|
|
Log in / Subscribe / Register

Red Hat alert RHSA-2024:10771-01 (kernel)

An update for kernel is now available for Red Hat Enterprise Linux 9.4
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* kernel: ext4: regenerate buddy after block freeing failed if under fc
replay (CVE-2024-26601)

* kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump
(CVE-2024-26615)

* kernel: pstore/ram: Fix crash when setting number of cpus to an odd number
(CVE-2023-52619)

* kernel: PM / devfreq: Synchronize devfreq_monitor_[start/stop]
(CVE-2023-52635)

* kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the
threads/children stats (CVE-2024-26686)

* kernel: ext4: fix double-free of blocks due to wrong extents moved_len
(CVE-2024-26704)

* kernel: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
(CVE-2024-27399)

* kernel: net/smc: avoid data corruption caused by decline (CVE-2023-52775)

* kernel: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
(CVE-2023-52811)

* kernel: drm/vmwgfx: Fix invalid reads in fence signaled events
(CVE-2024-36960)

* kernel: net/mlx5: Discard command completions in internal error
(CVE-2024-38555)

* kernel: of: module: add buffer overflow check in of_modalias()
(CVE-2024-38541)

* kernel: blk-cgroup: fix list corruption from reorder of WRITE
->lqueued (CVE-2024-38384)

* kernel: cpufreq: amd-pstate: fix memory leak on CPU EPP exit
(CVE-2024-40997)

* kernel: net: hns3: fix kernel crash problem in concurrent scenario
(CVE-2024-39507)

* kernel: tcp: avoid too many retransmit packets (CVE-2024-41007)

* kernel: drm/amdgpu: change vm->task_info handling (CVE-2024-41008)

* kernel: vt_ioctl: fix array_index_nospec in vt_setactivate (CVE-2022-48804)

* kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

* kernel: mm/filemap: skip to create PMD-sized page cache if needed
(CVE-2024-41031)

* kernel: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg
headers (CVE-2024-41038)

* kernel: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
(CVE-2024-41056)

* kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)

* kernel: tcp_metrics: validate source addr length (CVE-2024-42154)

* kernel: drm/amdgpu: Using uninitialized value *size when calling
amdgpu_vce_cs_reloc (CVE-2024-42228)

* kernel: firmware: cs_dsp: Validate payload length before processing block
(CVE-2024-42237)

* kernel: firmware: cs_dsp: Return error if block header overflows file
(CVE-2024-42238)

* kernel: x86/bhi: Avoid warning in #DB handler due to BHI mitigation
(CVE-2024-42240)

* kernel: mm/shmem: disable PMD-sized page cache if needed (CVE-2024-42241)

* kernel: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray
(CVE-2024-42243)

* kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)

* kernel: net/iucv: fix use after free in iucv_sock_close() (CVE-2024-42271)

* kernel: bonding: fix xfrm real_dev null pointer dereference
(CVE-2024-44989)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0
International License (https://creativecommons.org/licenses/by/4.0/). If you
distribute this content, or a modified version of it, you must provide
attribution to Red Hat Inc. and provide a link to the original.


Original: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_10771.json
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds