[Announce] [Security Advisory] ALSA-2024:8870: kernel-rt security update (Moderate)

[AlmaLinux Errata Notifications]

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to 
receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-11-06

Summary:

The kernel-rt packages provide the Real Time Linux Kernel, which enables 
fine-tuning for systems with extremely high determinism requirements.  

Security Fix(es):  

  * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() 
(CVE-2024-24857)
  * kernel: dmaengine: fix NULL pointer in channel unregistration function 
(CVE-2023-52492)
  * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of 
range (CVE-2024-26851)
  * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
  * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump 
(CVE-2024-27017)
  * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed 
(CVE-2024-26976)
  * kernel: nouveau: lock the client object tree. (CVE-2024-27062)
  * kernel: netfilter: bridge: replace physindev with physinif in 
nf_bridge_info (CVE-2024-35839)
  * kernel: netfilter: nf_tables: Fix potential data-race in 
__nft_flowtable_type_get() (CVE-2024-35898)
  * kernel: dma-direct: Leak pages on dma_set_decrypted() failure 
(CVE-2024-35939)
  * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)
  * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx 
packets. (CVE-2024-38586)
  * kernel: of: module: add buffer overflow check in of_modalias() 
(CVE-2024-38541)
  * kernel: bnxt_re: avoid shift undefined behavior in 
bnxt_qplib_alloc_init_hwq (CVE-2024-38540)
  * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the 
list:set type (CVE-2024-39503)
  * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)
  * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)
  * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)
  * kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your 
kernel is fine." (CVE-2024-40984)
  * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create 
(CVE-2022-48773)
  * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)
  * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
  * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)
  * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers 
(CVE-2024-41092)
  * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)
  * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to 
data registers (CVE-2024-42070)
  * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush 
(CVE-2024-42079)
  * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)
  * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error 
(CVE-2024-42284)
  * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() 
(CVE-2024-42292)
  * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)
  * kernel: block: initialize integrity buffer to zero before writing it to 
media (CVE-2024-43854)
  * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)
  * kernel: gso: do not skip outer ip header in case of ipip and net_failover 
(CVE-2022-48936)
  * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() 
(CVE-2024-43889)
  * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)
  * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)
  * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)
  * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok 
(CVE-2024-44990)
  * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)
  * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)
  * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() 
(CVE-2024-47668)


For more details about the security issue(s), including the impact, a CVSS 
score, acknowledgments, and other related information, refer to the CVE page(s) 
listed in the References section.


Full details, updated packages, references, and other related information: 
https://errata.almalinux.org/8/ALSA-2024-8870.html

This message is automatically generated, please don’t reply. For further 
questions, please, contact us via the AlmaLinux community chat: 
https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on 
https://lists.almalinux.org.

Kind regards,
AlmaLinux Team