticket":"2262126","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2262126","description":""}],"cves":[{"name":"CVE-2021-33631","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-33631","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2022-38096","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-38096","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-51042","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-51042","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-6546","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-6546","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-6931","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-6931","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-0565","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-0565","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-1086","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-1086","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"}],"references":[],"publishedAt":"2024-04-05T14:55:53.600745Z","rpms":{"Rocky Linux 8":{"nvras":["bpftool-0:4.18.0-513.24.1.el8_9.aarch64.rpm","bpftool-0:4.18.0-513.24.1.el8_9.x86_64.rpm","bpftool-debuginfo-0:4.18.0-513.24.1.el8_9.aarch64.rpm","bpftool-debuginfo-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-0:4.18.0-513.24.1.el8_9.src.rpm","kernel-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-abi-stablelists-0:4.18.0-513.24.1.el8_9.noarch.rpm","kernel-core-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-core-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-cross-headers-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-cross-headers-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-debug-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-debug-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-debug-core-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-debug-core-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-debug-debuginfo-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-debug-debuginfo-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-debug-devel-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-debug-devel-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-debuginfo-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-debuginfo-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-debuginfo-common-aarch64-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-debuginfo-common-x86_64-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-debug-modules-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-debug-modules-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-debug-modules-extra-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-debug-modules-extra-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-devel-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-devel-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-doc-0:4.18.0-513.24.1.el8_9.noarch.rpm","kernel-headers-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-headers-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-modules-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-modules-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-modules-extra-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-modules-extra-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-tools-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-tools-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-tools-debuginfo-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-tools-debuginfo-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-tools-libs-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-tools-libs-0:4.18.0-513.24.1.el8_9.x86_64.rpm","kernel-tools-libs-devel-0:4.18.0-513.24.1.el8_9.aarch64.rpm","kernel-tools-libs-devel-0:4.18.0-513.24.1.el8_9.x86_64.rpm","perf-0:4.18.0-513.24.1.el8_9.aarch64.rpm","perf-0:4.18.0-513.24.1.el8_9.x86_64.rpm","perf-debuginfo-0:4.18.0-513.24.1.el8_9.aarch64.rpm","perf-debuginfo-0:4.18.0-513.24.1.el8_9.x86_64.rpm","python3-perf-0:4.18.0-513.24.1.el8_9.aarch64.rpm","python3-perf-0:4.18.0-513.24.1.el8_9.x86_64.rpm","python3-perf-debuginfo-0:4.18.0-513.24.1.el8_9.aarch64.rpm","python3-perf-debuginfo-0:4.18.0-513.24.1.el8_9.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}

Rocky Linux: RLSA-2024:1607 kernel security

April 5, 2024
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Summary

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list


The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931) * kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) Bug Fix(es): * OCP 4.12 crashed due to use-after-free in libceph in rhel8 (JIRA:Rocky Linux-21394) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux-24010) * Screen floods with random colour suggesting something not initialised (JIRA:Rocky Linux-21055) * kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux-22766) * tx-checksumming required for accessing port in OpenShift for Rocky Linux 8.6 (JIRA:Rocky Linux-20822) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux-22077) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux-22930) * rbd: don't move requests to the running list on errors [8.x] (JIRA:Rocky Linux-24204) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:Rocky Linux-24479) * ceph: several cap and snap fixes (JIRA:Rocky Linux-20909) * [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release (JIRA:Rocky Linux-23063) * unable to access smsc95xx based interface unless you start outgoing traffic. (JIRA:Rocky Linux-25719) * [Rocky Linux8] ] BUG bio-696 (Not tainted): Poison overwritten (JIRA:Rocky Linux-26101) * kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux-19954) * backport smartpqi: fix disable_managed_interrupts (JIRA:Rocky Linux-26139) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux-26331) * ceph: always check dir caps asynchronously (JIRA:Rocky Linux-27496) Enhancement(s): * [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:Rocky Linux-25811)

RPMs

bpftool-0:4.18.0-513.24.1.el8_9.aarch64.rpm

bpftool-0:4.18.0-513.24.1.el8_9.x86_64.rpm

bpftool-debuginfo-0:4.18.0-513.24.1.el8_9.aarch64.rpm

bpftool-debuginfo-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-0:4.18.0-513.24.1.el8_9.src.rpm

kernel-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-abi-stablelists-0:4.18.0-513.24.1.el8_9.noarch.rpm

kernel-core-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-core-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-cross-headers-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-cross-headers-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-debug-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-debug-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-debug-core-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-debug-core-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-debug-debuginfo-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-debug-debuginfo-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-debug-devel-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-debug-devel-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-debuginfo-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-debuginfo-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-debuginfo-common-aarch64-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-debuginfo-common-x86_64-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-debug-modules-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-debug-modules-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-debug-modules-extra-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-debug-modules-extra-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-devel-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-devel-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-doc-0:4.18.0-513.24.1.el8_9.noarch.rpm

kernel-headers-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-headers-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-modules-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-modules-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-modules-extra-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-modules-extra-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-tools-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-tools-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-tools-debuginfo-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-tools-debuginfo-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-tools-libs-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-tools-libs-0:4.18.0-513.24.1.el8_9.x86_64.rpm

kernel-tools-libs-devel-0:4.18.0-513.24.1.el8_9.aarch64.rpm

kernel-tools-libs-devel-0:4.18.0-513.24.1.el8_9.x86_64.rpm

perf-0:4.18.0-513.24.1.el8_9.aarch64.rpm

perf-0:4.18.0-513.24.1.el8_9.x86_64.rpm

perf-debuginfo-0:4.18.0-513.24.1.el8_9.aarch64.rpm

perf-debuginfo-0:4.18.0-513.24.1.el8_9.x86_64.rpm

python3-perf-0:4.18.0-513.24.1.el8_9.aarch64.rpm

python3-perf-0:4.18.0-513.24.1.el8_9.x86_64.rpm

python3-perf-debuginfo-0:4.18.0-513.24.1.el8_9.aarch64.rpm

python3-perf-debuginfo-0:4.18.0-513.24.1.el8_9.x86_64.rpm

References

No References

CVEs

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33631

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38096

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51042

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6546

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6931

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0565

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1086

Severity
Name: RLSA-2024:1607
Affected Products: Rocky Linux 8

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2133452

https://bugzilla.redhat.com/show_bug.cgi?id=2252731

https://bugzilla.redhat.com/show_bug.cgi?id=2255498

https://bugzilla.redhat.com/show_bug.cgi?id=2258518

https://bugzilla.redhat.com/show_bug.cgi?id=2259866

https://bugzilla.redhat.com/show_bug.cgi?id=2261976

https://bugzilla.redhat.com/show_bug.cgi?id=2262126


Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved