kernel update [RHEL 9.4 5.14.0-427.31.1.el9_4]

An update for kernel is now available for Red Hat Enterprise Linux 9.4.

Fixes

• BZ - 2265838 - CVE-2024-26600 kernel: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
• BZ - 2273405 - CVE-2024-26808 kernel: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
• BZ - 2275600 - CVE-2024-26828 kernel: cifs: fix underflow in parse_server_interfaces()
• BZ - 2275655 - CVE-2024-26897 kernel: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
• BZ - 2275715 - CVE-2024-26868 kernel: nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
• BZ - 2275748 - CVE-2024-26853 kernel: igc: avoid returning frame twice in XDP_REDIRECT
• BZ - 2278380 - CVE-2024-27065 kernel: netfilter: nf_tables: do not compare internal table flags on updates
• BZ - 2278417 - CVE-2024-27052 kernel: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
• BZ - 2278429 - CVE-2024-27049 kernel: wifi: mt76: mt7925e: fix use-after-free in free_irq()
• BZ - 2278519 - CVE-2023-52651 kernel: wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
• BZ - 2278989 - CVE-2024-21823 kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application
• BZ - 2281057 - CVE-2024-35789 kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
• BZ - 2281097 - CVE-2024-27417 kernel: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
• BZ - 2281133 - CVE-2024-27434 kernel: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK
• BZ - 2281190 - CVE-2024-35823 kernel: vt: fix unicode buffer corruption when deleting characters
• BZ - 2281237 - CVE-2024-35800 kernel: efi: fix panic in kdump kernel
• BZ - 2281257 - CVE-2024-35852 kernel: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
• BZ - 2281265 - CVE-2024-35848 kernel: eeprom: at24: fix memory corruption race condition
• BZ - 2281272 - CVE-2024-35845 kernel: wifi: iwlwifi: dbg-tlv: ensure NUL termination
• BZ - 2281639 - CVE-2024-35911 kernel: ice: fix memory corruption bug with suspend and rebuild
• BZ - 2281667 - CVE-2024-35899 kernel: netfilter: nf_tables: flush pending destroy work before exit_net release
• BZ - 2281821 - CVE-2024-35937 kernel: wifi: cfg80211: check A-MSDU format more carefully
• BZ - 2281900 - CVE-2024-35969 kernel: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
• BZ - 2281949 - CVE-2024-36005 kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path
• BZ - 2282719 - CVE-2023-52864 kernel: platform/x86: wmi: Fix opening of char device
• BZ - 2284400 - CVE-2024-36020 kernel: i40e: fix vf may be used uninitialized in this function warning
• BZ - 2284417 - CVE-2024-36017 kernel: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
• BZ - 2284474 - CVE-2024-36941 kernel: wifi: nl80211: don't free NULL coalescing rule
• BZ - 2284496 - CVE-2024-36929 kernel: net: core: reject skb_copy(_expand) for fraglist GSO skbs
• BZ - 2284511 - CVE-2024-36922 kernel: wifi: iwlwifi: read txq->read_ptr under lock
• BZ - 2284513 - CVE-2024-36921 kernel: wifi: iwlwifi: mvm: guard against invalid STA ID on removal
• BZ - 2284543 - CVE-2024-36903 kernel: ipv6: Fix potential uninit-value access in __ip6_make_skb()
• BZ - 2292331 - CVE-2024-36971 kernel: net: UAF in network route management
• BZ - 2293208 - CVE-2021-47606 kernel: net: netlink: af_netlink: Prevent empty skb by adding a check on len.
• BZ - 2293418 - CVE-2024-38575 kernel: wifi: brcmfmac: pcie: handle randbuf allocation failure
• BZ - 2293441 - CVE-2024-38558 kernel: net: openvswitch: fix overwriting ct original tuple for ICMPv6
• BZ - 2293657 - CVE-2024-33621 kernel: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
• BZ - 2293658 - CVE-2024-37356 kernel: tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
• BZ - 2293686 - CVE-2024-37353 kernel: virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
• BZ - 2293687 - CVE-2024-36489 kernel: tls: fix missing memory barrier in tls_init
• BZ - 2293688 - CVE-2024-38391 kernel: cxl/region: Fix cxlr_pmem leaks
• BZ - 2297056 - CVE-2024-39487 kernel: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
• BZ - 2297512 - CVE-2024-40928 kernel: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()
• BZ - 2297538 - CVE-2024-40954 kernel: net: do not leave a dangling sk pointer, when socket creation fails
• BZ - 2297542 - CVE-2024-40958 kernel: netns: Make get_net_ns() handle zero refcount net
• BZ - 2297545 - CVE-2024-40961 kernel: ipv6: prevent possible NULL deref in fib6_nh_init()

https://access.redhat.com/errata/product/479/ver=/rhel---9/x86_64/RHSA-2024:5363