RHBA-2024:7236 - Bug Fix Advisory

Topic

Updated el8/flatpak-sdk container image is now available for Red Hat Enterprise Linux 8.

Description

The el8/flatpak-sdk container image has been updated for Red Hat Enterprise Linux 8 to address the following security advisory: RHSA-2024:7000 (see References)

Users of el8/flatpak-sdk container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat Enterprise Linux 8 container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

• BZ - 2258012 - CVE-2022-48619 kernel: event code falling outside of a bitmap in input_set_capability() leads to panic
• BZ - 2258013 - CVE-2023-6040 kernel: netfilter: nf_tables: out-of-bounds access in nf_tables_newtable()
• BZ - 2260038 - CVE-2024-23848 kernel: use-after-free in cec_queue_msg_fh
• BZ - 2265799 - CVE-2024-26595 kernel: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path
• BZ - 2265838 - CVE-2024-26600 kernel: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
• BZ - 2266358 - CVE-2023-52470 kernel: null-ptr-deref in alloc_workqueue
• BZ - 2266750 - CVE-2021-46984 kernel: kyber: fix out of bounds access when preempted
• BZ - 2267036 - CVE-2023-52478 kernel: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
• BZ - 2267041 - CVE-2023-52476 kernel: perf/x86/lbr: Filter vsyscall addresses
• BZ - 2267795 - CVE-2023-52522 kernel: net: fix possible store tearing in neigh_periodic_work()
• BZ - 2267916 - CVE-2021-47101 kernel: asix: fix uninit-value in asix_mdio_read()
• BZ - 2267925 - CVE-2021-47097 kernel: Input: elantech - fix stack out of bound access in elantech_change_report_id()
• BZ - 2268295 - CVE-2023-52605 kernel: ACPI: extlog: fix NULL pointer dereference check
• BZ - 2270103 - CVE-2024-26638 kernel: nbd: always initialize struct msghdr completely
• BZ - 2271648 - CVE-2024-26645 kernel: tracing: Ensure visibility when inserting an element into tracing_map
• BZ - 2271796 - CVE-2024-26649 kernel: null pointer when load rlc firmware
• BZ - 2272793 - CVE-2024-26665 kernel: tunnels: fix out of bounds access when building IPv6 PMTU error
• BZ - 2273141 - CVE-2024-26720 kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
• BZ - 2273148 - CVE-2024-26717 kernel: HID: i2c-hid-of: fix NULL-deref on failed power up
• BZ - 2273180 - CVE-2024-26769 kernel: nvmet-fc: avoid deadlock on delete association path
• BZ - 2275558 - CVE-2024-26846 kernel: nvme-fc: do not wait in vain when unloading module
• BZ - 2275661 - CVE-2024-26894 kernel: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
• BZ - 2275690 - CVE-2024-26880 kernel: dm: call the resume method on internal suspend
• BZ - 2275742 - CVE-2024-26855 kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
• BZ - 2277171 - CVE-2024-26923 kernel: af_unix: Fix garbage collector racing against connect()
• BZ - 2278220 - CVE-2024-26939 kernel: drm/i915/vma: Fix UAF on destroy against retire race
• BZ - 2278270 - CVE-2024-27013 kernel: tun: limit printing rate when illegal packet received by tun dev
• BZ - 2278447 - CVE-2024-27042 kernel: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'
• BZ - 2281217 - CVE-2024-35809 kernel: PCI/PM: Drain runtime-idle callbacks before driver removal
• BZ - 2281317 - CVE-2023-52683 kernel: ACPI: LPIT: Avoid u32 multiplication overflow
• BZ - 2281704 - CVE-2024-35884 kernel: udp: do not accept non-tunnel GSO skbs landing in a tunnel
• BZ - 2281720 - CVE-2024-35877 kernel: x86/mm/pat: fix VM_PAT handling in COW mappings
• BZ - 2281807 - CVE-2024-35944 kernel: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
• BZ - 2281847 - CVE-2024-35989 kernel: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
• BZ - 2282324 - CVE-2021-47412 kernel: block: don't call rq_qos_ops->done_bio if the bio isn't tracked
• BZ - 2282345 - CVE-2021-47393 kernel: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
• BZ - 2282354 - CVE-2021-47386 kernel: hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field
• BZ - 2282355 - CVE-2021-47385 kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
• BZ - 2282356 - CVE-2021-47384 kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
• BZ - 2282357 - CVE-2021-47383 kernel: tty: Fix out-of-bound vmalloc access in imageblit
• BZ - 2282366 - CVE-2021-47432 kernel: lib/generic-radix-tree.c: Don't overflow in peek()
• BZ - 2282401 - CVE-2021-47352 kernel: virtio-net: Add validation for used length
• BZ - 2282422 - CVE-2021-47338 kernel: fbmem: Do not delete the mode that is still in use
• BZ - 2282440 - CVE-2021-47321 kernel: watchdog: Fix possible use-after-free by calling del_timer_sync()
• BZ - 2282508 - CVE-2021-47289 kernel: ACPI: fix NULL pointer dereference
• BZ - 2282511 - CVE-2021-47287 kernel: driver core: auxiliary bus: Fix memory leak when driver_register() fail
• BZ - 2282648 - CVE-2023-52798 kernel: wifi: ath11k: fix dfs radar event locking
• BZ - 2282669 - CVE-2023-52809 kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
• BZ - 2282676 - CVE-2023-52817 kernel: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
• BZ - 2282757 - CVE-2023-52840 kernel: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
• BZ - 2282764 - CVE-2023-52800 kernel: wifi: ath11k: fix htt pktlog locking
• BZ - 2282851 - CVE-2021-47441 kernel: mlxsw: thermal: Fix out-of-bounds memory accesses
• BZ - 2282890 - CVE-2021-47466 kernel: mm, slub: fix potential memoryleak in kmem_cache_open()
• BZ - 2282903 - CVE-2021-47455 kernel: ptp: Fix possible memory leak in ptp_clock_register()
• BZ - 2282918 - CVE-2021-47497 kernel: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
• BZ - 2283389 - CVE-2021-47560 kernel: mlxsw: spectrum: Protect driver from buggy firmware
• BZ - 2283424 - CVE-2021-47527 kernel: serial: core: fix transmit-buffer reset and memleak
• BZ - 2284271 - CVE-2024-36883 kernel: net: fix out-of-bounds access in ops_init
• BZ - 2284511 - CVE-2024-36922 kernel: wifi: iwlwifi: read txq->read_ptr under lock
• BZ - 2284515 - CVE-2024-36920 kernel: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING
• BZ - 2284545 - CVE-2024-36902 kernel: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
• BZ - 2284596 - CVE-2024-36953 kernel: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
• BZ - 2284628 - CVE-2024-36939 kernel: nfs: Handle error of rpc_proc_register() in nfs_net_init().
• BZ - 2284630 - CVE-2024-36919 kernel: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
• BZ - 2284634 - CVE-2024-36901 kernel: ipv6: prevent NULL dereference in ip6_output()
• BZ - 2293247 - CVE-2021-47582 kernel: USB: core: Make do_proc_control() and do_proc_bulk() killable
• BZ - 2293270 - CVE-2021-47609 kernel: firmware: arm_scpi: Fix string overflow in SCPI genpd driver
• BZ - 2293273 - CVE-2024-38619 kernel: usb-storage: alauda: Check whether the media is initialized
• BZ - 2293304 - CVE-2022-48754 kernel: phylib: fix potential use-after-free
• BZ - 2293377 - CVE-2022-48760 kernel: USB: core: Fix hang in usb_kill_urb by adding memory barriers
• BZ - 2293408 - CVE-2024-38581 kernel: drm/amdgpu/mes: fix use-after-free issue
• BZ - 2293414 - CVE-2024-38579 kernel: crypto: bcm - Fix pointer arithmetic
• BZ - 2293423 - CVE-2024-38570 kernel: gfs2: Fix potential glock use-after-free on unmount
• BZ - 2293440 - CVE-2024-38559 kernel: scsi: qedf: Ensure the copied buf is NUL terminated
• BZ - 2293441 - CVE-2024-38558 kernel: net: openvswitch: fix overwriting ct original tuple for ICMPv6
• BZ - 2293658 - CVE-2024-37356 kernel: tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
• BZ - 2294313 - CVE-2024-39471 kernel: drm/amdgpu: add error handle to avoid out-of-bounds
• BZ - 2297471 - CVE-2024-39499 kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver()
• BZ - 2297473 - CVE-2024-39501 kernel: drivers: core: synchronize really_probe() and dev_uevent()
• BZ - 2297478 - CVE-2024-39506 kernel: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
• BZ - 2297488 - CVE-2024-40904 kernel: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
• BZ - 2297495 - CVE-2024-40911 kernel: wifi: cfg80211: Lock wiphy in cfg80211_get_station
• BZ - 2297496 - CVE-2024-40912 kernel: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
• BZ - 2297513 - CVE-2024-40929 kernel: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
• BZ - 2297515 - CVE-2024-40931 kernel: mptcp: ensure snd_una is properly initialized on connect
• BZ - 2297525 - CVE-2024-40941 kernel: wifi: iwlwifi: mvm: don't read past the mfuart notifcation
• BZ - 2297538 - CVE-2024-40954 kernel: net: do not leave a dangling sk pointer, when socket creation fails
• BZ - 2297542 - CVE-2024-40958 kernel: netns: Make get_net_ns() handle zero refcount net
• BZ - 2297543 - CVE-2024-40959 kernel: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
• BZ - 2297544 - CVE-2024-40960 kernel: ipv6: prevent possible NULL dereference in rt6_probe()
