Important: kernel security and bug fix update

RXSA-2023:0334 Important: kernel security and bug fix update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077) * kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Intel 9.2: Important iavf bug fixes (BZ#2127884) * vfio zero page mappings fail after 2M instances (BZ#2128514) * nvme-tcp automatic reconnect fails intermittently during EMC powerstore NDU operation (BZ#2131359) * ice: Driver Update to 5.19 (BZ#2132070) * WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134588) * drm: duplicated call of drm_privacy_screen_register_notifier() in drm_connector_register() (BZ#2134619) * updating the appid field through sysfs is returning an -EINVAL error (BZ#2136914) * DELL EMC: System is not booting into RT Kernel with perc12. (BZ#2139213) * No signal showed in the VGA monitor when installing Rocky Linux SIG Cloud9 in the legacy bios mode (BZ#2140153) * Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142168) * ppc64le: unexpected oom panic when there's enough memory left in zswap test (BZ#2143976) * fatal error: error in backend: Branch target out of insn range (BZ#2144902) * AMdCLIENT: The kernel command line parameter "nomodeset" not working properly (BZ#2145217) * Azure: PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150910) * Azure z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2151605) * DELL 9.0 RT - On PE R760 system, call traces are observed dmesg when system is running stress (BZ#2154407) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux SIG Cloud 9 1 Important

An update is available for kernel. This update affects Rocky Linux SIG Cloud 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077) * kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Intel 9.2: Important iavf bug fixes (BZ#2127884) * vfio zero page mappings fail after 2M instances (BZ#2128514) * nvme-tcp automatic reconnect fails intermittently during EMC powerstore NDU operation (BZ#2131359) * ice: Driver Update to 5.19 (BZ#2132070) * WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134588) * drm: duplicated call of drm_privacy_screen_register_notifier() in drm_connector_register() (BZ#2134619) * updating the appid field through sysfs is returning an -EINVAL error (BZ#2136914) * DELL EMC: System is not booting into RT Kernel with perc12. (BZ#2139213) * No signal showed in the VGA monitor when installing Rocky Linux SIG Cloud9 in the legacy bios mode (BZ#2140153) * Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142168) * ppc64le: unexpected oom panic when there's enough memory left in zswap test (BZ#2143976) * fatal error: error in backend: Branch target out of insn range (BZ#2144902) * AMdCLIENT: The kernel command line parameter "nomodeset" not working properly (BZ#2145217) * Azure: PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150910) * Azure z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2151605) * DELL 9.0 RT - On PE R760 system, call traces are observed dmesg when system is running stress (BZ#2154407) rocky-linux-9-sig-cloud-aarch64-cloud-kernel-rpms bpftool-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm bb0d33a3f542792d3cda476130bcffc042bb8c68ff57c974afdeaeaa3b2d7232 kernel-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm 209cca4e7cbe7957d4206a16878c698d80df00805f820264fda693e2ca07d4fe kernel-abi-stablelists-5.14.0-162.12.1.el9_1.cloud.0.1.noarch.rpm 7d125f0361e0211faa3702c9cc9cb98f6c92bd56ec193d4dbc5a4d913eb1a3fa kernel-core-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm fdbaeca6c200df8ff15cdbf5d98bd90f467102ed78c7a17566243a1d5bfeb590 kernel-cross-headers-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm 7fc3ddfbead7161d4384379a88975e68291bc3e026f44f06d8ddd12ffa63c8d8 kernel-debug-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm e17ac2ebb3ed213590e6b4b8dae700ff3dece4c2e798fcaf0b31307e036964c2 kernel-debug-core-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm 5594c1c63d60e968846aa5ec888b761ce4dd2501be76d55f2cd76efa54eb9d04 kernel-debug-devel-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm 941910192b66bd4c5d14e63dcee687f92a792096fd4e41363ec3f2e4e1bf8566 kernel-debug-devel-matched-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm 02d0dfa3c02d2a632d91c07d467eed17fa5e69424b8dc74290c656b1afd1c4d8 kernel-debug-modules-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm f665ca4569ae94fe3095b7e36671b91a6e9078b761697d5bc377cb995e4e5fa7 kernel-debug-modules-extra-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm b0b8559e43ddf709e8787efd189ea2564de732c055108cf297dcf2dc4e06159f kernel-devel-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm 82ab31b77e294f735c28cdbf3bc12c6795cc3f4ac7bc933f3cd85dc350749ac6 kernel-devel-matched-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm c08073ea3cbdd2aa010110a8bb14c8fd5aeee47968e53c7348266d737deac4ad kernel-doc-5.14.0-162.12.1.el9_1.cloud.0.1.noarch.rpm 6f5c9063dbf11a75fe42bab60b2f726c99c2ef358f4375ad0daccd67613836e9 kernel-headers-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm eaf6d387504e3d09389a0178d7fbab9da9dc3df86aa5e5e91867b1f79f665041 kernel-modules-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm 8a111e38946f474031f6105f35d7e31731211184a1586c6e58b43cc654662ae1 kernel-modules-extra-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm 2f9d5e41054861d8f2bdc204dba0694f04a828ae86ea6e39858ceca07b1879dc kernel-tools-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm d93cd6a20c662d34b5016fcb4c3b19a90bb47bea1d73bfaa54c5fd426a6574d1 kernel-tools-libs-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm ddeb5f7dae41302b349d5906eae3882762ed47b8a6d1a61a77dd205a059b9b9d kernel-tools-libs-devel-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm