The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1404.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff




====================================================================
Red Hat Security Advisory

Synopsis:           Important: kernel security and bug fix update
Advisory ID:        RHSA-2024:1404-03
Product:            Red Hat Enterprise Linux
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1404
Issue date:         2024-03-19
Revision:           03
CVE Names:          CVE-2021-43975
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

'Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.




Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)

* kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)

* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

* kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

* kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)

* kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

* kernel: denial of service in tipc_conn_close (CVE-2023-1382)

* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)

* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

* kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

Bug Fix(es):

* The kernel is still getting hung up even after converting kernfs_mutex to kernfs_rwsem with massive concurrent kernfs access (open & lookup) performed by kubelet/node_exporter threads. (JIRA:RHEL-17149)

* kernel: Rate limit overflow messages in r8152 in intr_callback (JIRA:RHEL-18810)

* kernel: tun: avoid double free in tun_free_netdev (JIRA:RHEL-18813)

* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (JIRA:RHEL-18850)

* kernel: NULL pointer dereference in can_rcv_filter (JIRA:RHEL-19461)

* ipoib mcast lockup fix (JIRA:RHEL-19698)

* kernel: denial of service in tipc_conn_close (JIRA:RHEL-18824)

* Rhel-8.6 crash at  qed_get_current_link+0x11 during tx_timeout recovery  (JIRA:RHEL-20923)

* kernel: use-after-free in sch_qfq network scheduler (JIRA:RHEL-14402)

* RHEL8.6 - s390/qeth: NET2016 - fix use-after-free in HSCI (JIRA:RHEL-15849)

* RHEL8.6 - s390/qeth: recovery and set offline lose routes and IPv6 addr (JIRA:RHEL-17883)

* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (JIRA:RHEL-18582)

* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (JIRA:RHEL-18799)

* kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (JIRA:RHEL-18814)

* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (JIRA:RHEL-18998)

* dm multipath device suspend deadlocks waiting on a flush request (JIRA:RHEL-19110)

* kernel: Slab-out-of-bound read in compare_netdev_and_ip (JIRA:RHEL-19327)

* kernel: A flaw leading to a use-after-free in area_cache_get() (JIRA:RHEL-19451)

* [RHEL8] I/O blocked during fio background with IO schedule switch, cpu offline/online, pci nvme rescan/reset (JIRA:RHEL-20231)

* kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20298)

* kernel: inactive elements in nft_pipapo_walk (JIRA:RHEL-20697)

* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21661)

* kernel NULL pointer at RIP: 0010:kyber_has_work+0x1c/0x60 (JIRA:RHEL-21784)

* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (JIRA:RHEL-22090)

* backport timerlat user-space support (JIRA:RHEL-20361)


Solution:

https://access.redhat.com/articles/11258



CVEs:

CVE-2021-43975

References:

https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=2024989
https://bugzilla.redhat.com/show_bug.cgi?id=2073091
https://bugzilla.redhat.com/show_bug.cgi?id=2133451
https://bugzilla.redhat.com/show_bug.cgi?id=2133452
https://bugzilla.redhat.com/show_bug.cgi?id=2133453
https://bugzilla.redhat.com/show_bug.cgi?id=2133455
https://bugzilla.redhat.com/show_bug.cgi?id=2144379
https://bugzilla.redhat.com/show_bug.cgi?id=2148520
https://bugzilla.redhat.com/show_bug.cgi?id=2149024
https://bugzilla.redhat.com/show_bug.cgi?id=2151317
https://bugzilla.redhat.com/show_bug.cgi?id=2156322
https://bugzilla.redhat.com/show_bug.cgi?id=2161310
https://bugzilla.redhat.com/show_bug.cgi?id=2177371
https://bugzilla.redhat.com/show_bug.cgi?id=2181330
https://bugzilla.redhat.com/show_bug.cgi?id=2187813
https://bugzilla.redhat.com/show_bug.cgi?id=2187931
https://bugzilla.redhat.com/show_bug.cgi?id=2188468
https://bugzilla.redhat.com/show_bug.cgi?id=2213139
https://bugzilla.redhat.com/show_bug.cgi?id=2218195
https://bugzilla.redhat.com/show_bug.cgi?id=2218212
https://bugzilla.redhat.com/show_bug.cgi?id=2231800
https://bugzilla.redhat.com/show_bug.cgi?id=2244715
https://bugzilla.redhat.com/show_bug.cgi?id=2245514
https://bugzilla.redhat.com/show_bug.cgi?id=2245663
https://bugzilla.redhat.com/show_bug.cgi?id=2252731
https://bugzilla.redhat.com/show_bug.cgi?id=2253611
https://bugzilla.redhat.com/show_bug.cgi?id=2253614
https://bugzilla.redhat.com/show_bug.cgi?id=2253908
https://bugzilla.redhat.com/show_bug.cgi?id=2255139
https://bugzilla.redhat.com/show_bug.cgi?id=2255283
https://bugzilla.redhat.com/show_bug.cgi?id=2256279
https://bugzilla.redhat.com/show_bug.cgi?id=2258518
https://bugzilla.redhat.com/show_bug.cgi?id=2259866
https://bugzilla.redhat.com/show_bug.cgi?id=2260005
https://bugzilla.redhat.com/show_bug.cgi?id=2262126