{"id":"CLSA-2024-1725871927","summary":"kernel: Fix of 30 CVEs","details":"- gfs2: Fix potential glock use-after-free on unmount {CVE-2024-38570}\n- gfs2: Remove ill-placed consistency check {CVE-2024-38570}\n- gfs2: introduce new gfs2_glock_assert_withdraw {CVE-2024-38570}\n- gfs2: simplify gdlm_put_lock with out_free label {CVE-2024-38570}\n- wifi: mt76: replace skb_put with skb_put_zero {CVE-2024-42225}\n- bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD {CVE-2024-42161}\n- drm/amdgpu/mes: fix use-after-free issue {CVE-2024-38581}\n- drm/amd/display: Fix potential index out of bounds in color transformation function {CVE-2024-38552}\n- net: bridge: mst: fix suspicious rcu usage in br_mst_set_state {CVE-2024-36979}\n- net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state {CVE-2024-36979}\n- net: bridge: mst: fix vlan use-after-free {CVE-2024-36979}\n- netfilter: nft_limit: reject configurations that cause integer overflow {CVE-2024-26668}\n- ima: Fix use-after-free on a dentry's dname.name {CVE-2024-39494}\n- ima: define ima_max_digest_data struct without a flexible array variable\n- ima: detect changes to the backing overlay file\n- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc {CVE-2024-42228}\n- dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list {CVE-2024-40956}\n- drm/amdgpu: add error handle to avoid out-of-bounds {CVE-2024-39471}\n- net/sched: flower: Fix chain template offload {CVE-2024-26669}\n- userfaultfd: fix a race between writeprotect and exit_mmap() {CVE-2021-47461}\n- scsi: mpi3mr: Sanitise num_phys {CVE-2024-42159}\n- ata: libata-core: Fix double free on error {CVE-2024-41087}\n- net/mlx5: Discard command completions in internal error {CVE-2024-38555}\n- net: bridge: xmit: make sure we have at least eth header len bytes {CVE-2024-38538}\n- net: sched: sch_multiq: fix possible OOB write in multiq_tune() {CVE-2024-36978}\n- drm/vmwgfx: Fix invalid reads in fence signaled events {CVE-2024-36960}\n- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). {CVE-2024-36904}\n- tipc: fix UAF in error path {CVE-2024-36886}\n- net: fix out-of-bounds access in ops_init {CVE-2024-36883}\n- tap: add missing verification for short frame {CVE-2024-41090}\n- tun: add missing verification for short frame {CVE-2024-41091}\n- netfilter: nf_tables: use timestamp to check for set element timeout {CVE-2024-27397}\n- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path {CVE-2024-26925}\n- netfilter: nf_tables: release batch on table validation from abort path {CVE-2024-26925}\n- netfilter: nf_tables: discard table flag update with pending basechain deletion {CVE-2024-26925}\n- netfilter: nf_tables: reject table flag and netdev basechain updates {CVE-2024-26925}\n- af_unix: Fix garbage collector racing against connect() {CVE-2024-26923}\n- net/ipv6: avoid possible UAF in ip6_route_mpath_notify() {CVE-2024-26852}\n- sched/psi: Fix use-after-free in ep_remove_wait_queue() {CVE-2023-52707}\n- wait: add wake_up_pollfree() {CVE-2023-52707}\n- tcp_metrics: validate source addr length {CVE-2024-42154}","modified":"2026-05-29T01:37:20.901393516Z","published":"2024-09-09T09:35:46Z","upstream":["CVE-2021-47461","CVE-2023-52707","CVE-2024-26668","CVE-2024-26669","CVE-2024-26852","CVE-2024-26923","CVE-2024-26925","CVE-2024-27397","CVE-2024-36883","CVE-2024-36886","CVE-2024-36904","CVE-2024-36960","CVE-2024-36978","CVE-2024-36979","CVE-2024-38538","CVE-2024-38552","CVE-2024-38555","CVE-2024-38570","CVE-2024-38581","CVE-2024-39471","CVE-2024-39494","CVE-2024-40956","CVE-2024-41087","CVE-2024-41090","CVE-2024-41091","CVE-2024-42154","CVE-2024-42159","CVE-2024-42161","CVE-2024-42225","CVE-2024-42228"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/centos8stream-els/CLSA-2024-1725871927.html"}],"schema_version":"1.7.5"}