{"id":"RXSA-2024:4349","summary":"Moderate: kernel security and bug fix update","details":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (CVE-2023-52626)\n\n* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801)\n\n* kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974)\n\n* kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393)\n\n* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)\n\n* kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)\n\n* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)\n\n* kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400)\n\nBug Fix(es):\n\n* cifs - kernel panic with cifs_put_smb_ses (JIRA:Rocky Linux SIG Cloud-28943)\n\n* BUG: unable to handle page fault for address: ff16bf752f593ff8 [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-35672)\n\n* [HPE 9.4 Bug] Request merge of AMD address translation library patch series [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36220)\n\n* [Rocky Linux SIG Cloud9] kernel BUG at lib/list_debug.c:51! [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36687)\n\n* ice: DPLL-related fixes [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36716)\n\n* CNB95: net/sched: update TC core to upstream v6.8 [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-37641)\n\n* IPv6: SR: backport fixes from upstream [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-37669)\n\n* [RFE] Backport tmpfs noswap mount option [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-38252)\n\n* Isolated cores causing issues on latest Rocky Linux SIG Cloud9.4 kernel and not functioning as desired. [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-38595)\n\n* [ice] Add automatic VF reset on Tx MDD events [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-39083)\n\n* [HPEMC Rocky Linux SIG Cloud 9.4 REGRESSION] turbostat: turbostat broken on 10+ sockets. [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-34953)\n\n* bnx2x: fix crashes in PCI error handling, resource leaks [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-43272)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.","modified":"2026-02-04T14:15:11.960591Z","published":"2024-07-15T12:20:29.479474Z","upstream":["CVE-2021-47400","CVE-2023-52626","CVE-2023-52667","CVE-2024-26801","CVE-2024-26974","CVE-2024-27393","CVE-2024-35870","CVE-2024-35960"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RXSA-2024:4349"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2271680"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2273429"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278354"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2280745"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2281350"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2281740"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2281920"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2282336"}],"affected":[{"package":{"name":"kernel","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/kernel?distro=rocky-linux-9-sig-cloud&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.14.0-427.24.1.el9_4.cloud.3.0"}],"database_specific":{"yum_repository":"cloud-common"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RXSA-2024:4349.json"}}],"schema_version":"1.7.3","credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}