ff9ea1824909004aa2820a1b5151c453eab47dcfc42c79612bc70073008b6141 perf-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm 8a2bf2ec5fd3296c50c80e7f4c7dff562350c921cb201276d37446d43cc013a7 python3-perf-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm 58f181729f9a8ea3b1480c320664848506637e15bc1a358ef26a49e0fe33dc8f RXSA-2023:0951 Important: kernel security and bug fix update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379) * kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rocky Linux SIG Cloud 9.0: LTP Test failure and crash at fork14 on Sapphire Rapids Platinum 8280+ (BZ#2133083) * Rocky Linux SIG Cloud 9.1 Extending NMI watchdog's timer during LPM (BZ#2140085) * AMDSERVER 9.1: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151274) * qla2xxx NVMe-FC: WARNING: CPU: 0 PID: 124072 at drivers/scsi/qla2xxx/qla_init.c:70 qla2xxx_rel_done_warning+0x25/0x30 [qla2xxx] (BZ#2152178) * Regression: Kernel panic on Lenovo T480 with AH40 USB-C docking station (BZ#2153277) * Scheduler Update (rhel9.2) (BZ#2153792) * Rocky Linux SIG Cloud9.1, Nx_Gzip: nr_total_credits is not decremented when processing units are reduced by dlpar in shared mode. (FW1030 / DLPAR) (BZ#2154305) * MSFT, MANA, NET Patch Rocky Linux SIG Cloud-9: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155145) * Azure vPCI Rocky Linux SIG Cloud-9 add the support of multi-MSI (BZ#2155459) * Azure Rocky Linux SIG Cloud-9: VM Deployment Failures Patch Request (BZ#2155930) * The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158815) * Rocky Linux SIG Cloud-9.2: Update NVMe driver to sync with upstream v6.0 (BZ#2161344) * CEE cephfs: Rocky Linux SIG Cloud9 cephfs client crashing with RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] (BZ#2161418) * block layer: update with upstream v6.0 (BZ#2162535) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux SIG Cloud 9 1 Important

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379) * kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rocky Linux SIG Cloud 9.0: LTP Test failure and crash at fork14 on Sapphire Rapids Platinum 8280+ (BZ#2133083) * Rocky Linux SIG Cloud 9.1 Extending NMI watchdog's timer during LPM (BZ#2140085) * AMDSERVER 9.1: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151274) * qla2xxx NVMe-FC: WARNING: CPU: 0 PID: 124072 at drivers/scsi/qla2xxx/qla_init.c:70 qla2xxx_rel_done_warning+0x25/0x30 [qla2xxx] (BZ#2152178) * Regression: Kernel panic on Lenovo T480 with AH40 USB-C docking station (BZ#2153277) * Scheduler Update (rhel9.2) (BZ#2153792) * Rocky Linux SIG Cloud9.1, Nx_Gzip: nr_total_credits is not decremented when processing units are reduced by dlpar in shared mode. (FW1030 / DLPAR) (BZ#2154305) * MSFT, MANA, NET Patch Rocky Linux SIG Cloud-9: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155145) * Azure vPCI Rocky Linux SIG Cloud-9 add the support of multi-MSI (BZ#2155459) * Azure Rocky Linux SIG Cloud-9: VM Deployment Failures Patch Request (BZ#2155930) * The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158815) * Rocky Linux SIG Cloud-9.2: Update NVMe driver to sync with upstream v6.0 (BZ#2161344) * CEE cephfs: Rocky Linux SIG Cloud9 cephfs client crashing with RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] (BZ#2161418) * block layer: update with upstream v6.0 (BZ#2162535) rocky-linux-9-sig-cloud-aarch64-cloud-kernel-rpms bpftool-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm 55304b11f58474e76cf15bd7b54279a67bc2be5317d77459a4bf8914d818d021 kernel-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm 3234b52849610ff2e854c8c4719210c687817d3a1b4c42e7ad169a13bf6be78a kernel-abi-stablelists-5.14.0-162.18.1.el9_1.cloud.noarch.rpm 6d651c9e8c0c7e3e5e8e554019824808af818c196187ef92527231e5a95847cb kernel-core-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm b9613fb7ad3154c37e248429edefb9d4e6842ed7074ed2a86f3b24f1fd716c12 kernel-cross-headers-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm fc2eb957cd1058ba03bba8c1e66c1b0760f6c34fd1794085415e2b31e9b121e1 kernel-debug-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm bccbb458aeebcca3afbe2064898ccbfc324362bd1a56c11fb89e2f44d543530a kernel-debug-core-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm 507dd8a4dc761abaa9cb15a5602c2122106e7c7c77b00d66ea3f1c6d144e03d8 kernel-debug-devel-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm 4387eee9f2310a222a82b480b677d02d089b797413b9caf008c77761a58b5a4e kernel-debug-devel-matched-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm f722b8e05019f018fcb5fa3355a2d094a119ed19b1f7093d149f2fb1340ad27a kernel-debug-modules-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm 25872cfee23501c8f3d2ec44b3adf2c2d9b957f453eb624a622928ac24174f6c kernel-debug-modules-extra-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm 4b4a23353dfd7f3ff870170fd76fe13ac5d9cd211986b7b30bc330b89cfce124 kernel-devel-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm 5a624dce3d0671f7c891b147d943551f733441995b402a3f0e83de6a4bc52aad kernel-devel-matched-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm f125117c459bb02cc47e5d85faeea59f5b74dd67086551313a0b1550dd8cf2b7 kernel-doc-5.14.0-162.18.1.el9_1.cloud.noarch.rpm 76525ebe57cbdc9d27923428193192082f6b8d3ee560cb46f39cee46beade212 kernel-headers-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm 9dd791c2950c02472394e6e717f4a77badfe6c48d80529bec09deac0f0199443 kernel-modules-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm 70f7c39c59b5cedef1ea4ff595a86ab07807ac7a40f41030f8abe5faf42f22fb kernel-modules-extra-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm c164fe5c08507d01a3ef745a1de6976bc926dcb4935e4745d5f2ff4ea3e7654f