• BZ - 2297556 - CVE-2024-40972 kernel: ext4: do not create EA inode under buffer lock
• BZ - 2297561 - CVE-2024-40977 kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
• BZ - 2297562 - CVE-2024-40978 kernel: scsi: qedi: Fix crash while reading debugfs attribute
• BZ - 2297572 - CVE-2024-40988 kernel: drm/radeon: fix UBSAN warning in kv_dpm.c
• BZ - 2297573 - CVE-2024-40989 kernel: KVM: arm64: Disassociate vcpus from redistributor region on teardown
• BZ - 2297579 - CVE-2024-40995 kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
• BZ - 2297581 - CVE-2024-40997 kernel: cpufreq: amd-pstate: fix memory leak on CPU EPP exit
• BZ - 2297582 - CVE-2024-40998 kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()
• BZ - 2297589 - CVE-2024-41005 kernel: netpoll: Fix race condition in netpoll_owner_active
• BZ - 2297706 - CVE-2024-40901 kernel: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
• BZ - 2297909 - CVE-2024-41007 kernel: tcp: avoid too many retransmit packets
• BZ - 2298079 - CVE-2024-41008 kernel: drm/amdgpu: change vm->task_info handling
• BZ - 2298140 - CVE-2022-48804 kernel: vt_ioctl: fix array_index_nospec in vt_setactivate
• BZ - 2298177 - CVE-2022-48836 kernel: Input: aiptek - properly check endpoint type
• BZ - 2298640 - CVE-2022-48866 kernel: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts
• BZ - 2299240 - CVE-2024-41090 kernel: virtio-net: tap: mlx5_core short frame denial of service
• BZ - 2299336 - CVE-2024-41091 kernel: virtio-net: tun: mlx5_core short frame denial of service
• BZ - 2299452 - CVE-2024-41012 kernel: filelock: Remove locks reliably when fcntl/close race is detected
• BZ - 2300296 - CVE-2024-41013 kernel: xfs: don't walk off the end of a directory data block
• BZ - 2300297 - CVE-2024-41014 kernel: xfs: add bounds checking to xlog_recover_process_data
• BZ - 2300381 - CVE-2024-41023 kernel: sched/deadline: Fix task_struct reference leak
• BZ - 2300402 - CVE-2024-41035 kernel: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
• BZ - 2300407 - CVE-2024-41038 kernel: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers
• BZ - 2300408 - CVE-2024-41039 kernel: firmware: cs_dsp: Fix overflow checking of wmfw header
• BZ - 2300409 - CVE-2024-41040 kernel: net/sched: Fix UAF when resolving a clash
• BZ - 2300410 - CVE-2024-41041 kernel: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port()
• BZ - 2300414 - CVE-2024-41044 kernel: ppp: reject claimed-as-LCP but actually malformed packets
• BZ - 2300429 - CVE-2024-41055 kernel: mm: prevent derefencing NULL ptr in pfn_section_valid()
• BZ - 2300430 - CVE-2024-41056 kernel: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
• BZ - 2300434 - CVE-2024-41060 kernel: drm/radeon: check bo_va->bo is non-NULL before using it
• BZ - 2300439 - CVE-2024-41064 kernel: powerpc/eeh: avoid possible crash when edev->pdev changes
• BZ - 2300440 - CVE-2024-41065 kernel: powerpc/pseries: Whitelist dtl slub object for copying to userspace
• BZ - 2300448 - CVE-2024-41071 kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing
• BZ - 2300453 - CVE-2024-41076 kernel: NFSv4: Fix memory leak in nfs4_set_security_label
• BZ - 2300492 - CVE-2024-41097 kernel: usb: atm: cxacru: fix endpoint checking in cxacru_bind()
• BZ - 2300533 - CVE-2024-42084 kernel: ftruncate: pass a signed offset
• BZ - 2300552 - CVE-2024-42090 kernel: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
• BZ - 2300709 - CVE-2024-42094 kernel: net/iucv: Avoid explicit cpumask var allocation on stack
• BZ - 2300713 - CVE-2024-42096 kernel: x86: stop playing stack games in profile_pc()
• BZ - 2301477 - CVE-2024-42114 kernel: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
• BZ - 2301489 - CVE-2024-42124 kernel: scsi: qedf: Make qedf_execute_tmf() non-preemptible
• BZ - 2301496 - CVE-2024-42131 kernel: mm: avoid overflows in dirty throttling logic
• BZ - 2301519 - CVE-2024-42152 kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment
• BZ - 2301522 - CVE-2024-42154 kernel: tcp_metrics: validate source addr length
• BZ - 2301543 - CVE-2024-42225 kernel: wifi: mt76: replace skb_put with skb_put_zero
• BZ - 2301544 - CVE-2024-42226 kernel: usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB
• BZ - 2303077 - CVE-2024-42228 kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
• RHEL-31515 - nfsd: crash while testing a lock on a re-exported nfs v3 mount simultaneously from local system and client

