An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended
 Update Support.

'Red Hat Product Security has rated this update as having a security impact
 of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
 system.

Security Fix(es):

* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in
 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)

* kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c
 (CVE-2022-28388)

* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip
 (CVE-2022-41858)

* kernel: Rate limit overflow messages in r8152 in intr_callback
 (CVE-2022-3594)

* kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)

* kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

* kernel: denial of service in tipc_conn_close (CVE-2023-1382)

* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow
 (CVE-2023-28772)

* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
 (CVE-2023-40283)

* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

* kernel: ktls overwrites readonly memory pages when using function splice with
 a ktls socket as destination (CVE-2024-0646)

* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

* kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

Bug Fix(es):

* The kernel is still getting hung up even after converting kernfs_mutex to
 kernfs_rwsem with massive concurrent kernfs access (open & lookup) performed by kubelet/node_exporter threads. (JIRA:RHEL-17149)

* kernel: Rate limit overflow messages in r8152 in intr_callback
 (JIRA:RHEL-18810)

* kernel: tun: avoid double free in tun_free_netdev (JIRA:RHEL-18813)

* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow
 (JIRA:RHEL-18850)

* kernel: NULL pointer dereference in can_rcv_filter (JIRA:RHEL-19461)

* ipoib mcast lockup fix (JIRA:RHEL-19698)

* kernel: denial of service in tipc_conn_close (JIRA:RHEL-18824)

* Rhel-8.6 crash at  qed_get_current_link+0x11 during tx_timeout recovery 
 (JIRA:RHEL-20923)

* kernel: use-after-free in sch_qfq network scheduler (JIRA:RHEL-14402)

* RHEL8.6 - s390/qeth: NET2016 - fix use-after-free in HSCI (JIRA:RHEL-15849)

* RHEL8.6 - s390/qeth: recovery and set offline lose routes and IPv6 addr
 (JIRA:RHEL-17883)

* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip
 (JIRA:RHEL-18582)

* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in
 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (JIRA:RHEL-18799)

* kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c
 (JIRA:RHEL-18814)

* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
 (JIRA:RHEL-18998)

* dm multipath device suspend deadlocks waiting on a flush request
 (JIRA:RHEL-19110)

* kernel: Slab-out-of-bound read in compare_netdev_and_ip (JIRA:RHEL-19327)

* kernel: A flaw leading to a use-after-free in area_cache_get()
 (JIRA:RHEL-19451)

* [RHEL8] I/O blocked during fio background with IO schedule switch, cpu
 offline/online, pci nvme rescan/reset (JIRA:RHEL-20231)

* kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20298)

* kernel: inactive elements in nft_pipapo_walk (JIRA:RHEL-20697)

* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21661)

* kernel NULL pointer at RIP: 0010:kyber_has_work+0x1c/0x60 (JIRA:RHEL-21784)

* kernel: ktls overwrites readonly memory pages when using function splice with
 a ktls socket as destination (JIRA:RHEL-22090)

* backport timerlat user-space support (JIRA:RHEL-20361)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-43975: Out-of-bounds Write (CWE-787)
CVE-2022-3545: Use After Free (CWE-416)
CVE-2022-3594: Logging of Excessive Data (CWE-779)
CVE-2022-4744: Access of Uninitialized Pointer (CWE-824)
CVE-2022-28388: Double Free (CWE-415)
CVE-2022-36402: Integer Overflow or Wraparound (CWE-190)
CVE-2022-38096: NULL Pointer Dereference (CWE-476)
CVE-2022-38457: Use After Free (CWE-416)
CVE-2022-40133: Use After Free (CWE-416)
CVE-2022-41858: Use After Free (CWE-416)
CVE-2022-45869: Concurrent Execution using Shared Resource with Improper
 Synchronization ('Race Condition') (CWE-362)
CVE-2022-45887: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2023-1382: NULL Pointer Dereference (CWE-476)
CVE-2023-2166: NULL Pointer Dereference (CWE-476)
CVE-2023-2176: Out-of-bounds Read (CWE-125)
CVE-2023-4921: Use After Free (CWE-416)
CVE-2023-5633: Use After Free (CWE-416)
CVE-2023-6606: Out-of-bounds Read (CWE-125)
CVE-2023-6610: Out-of-bounds Read (CWE-125)
CVE-2023-6817: Use After Free (CWE-416)
CVE-2023-6931: Out-of-bounds Write (CWE-787)
CVE-2023-6932: Use After Free (CWE-416)
CVE-2023-7192: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2023-28772: Improper Restriction of Operations within the Bounds of a
 Memory Buffer (CWE-119)
CVE-2023-30456: Improperly Implemented Security Check for Standard (CWE-358)
CVE-2023-31084
CVE-2023-33951: Exposure of Sensitive Information to an Unauthorized Actor
 (CWE-200)
CVE-2023-33952: Double Free (CWE-415)
CVE-2023-40283: Use After Free (CWE-416)
CVE-2023-45862
CVE-2023-51042: Use After Free (CWE-416)
CVE-2023-51043: Use After Free (CWE-416)
CVE-2024-0565: Integer Underflow (Wrap or Wraparound) (CWE-191)
CVE-2024-0646
CVE-2024-1086: Use After Free (CWE-416)