kernel-tools-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm b64e20161d86179de3286e64641fc306bcac75b36d5c24eeccfd21020a565beb kernel-tools-libs-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm 8e129cbba2dcaf66acd9688f5e14e8ea9b1611a32fffb730c7f564020e13a2d3 kernel-tools-libs-devel-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm a535df8f319e456fc07cbee5b1d552d7c77ba09cf29cb2439577ed7f7c430964 perf-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm 17fa939e6c815ce330bffb759b22d214a236ad707ec8eb464e81227848592969 python3-perf-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm 5e70dfa08a74891fa42602b0bdcdeaee68b392983ea39f73dbdba6a9ee9aedf6 RXSA-2023:7749 Important: kernel security update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free vulnerability in the smb client component (CVE-2023-5345) * kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871) * hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569) * kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux SIG Cloud 9 1 Important

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free vulnerability in the smb client component (CVE-2023-5345) * kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871) * hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569) * kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-9-sig-cloud-aarch64-cloud-kernel-rpms bpftool-7.2.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 661b5a26ea223a67412ec9da1b4ef58ed6a33d979ad66f50bf3dccc6c1944136 kernel-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 3b9cf7ad46ff442053ce5c0f06039c071d3208c3148f426f7967a0e94a8192b2 kernel-64k-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm ef33f97b28e91fc9dab0c1cc623bc421dde4c855d65424677e4d268d0fee2a55 kernel-64k-core-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 09085bd5d378c8fed7c435a00798183330b7aa1f25bc46859d1e0c6881a90cd4 kernel-64k-debug-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 959d6f2ed52e6f7910919d5472fc81c272f4069f50cd5b3f2a04ceff3d8b7c6a kernel-64k-debug-core-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 481ab50afdd11f5b4660712ca507c4c932d24911ebf4e5e3e56e5480eaddf991 kernel-64k-debug-devel-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 8924454802df21eef07da5aa301f468c0dc172473ec891afa361dfd45b67e1e5 kernel-64k-debug-devel-matched-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 2419fb51859986c50a728a680a8495d786309c8b64628bde2602318f0f5319cd kernel-64k-debug-modules-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 41ba7f2e2e30d833fe42ff6d5fc391380907a625033ebfe675675544dbeb9b10 kernel-64k-debug-modules-core-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 88260a11c1797bdcbadef0565691635cb18d480ca6c37adef6b0843584c0787d kernel-64k-debug-modules-extra-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 0a6f97cb5632130d58965a3aaafde7eada2da5aa9803205cace89dda1e0c38fd kernel-64k-devel-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm a4339e1869f6be791d34533a9112ee575ece152ecc803a5e0591613a88116482 kernel-64k-devel-matched-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 18e1bfcf0f3698622862d05bd4ea153b50b6931281f148c060d08d44dba85983 kernel-64k-modules-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 010b17feecf0bc82808c540cf48fa14b8b024b86b0243cfdc788a57637c82ed1 kernel-64k-modules-core-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 163cf4cf0c3bfe87a52775c158f04def1ae627d084a02c9b339d98957585450b kernel-64k-modules-extra-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm af559d9f8328770e9934cec0ccd2b0bf1807ae62efba606a131df75c02381f33 kernel-abi-stablelists-5.14.0-362.13.1.el9_3.cloud.0.3.noarch.rpm e9e2fc4c3958f9f18f79caef05f363a555135e2de234c6d73f4924526c458539 kernel-core-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 57d1d9a18fa3e0dc740ead81f71c91e9bdb2176dc87485bea8d3540c4c230b36 kernel-cross-headers-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 040dea47c47935c97ee31393a776e340adc858ad1a024110edbe24681020f4b1 kernel-debug-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 4285b8d7639b84cd049bd91b8fce1247a244e0c7a6b6fa3a0fdf13522d83612e kernel-debug-core-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 1dadabace0573446277be20ed25b5d1c8afa91dc081af3c18f1a8e67e0c58a6f kernel-debug-devel-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm f4ff055beb02aa9d6fcc2286d1e3eb11c99161ef35da5d5ebf1ab957f2020227 kernel-debug-devel-matched-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm c389a0a6b52fd15b9bb3c9e7aed64e9c0d4796a4a5e47e64c1f15e65681f1d9e kernel-debug-modules-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 05f49f205b8f613ded3481c03025b3673d93e88d8a0326954181e025b4c455d8 kernel-debug-modules-core-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm da863fad646f911762931712a6e392f3e53fd436ca7b5658c5294714ee5c1504 kernel-debug-modules-extra-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 619db5ae1c956c560c6a323019885f649e9af0cfeea6d2737c93bd40ed7465d9 kernel-devel-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 6f2b2a39d62fe0c22666fdc2f82605433c2be883cd667126f75d47dbfbc8dcc6 kernel-devel-matched-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 79b5e634db5f7e160d324f53beed01b83a67fcf1a46030c4a09a287027aefa9e kernel-doc-5.14.0-362.13.1.el9_3.cloud.0.3.noarch.rpm f46555ea3a26a69c0342739116bbfcced93311cc2817f07f95267541f954c590 kernel-headers-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 1ed55b9d79f4c93940b700abaea9b4efd49181e5300a5130f752eafc65773231 kernel-modules-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 6f1678e22807a344412c6b140cb947517318f38a2efd5400983f8e6b48367c72 kernel-modules-core-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm f2694b20a5ca2c119dc194778aff3e3cc47291f2ce8b164116ff390a63e42438 kernel-modules-extra-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 76200fb2a187c0b230e4af4fc71d914c938ae15f9c495b1c8bb26b79e07f843b kernel-tools-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm b204eaa427c42de6c54e75d1073c319c11bc96bc8eff98e83c66bfff95e6d46d kernel-tools-libs-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 393e3bb7af3333a9c597b0fb7d8a7fd302735a1bf80a62583e73b51e2c5784e0 kernel-tools-libs-devel-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 136d3d04fc174305ec5279097244adc3258b74506fe203c82652801c5a77b3f4 perf-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 78840f8d5d7084b2e3a8ffe38ebd5fd8bbbccf86a255931835ec25442a84ff39 python3-perf-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm 6820a810401a46d199caffeeac18ed338f0229d86fceef1af0bcf45027b04e3b rtla-5.14.0-362.13.1.el9_3.cloud.0.3.aarch64.rpm dc114cb64a9d9c30d32921d12447f59bfd5100f0835755cc45f1d7c2f4a5bdd1 RXSA-2024:1248 Important: kernel security update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817) * kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation (CVE-2024-0193) * kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646) * kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244) * kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717) * kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356) * kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535) * kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536) * kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606) * kernel: OOB Access in smb2_dump_detail (CVE-2023-6610) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux SIG Cloud 9 1 Important

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817) * kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation (CVE-2024-0193) * kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646) * kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244) * kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717) * kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356) * kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535) * kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536) * kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606) * kernel: OOB Access in smb2_dump_detail (CVE-2023-6610) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-9-sig-cloud-aarch64-cloud-kernel-rpms bpftool-7.2.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm 3c2a3a1be9860dcaa2c31cecf6a1b40f79f0f47cd3503aafd5fab0fb74a4d567 kernel-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm 260ce6b88eaa4f5a1a8966a1dae6560f8f553665ce398dd32367d37373bf63bb kernel-abi-stablelists-5.14.0-362.24.1.el9_3.cloud.0.6.noarch.rpm 7f9d7cfdcb1aba22fae0431defc61a8e352fea84a33b40c56557757d72e3f51b kernel-core-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm fba15052681dbde881b27a0a16efe5623a20bb392275edbc67c0929089c32d28 kernel-cross-headers-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm 6307173991f0ceac2e5ce0a8695627910d56d38e7cf19dc29a5d6d0f1bfd45b2 kernel-debug-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm aeee795fc0da215bccdeeca4b6a7e209f2141031cc0d7b3f2203ef326dc12ef9 kernel-debug-core-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm f063bd57330206e99b2ec51620f502079ca61b55f49f92f372cb38fb377c7cd5 kernel-debug-devel-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm d37670f9b6a7d66d2c0cae6664548f3f9bb05874bf5b9c81f3146d8729086608 kernel-debug-devel-matched-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm 11f1e2311b6790451e541edce030fcfa25a64bffd07052bc261aefdda5b10af4 kernel-debug-modules-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm 70833cf92ecbb1d03cc2de3a027995d98281699cd869d7aaeb9231e7cac3b262 kernel-debug-modules-core-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm bf5f8e0a0718861bf3e2a253cd75de559d34ea9e4884cb4dd80efdd58e4a3bd6 kernel-debug-modules-extra-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm a5c3b11f18a3f921915e07205fbd8c6f354a4aab4458c3481e4c623b1cb58d7d kernel-devel-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm ec068cda546af7567cec38641fd35d84954f02879a049a0b899593a781f87597 kernel-devel-matched-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm e98ba53acac9b58c73d910219f513e81e6f183e227dc377c6995d40e13a44f9c kernel-doc-5.14.0-362.24.1.el9_3.cloud.0.6.noarch.rpm 99d6d50981d3094b0d07887f8b5b8256f66f510462b909d180df36c5d6a5a767 kernel-headers-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm 19c9c5f477bc80eb2f706a8de1ba7589f4ed27b218c0546198c13b9667aa4bb1 kernel-modules-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm 953ca51679dadf0c4577bedb457ef0aa9d5b87f999366a71b28ec92985677416 kernel-modules-core-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm d51c252ae51471bf5a18aad263d676ec1190216054729cb5e0d11e4d0355f23c kernel-modules-extra-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm 1838a0a541ed0f4a8ea0aa57466bbba15392146059bb1686753828537c667795 kernel-tools-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm 9644ea0a5be070497b336b84798c1d92080a04d01392c6f4f8d1ba4efa9d46b8 kernel-tools-libs-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm 670db820dbafa94f7cc284ebea659e21b87e74fa985c4ae5e063fbb957e71654 kernel-tools-libs-devel-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm ad4128fe09ffab2b70603a39bc87a55278ac6b37f8e1f627cf910fb9cef18f12 perf-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm f275f958af1012969c1f6ddd66aba9af997ea197b8397bb416e5c01e7fa8fc80 python3-perf-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm a47b923bb3e05b2c39dbfa0ac8ae6f27c4e851c0fc2f5a9b8025a6f561992426 rtla-5.14.0-362.24.1.el9_3.cloud.0.6.aarch64.rpm 0754efc4ecac272ed357a731e21e4e4a2c9d17fc64b1c0c55852725e69c47bb3 RXSA-2024:4349 Moderate: kernel security and bug fix update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (CVE-2023-52626) * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801) * kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974) * kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393) * kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667) * kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870) * kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960) * kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400) Bug Fix(es): * cifs - kernel panic with cifs_put_smb_ses (JIRA:Rocky Linux SIG Cloud-28943) * BUG: unable to handle page fault for address: ff16bf752f593ff8 [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-35672) * [HPE 9.4 Bug] Request merge of AMD address translation library patch series [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36220) * [Rocky Linux SIG Cloud9] kernel BUG at lib/list_debug.c:51! [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36687) * ice: DPLL-related fixes [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36716) * CNB95: net/sched: update TC core to upstream v6.8 [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-37641) * IPv6: SR: backport fixes from upstream [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-37669) * [RFE] Backport tmpfs noswap mount option [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-38252) * Isolated cores causing issues on latest Rocky Linux SIG Cloud9.4 kernel and not functioning as desired. [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-38595) * [ice] Add automatic VF reset on Tx MDD events [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-39083) * [HPEMC Rocky Linux SIG Cloud 9.4 REGRESSION] turbostat: turbostat broken on 10+ sockets. [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-34953) * bnx2x: fix crashes in PCI error handling, resource leaks [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-43272) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux SIG Cloud 9 1 Moderate

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (CVE-2023-52626) * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801) * kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974) * kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393) * kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667) * kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870) * kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960) * kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400) Bug Fix(es): * cifs - kernel panic with cifs_put_smb_ses (JIRA:Rocky Linux SIG Cloud-28943) * BUG: unable to handle page fault for address: ff16bf752f593ff8 [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-35672) * [HPE 9.4 Bug] Request merge of AMD address translation library patch series [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36220) * [Rocky Linux SIG Cloud9] kernel BUG at lib/list_debug.c:51! [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36687) * ice: DPLL-related fixes [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-36716) * CNB95: net/sched: update TC core to upstream v6.8 [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-37641) * IPv6: SR: backport fixes from upstream [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-37669) * [RFE] Backport tmpfs noswap mount option [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-38252) * Isolated cores causing issues on latest Rocky Linux SIG Cloud9.4 kernel and not functioning as desired. [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-38595) * [ice] Add automatic VF reset on Tx MDD events [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-39083) * [HPEMC Rocky Linux SIG Cloud 9.4 REGRESSION] turbostat: turbostat broken on 10+ sockets. [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-34953) * bnx2x: fix crashes in PCI error handling, resource leaks [rhel-9.4.z] (JIRA:Rocky Linux SIG Cloud-43272) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. rocky-linux-9-sig-cloud-aarch64-cloud-kernel-rpms bpftool-7.3.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 6282780d68e29d7f47008d6e7b6279bf7167b1e6def0a33dfbb209db68238543 kernel-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm df4424d876d22eacbe41c2767cdf52015f21481667050693a5440688cb4ee079 kernel-64k-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 2819941fb7f8f68a8234fd4bef45ead1c0b1c99fd2175658dbc65e4b78acadab kernel-64k-core-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm ee5f18e475808465f1ec3d04609c305c087d534daea84c600fb0daa13c61cc74 kernel-64k-debug-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm ea3ff9eab3a6c8a85dd9ae6c7142b4b62df179f71df67e3bf3f80ad88c0a6ca0 kernel-64k-debug-core-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm dece682bfdf8dfe55289ba4fbf1b7c175fd95f357bdb8ff5596c0de692ec33fb kernel-64k-debug-devel-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 59dc41d18b70287c5143161d0c8e40f9429725ba02872f82fed11b654f548ce7 kernel-64k-debug-devel-matched-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 0afbdab2c7ffc8b3ae01ca8ba8f30eb8c84589104b94b3e7b089e99a1511351a kernel-64k-debug-modules-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm c2b6d782aa8c9aed3abc5ceb0b7a71928333d8a80e5f566c33ebc21e1e339eee kernel-64k-debug-modules-core-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 7e438a8f305f817581db30777132213fb158c0aec4d48c83f225daca3c1e6c15 kernel-64k-debug-modules-extra-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm ff01c5d9a4d330a1db970070b7de4dbe6456fbe4ae1be9b073266d1f03213ff3 