CVEs

• CVE-2021-46984
• CVE-2021-47097
• CVE-2021-47101
• CVE-2021-47287
• CVE-2021-47289
• CVE-2021-47321
• CVE-2021-47338
• CVE-2021-47352
• CVE-2021-47383
• CVE-2021-47384
• CVE-2021-47385
• CVE-2021-47386
• CVE-2021-47393
• CVE-2021-47412
• CVE-2021-47432
• CVE-2021-47441
• CVE-2021-47455
• CVE-2021-47466
• CVE-2021-47497
• CVE-2021-47527
• CVE-2021-47560
• CVE-2021-47582
• CVE-2021-47609
• CVE-2022-48619
• CVE-2022-48754
• CVE-2022-48760
• CVE-2022-48804
• CVE-2022-48836
• CVE-2022-48866
• CVE-2023-6040
• CVE-2023-52470
• CVE-2023-52476
• CVE-2023-52478
• CVE-2023-52522
• CVE-2023-52605
• CVE-2023-52683
• CVE-2023-52798
• CVE-2023-52800
• CVE-2023-52809
• CVE-2023-52817
• CVE-2023-52840
• CVE-2024-4032
• CVE-2024-5742
• CVE-2024-6232
• CVE-2024-6655
• CVE-2024-6923
• CVE-2024-8088
• CVE-2024-23848
• CVE-2024-26595
• CVE-2024-26600
• CVE-2024-26638
• CVE-2024-26645
• CVE-2024-26649
• CVE-2024-26665
• CVE-2024-26717
• CVE-2024-26720
• CVE-2024-26769
• CVE-2024-26846
• CVE-2024-26855
• CVE-2024-26880
• CVE-2024-26894
• CVE-2024-26923
• CVE-2024-26939
• CVE-2024-27013
• CVE-2024-27042
• CVE-2024-30203
• CVE-2024-30205
• CVE-2024-35809
• CVE-2024-35877
• CVE-2024-35884
• CVE-2024-35944
• CVE-2024-35989
• CVE-2024-36883
• CVE-2024-36901
• CVE-2024-36902
• CVE-2024-36919
• CVE-2024-36920
• CVE-2024-36922
• CVE-2024-36939
• CVE-2024-36953
• CVE-2024-37356
• CVE-2024-38558
• CVE-2024-38559
• CVE-2024-38570
• CVE-2024-38579
• CVE-2024-38581
• CVE-2024-38619
• CVE-2024-39331
• CVE-2024-39471
• CVE-2024-39499
• CVE-2024-39501
• CVE-2024-39506
• CVE-2024-40901
• CVE-2024-40904
• CVE-2024-40911
• CVE-2024-40912
• CVE-2024-40929
• CVE-2024-40931
• CVE-2024-40941
• CVE-2024-40954
• CVE-2024-40958
• CVE-2024-40959
• CVE-2024-40960
• CVE-2024-40972
• CVE-2024-40977
• CVE-2024-40978
• CVE-2024-40988
• CVE-2024-40989
• CVE-2024-40995
• CVE-2024-40997
• CVE-2024-40998
• CVE-2024-41005
• CVE-2024-41007
• CVE-2024-41008
• CVE-2024-41012
• CVE-2024-41013
• CVE-2024-41014
• CVE-2024-41023
• CVE-2024-41035
• CVE-2024-41038
• CVE-2024-41039
• CVE-2024-41040
• CVE-2024-41041
• CVE-2024-41044
• CVE-2024-41055
• CVE-2024-41056
• CVE-2024-41060
• CVE-2024-41064
• CVE-2024-41065
• CVE-2024-41071
• CVE-2024-41076
• CVE-2024-41090
• CVE-2024-41091
• CVE-2024-41097
• CVE-2024-42084
• CVE-2024-42090
• CVE-2024-42094
• CVE-2024-42096
• CVE-2024-42114
• CVE-2024-42124
• CVE-2024-42131
• CVE-2024-42152
• CVE-2024-42154
• CVE-2024-42225
• CVE-2024-42226
• CVE-2024-42228
• CVE-2024-42237
• CVE-2024-42238
• CVE-2024-42240
• CVE-2024-42246
• CVE-2024-42265
• CVE-2024-42322
• CVE-2024-43830
• CVE-2024-43871
• CVE-2024-45490
• CVE-2024-45491
• CVE-2024-45492

References

• https://access.redhat.com/errata/RHSA-2024:7000
• https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/el8/flatpak-sdk