{"id":"CLSA-2023-1690287378","summary":"kernel: Fix of 28 CVEs","details":"- ALSA: pcm: Fix races among concurrent prealloc proc writes {CVE-2022-1048}\n- ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls {CVE-2022-1048}\n- ALSA: pcm: Fix races among concurrent read/write and buffer changes {CVE-2022-1048}\n- ALSA: pcm: Fix races among concurrent hw_params and hw_free calls {CVE-2022-1048}\n- x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit {CVE-2022-25265}\n- x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK {CVE-2022-25265}\n- x86/elf: Add table to document READ_IMPLIES_EXEC {CVE-2022-25265}\n- drm/i915: fix TLB invalidation for Gen12 video and compute engines {CVE-2022-4139}\n- drm/i915: Flush TLBs before releasing backing store {CVE-2022-0330}\n- xfs: fix up non-directory creation in SGID directories {CVE-2021-4037}\n- tcp: Fix data races around icsk-\u003eicsk_af_ops. {CVE-2022-3566}\n- ipv6: Fix data races around sk-\u003esk_prot. {CVE-2022-3567}\n- ipv6: annotate some data-races around sk-\u003esk_prot {CVE-2022-3567}\n- ipv6: use indirect call wrappers for {tcp, udpv6}_{recv, send}msg() {CVE-2022-3567}\n- netfilter: nf_tables: deactivate anonymous set from preparation phase {CVE-2023-32233}\n- netfilter: nf_tables: bogus EBUSY when deleting set after flush\n- media: dmxdev: fix UAF when dvb_register_device() fails {CVE-2022-41218}\n- l2tp: Don't sleep and disable BH under writer-side sk_callback_lock {CVE-2022-4129}\n- l2tp: Serialize access to sk_user_data with sk_callback_lock {CVE-2022-4129}\n- net: fix a concurrency bug in l2tp_tunnel_register() {CVE-2022-4129}\n- Bluetooth: L2CAP: Fix memory leak in vhci_write {CVE-2022-3619}\n- Bluetooth: L2CAP: Fix handling fragmented length\n- wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() {CVE-2022-3628}\n- wifi: cfg80211: avoid nontransmitted BSS list corruption {CVE-2022-42721}\n- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()\n- wifi: cfg80211: fix BSS refcounting bugs {CVE-2022-42720}\n- cfg80211: hold bss_lock while updating nontrans_list\n- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF {CVE-2023-0266}\n- ALSA: control: Drop superfluous snd_power_wait() calls\n- ALSA: control: Track in-flight control read/write/tlv accesses\n- ALSA: control - introduce snd_ctl_notify_one() helper\n- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu {CVE-2022-3564}\n- netfilter: nf_conntrack_irc: Tighten matching on DCC message {CVE-2022-2663}\n- netfilter: nf_conntrack_irc: Fix forged IP logic {CVE-2022-2663}\n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged\n- KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID {CVE-2022-1789}\n- tcp/udp: Fix memory leak in ipv6_renew_options(). {CVE-2022-3524}\n- proc: proc_skip_spaces() shouldn't think it is working on C strings {CVE-2022-4378}\n- proc: avoid integer type confusion in get_proc_long {CVE-2022-4378}\n- wifi: mac80211: fix crash in beacon protection for P2P-device {CVE-2022-42722}\n- net: sched: cbq: dont intepret cls results when asked to drop {CVE-2023-23454}\n- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames {CVE-2023-0394}\n- net: sched: disallow noqueue for qdisc classes {CVE-2022-47929}\n- wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() {CVE-2022-41674}\n- af_key: Do not call xfrm_probe_algs in parallel {CVE-2022-3028}\n- dm verity: set DM_TARGET_IMMUTABLE feature flag {CVE-2022-20572}","modified":"2026-05-29T01:35:27.933646291Z","published":"2023-07-25T12:19:21Z","upstream":["CVE-2021-4037","CVE-2022-0330","CVE-2022-1048","CVE-2022-1789","CVE-2022-20572","CVE-2022-2153","CVE-2022-25265","CVE-2022-2663","CVE-2022-3028","CVE-2022-3524","CVE-2022-3564","CVE-2022-3566","CVE-2022-3567","CVE-2022-3619","CVE-2022-3628","CVE-2022-41218","CVE-2022-4129","CVE-2022-4139","CVE-2022-41674","CVE-2022-42720","CVE-2022-42721","CVE-2022-42722","CVE-2022-4378","CVE-2022-47929","CVE-2023-0266","CVE-2023-0394","CVE-2023-23454","CVE-2023-32233"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/centos8.4-els/CLSA-2023-1690287378.html"}],"schema_version":"1.7.5"}