kernel-64k-devel-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 626df75873f71615485bd95c14cfd40c8f49866c5568e9d6af9689ad4f473a6d kernel-64k-devel-matched-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 0c4822a1b028e25422256bc0d458d7decb765e54eb7dd964aa63ce32e0861ce4 kernel-64k-modules-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 99404b0239d07914cea37ea44fca941da38c174ad4ba431c2846fc80473d978f kernel-64k-modules-core-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 3ecd36a51eb8ed2883607daab15083245bc3048f61ecf2de5e7144ee73f3fa09 kernel-64k-modules-extra-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 7684d58041f7e110bb5c546140370482d12dd9730204607882d732a01cda62ec kernel-abi-stablelists-5.14.0-427.24.1.el9_4.cloud.3.0.noarch.rpm a5bd650270ae4bdf0dad5b1b93eb24c3ca73254f2917d52f95ac6e4463e87cd8 kernel-core-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm bbaf169a3df5fea29c9e5f9977b99810fa09a5aaeeb6c49b615ac9684dad6fae kernel-cross-headers-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 6686560761ac3e0945feeed5c45ab702ae9f8f9da4adbcac1d2fb45884319da9 kernel-debug-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm e4d5c66ee52a1efaf4e40d9e868a1c833c87df01b36188f682cb02d2ecb437ba kernel-debug-core-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 9b0ff8acc5752f984c1931ad702e5c24ecfda9f9ef56eee7a0e700048537692f kernel-debug-devel-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 888487e811757fa3c904ca8d47e1321d003ab2dd4f4b281f0691ba13fecc05d8 kernel-debug-devel-matched-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 177a1c90f33b847d2cedd27b3941c2d248cc2e5b431015d0e1d9e3f90df76928 kernel-debug-modules-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm eeb3f00a520aae0f8b729b4343390a8eef47bafe8f58a8c70fdf07284d914f6b kernel-debug-modules-core-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 164bc5f377f05765e045f67f040097dd36d5c0f53de43a8cda5aea7b29178f0a kernel-debug-modules-extra-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 722eda37cb2ae8cabec7dad959676fe81a9d3a5dd03912db32aece83b72adaa0 kernel-devel-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm bfc39bd6610d8da589dd322c4106154d2f4da71118fe098ed65b651a39d877d1 kernel-devel-matched-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 822ffda6ec001c6a8899c66911d0614f616587ebf4f01b32e5c3d015ed9a848f kernel-doc-5.14.0-427.24.1.el9_4.cloud.3.0.noarch.rpm 22790939295dc0cc23678a6ab07c69b4f90a0b557750c4d71961df5f2a440fa2 kernel-headers-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm a026d8786c259cb580113b63afb373784d7a0e345db162fae746070957bc9c03 kernel-modules-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm bcdb5c0f3008a409ec9a35d1d3e3040b8e5b98777d47158ac69e992b09c3c531 kernel-modules-core-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 3101ecfe5796380918e353bfaca4b0d3515ff77efa1f39edee050dc519427853 kernel-modules-extra-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 630c6f377c7ff56a35f6f6a6b906cadd81202796e2d0adf199c162a7d7d67a2d kernel-tools-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 1f234766078506a0a0a3eefcf0958f4820925a714aa79e6ff2b18fc936c82c84 kernel-tools-libs-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm b2471772790fb9cb4b66a214186b62cd852c6fcf7a63d87593b5993da187dfaa kernel-tools-libs-devel-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm ae32f8114a09ec4001045f3cabe3015f96f6e4dc118c524bf781e13f89d05455 perf-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm f168ea3d129049bb24e8126cb72aa1f2693ec07a12e83e3a0c2f8698612071cd python3-perf-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 360049016ebf9157ddf113ea58263209af34bb97d0ab923897efe2f929ca85f5 rtla-5.14.0-427.24.1.el9_4.cloud.3.0.aarch64.rpm 5b42f8987457f76d2a77d4bba04b3f1ea029c77229194b5e64d8840dce201cfd RXSA-2024:4928 Moderate: kernel security update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned (CVE-2023-52458) * kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (CVE-2024-26773) * kernel: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (CVE-2024-26737) * kernel: dm: call the resume method on internal suspend (CVE-2024-26880) * kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852) * kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) * kernel: nfp: flower: handle acti_netdevs allocation failure (CVE-2024-27046) * kernel: octeontx2-af: Use separate handlers for interrupts (CVE-2024-27030) * kernel: icmp: prevent possible NULL dereferences from icmp_build_probe() (CVE-2024-35857) * kernel: mlxbf_gige: call request_irq() after NAPI initialized (CVE-2024-35907) * kernel: mlxbf_gige: stop interface during shutdown (CVE-2024-35885) * kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (CVE-2023-52809) * kernel: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (CVE-2021-47459) * kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (CVE-2024-36924) * kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952) * kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743) * kernel: epoll: be better about file lifetimes (CVE-2024-38580) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux SIG Cloud 9 1 Moderate

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned (CVE-2023-52458) * kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (CVE-2024-26773) * kernel: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (CVE-2024-26737) * kernel: dm: call the resume method on internal suspend (CVE-2024-26880) * kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852) * kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) * kernel: nfp: flower: handle acti_netdevs allocation failure (CVE-2024-27046) * kernel: octeontx2-af: Use separate handlers for interrupts (CVE-2024-27030) * kernel: icmp: prevent possible NULL dereferences from icmp_build_probe() (CVE-2024-35857) * kernel: mlxbf_gige: call request_irq() after NAPI initialized (CVE-2024-35907) * kernel: mlxbf_gige: stop interface during shutdown (CVE-2024-35885) * kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (CVE-2023-52809) * kernel: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (CVE-2021-47459) * kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (CVE-2024-36924) * kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952) * kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743) * kernel: epoll: be better about file lifetimes (CVE-2024-38580) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-9-sig-cloud-aarch64-cloud-kernel-rpms bpftool-7.3.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm b4feb01cc2b25d08742f0d7a84eb0439ca790fab3c9911dedfd056e7271865fd kernel-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm e7a8cda1cbfa6b50469cd1ee80e527adfc15ded853c5fc27a56d5a4d20278e32 kernel-abi-stablelists-5.14.0-427.28.1.el9_4.cloud.1.0.noarch.rpm 0f5505d20d92ee1403cde0d42b055270a58d8dea5502f9d4c9495fff9c07fd7a kernel-core-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 44dc18514b4d560e216e5952a61538ccc44ef057b2665b75a9cc11aa926c8419 kernel-cross-headers-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 658d9954396067106116c27749436d30d55d97eec534412ed5fecaed509ee3bc kernel-debug-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 565c9aa9facf0a10e221d44aa0d2cb524c6ff3bd5510fd469f64398d9c5f6e57 kernel-debug-core-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm f2d0bb9bd55c36ee1521e17842b35fb4efe2771de8e9766032104987a1bc6a05 kernel-debug-devel-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 4119ab197265fed4136309d89afbb477cd687e7f43f450426c8a488c7af8fe81 kernel-debug-devel-matched-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm d9bfa1c9c478bd62f99f8c3e782a2d547b1b44969218af0f928fc5e93da470b3 kernel-debug-modules-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm b6ac4a88714ea5f5314dfd7143b94e0b9525f10c1187e84aff4371cbc0d23d48 kernel-debug-modules-core-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 5c2ba29e475af9715167a6e216f6e11ebf3de5b74c9c0ef82a072fcc5b82f0b9 kernel-debug-modules-extra-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm e8c76ae502a31fad11b61a7c3f84946a88ad33c1507674f42831a9b51efa7371 kernel-devel-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm f8c2e13f61ff8edb0cade17d2437bdfe5a9ea71b06519ee21b39389b16777ea8 kernel-devel-matched-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 2b0bd746037495e7e203b66b3e5564ce6b7c99e41227877ab49d9b1c49a65384 kernel-doc-5.14.0-427.28.1.el9_4.cloud.1.0.noarch.rpm d634a5ae6d178d45a878db264f0463d655b23030e00710da55aba679ad64f845 kernel-headers-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 7b2a47ea6a1f9658ab7c3187c6dddce5a0287c47a992bd1daf642dd03cc99c34 kernel-modules-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 3f2c3212c34ff5389e9db655f77dfcca845e78ae9644921eda0bc9699b57bbc4 kernel-modules-core-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 0185c34defb2ed4187c7234742fe0701f7e1730ae384dc3223d500565559229c kernel-modules-extra-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 98e8473e5cac662d72832b46f2f4e1d2418948684c79340bd72e074e70699711 kernel-tools-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm d1bea8adbfc21a654082f2e7e710dbe31849911f1a2e3d769f1e9b0672b7a05c kernel-tools-libs-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 043574a26073e024030089281102fc692f97c8afe8d6db2f33bf1a958747e057 kernel-tools-libs-devel-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm a6333a3f8829d8285faf64848b0305a5dba329071540c5ec33f2a9d5e8e46456 perf-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 20439d0d424a42082e700e281604b224be5140d52398703f11f10272ba6289f9 python3-perf-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 2a96b41b33bc3f7d1bbec9201150fe97eabed3b41ba829deefb71e31a5703ec0 rtla-5.14.0-427.28.1.el9_4.cloud.1.0.aarch64.rpm 72b4551218405d3ce4fabfba74e1402c9f606a67bb0dc614ab737d3ff6730145 RXSA-2024:6567 Moderate: kernel security update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: nfsd: fix RELEASE_LOCKOWNER (CVE-2024-26629) * kernel: mm: cachestat: fix folio read-after-free in cache walk (CVE-2024-26630) * kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720) * kernel: Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886) * kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946) * kernel: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (CVE-2024-35791) * kernel: mm: cachestat: fix two shmem bugs (CVE-2024-35797) * kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875) * kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000) * kernel: iommufd: Fix missing update of domains_itree after splitting iopt_area (CVE-2023-52801) * kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883) * kernel: regmap: maple: Fix cache corruption in regcache_maple_drop() (CVE-2024-36019) * kernel: usb-storage: alauda: Check whether the media is initialized (CVE-2024-38619) * kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979) * kernel: scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559) * kernel: xhci: Handle TD clearing for multiple streams case (CVE-2024-40927) * kernel: cxl/region: Fix memregion leaks in devm_cxl_add_region() (CVE-2024-40936) * kernel: net/sched: Fix UAF when resolving a clash (CVE-2024-41040) * kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044) * kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055) * kernel: PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096) * kernel: xdp: Remove WARN() from __xdp_reg_mem_model() (CVE-2024-42082) * kernel: x86: stop playing stack games in profile_pc() (CVE-2024-42096) * kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102) * kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131) * kernel: nvme: avoid double free special payload (CVE-2024-41073) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux SIG Cloud 9 1 Moderate

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: nfsd: fix RELEASE_LOCKOWNER (CVE-2024-26629) * kernel: mm: cachestat: fix folio read-after-free in cache walk (CVE-2024-26630) * kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720) * kernel: Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886) * kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946) * kernel: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (CVE-2024-35791) * kernel: mm: cachestat: fix two shmem bugs (CVE-2024-35797) * kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875) * kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000) * kernel: iommufd: Fix missing update of domains_itree after splitting iopt_area (CVE-2023-52801) * kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883) * kernel: regmap: maple: Fix cache corruption in regcache_maple_drop() (CVE-2024-36019) * kernel: usb-storage: alauda: Check whether the media is initialized (CVE-2024-38619) * kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979) * kernel: scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559) * kernel: xhci: Handle TD clearing for multiple streams case (CVE-2024-40927) * kernel: cxl/region: Fix memregion leaks in devm_cxl_add_region() (CVE-2024-40936) * kernel: net/sched: Fix UAF when resolving a clash (CVE-2024-41040) * kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044) * kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055) * kernel: PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096) * kernel: xdp: Remove WARN() from __xdp_reg_mem_model() (CVE-2024-42082) * kernel: x86: stop playing stack games in profile_pc() (CVE-2024-42096) * kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102) * kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131) * kernel: nvme: avoid double free special payload (CVE-2024-41073) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-9-sig-cloud-aarch64-cloud-kernel-rpms bpftool-7.3.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm ab80caedb470b93db747d4334d5dcdf9b8efecece7ffc9ae6ef38c40b2416dbf kernel-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm a63c45a22d34d1a95415cb695936e22129c1892239093c94b005b6e8423157b8 kernel-abi-stablelists-5.14.0-427.35.1.el9_4.cloud.1.0.noarch.rpm ddf8ca7ed1e0a4ba9158e649468efdae9ee5fa82138f2dec852629079604ab19 kernel-core-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 0e81d6ef4341eb6365ee830c7264f73bf555d65eea35b6e0fb1bd1952f2a7bd3 kernel-cross-headers-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 3d40a31a0cafd3ba01e9c3b7c30e0327eb725232faccd589d516bd80d750b42d kernel-debug-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm cb0ac28f9cbdec669dcc347840837da0736924611abb12403cba59448ef1c1d4 kernel-debug-core-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 3c75fcc4921241dde2414bf3c62b800d31a817049fdfab5f4f51ddc9eacde31e kernel-debug-devel-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 9ca0faa919b3ff822c894c0785c490b299360facab0d18846421e747ac29b794 kernel-debug-devel-matched-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm cedb58554f14b6424eba376a913d298436a800ac282175bcad2120a5e12b68ea kernel-debug-modules-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 3b06c9ea30909e20a242f2c99518ac4b9af1880d76403975e8e998512c1106bf kernel-debug-modules-core-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 07e50e2fa417005c3098657ac8d8cf8010f8a4b7800289647dcf0f15392549d5 kernel-debug-modules-extra-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm ed65884073e6bc997da3b5335036e4191f9f04489cfc10aed397dbb563227400 kernel-devel-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 38452180e99a313e7775b8a1d2b9d4f60f7ee92b9dd23d628ca3f9efee184e03 kernel-devel-matched-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 4ba34afed046827d7ec52d2c97ba4a8795c8768737a5279f8dec27959091a4d7 kernel-doc-5.14.0-427.35.1.el9_4.cloud.1.0.noarch.rpm 7f5e0fd7b778a5de57cfbedbdf18e15b1a836a7f0704ac87e94a3aec9e6b7019 kernel-headers-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 47fe4e5a05a49c5d953dcc08a2aecb2122433504ddab5cfc62f1afe33fa55847 kernel-modules-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 2d8aabacc89775fe30d9891088d0ac2841489c111b22c7dda6720255582bfd02 kernel-modules-core-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 30e2f53dc3b4834386b0a7797c3431e2ac99c9077d19d1953191e8979f332067 kernel-modules-extra-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 5f90d31c63a9893de2f11eec7568fccdf3e251acb35eaf7294f71afaf39e08b3 kernel-tools-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 6e0b7d419b58222951af8b680ef140de909b47aa8c6452d1dca229cb2e7a6783 kernel-tools-libs-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 88e1322babc449fc1d2e925fcafd9d39a13f8f3da67c4c12aec836703e1ac900 kernel-tools-libs-devel-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 3f3e87aa0e860a5823c4aefdc08b58a222c1976d6be3e62370872848d9e26e0e perf-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm 99252dc47a391319d2df1a09fcb7837f5bf713304fb03ab1ba777790fb02c654 python3-perf-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm a0900d538b1e4a019b67242322ac810940b1a5f3187cbdcc0a8f60d75783c964 rtla-5.14.0-427.35.1.el9_4.cloud.1.0.aarch64.rpm c3dbb768113a0577c70e72352257bc388c28df443490797722e3afd42f51282f