관리-도구

편집 파일: kpatch.info

OS: almalinux9 kernel: kernel-5.14.0-427.31.1.el9_4 time: 2025-04-29 12:09:09 kpatch-name: skipped/CVE-2024-35839.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35839 kpatch-skip-reason: Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors. kpatch-cvss: kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-36003-ice-fix-lag-and-vf-lock-dependency-in.patch kpatch-description: ice: fix LAG and VF lock dependency in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-36003 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36003 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=96fdd1f6b4ed72a741fb0eb705c0e13049b8721f kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-36025-scsi-qla2xxx-fix-off-by-one-in.patch kpatch-description: scsi: qla2xxx: Fix off by one in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-36025 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36025 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4406e4176f47177f5e51b4cc7e6a7a2ff3dbfbbd kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-39476-md-raid5-fix-deadlock-that-raid5d-wait-for.patch kpatch-description: md/raid5: fix deadlock that raid5d() wait for kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-39476 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39476 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-39476-md-raid5-fix-deadlock-that-raid5d-wait-for-kpatch.patch kpatch-description: md/raid5: remove pr_debug() in raid5d() kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-39476 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39476 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26925-netfilter-nf-tables-release-mutex-after.patch kpatch-description: netfilter: nf_tables: release mutex after kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26925 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26925 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0d459e2ffb541841714839e8228b845458ed3b27 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26581-netfilter-nft-set-rbtree-skip-end-interval.patch kpatch-description: netfilter: nft_set_rbtree: skip end interval kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26581 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26581 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=60c0c230c6f046da536d3df8b39a20b9a9fd6af0 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27020-netfilter-nf-tables-fix-potential-data-race-in.patch kpatch-description: netfilter: nf_tables: Fix potential data-race in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27020 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27020 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f969eb84ce482331a991079ab7a5c4dc3b7f89bf kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-41090-tap-add-missing-verification-for-short-frame.patch kpatch-description: tap: add missing verification for short frame kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-41090 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41090 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ed7f2afdd0e043a397677e597ced0830b83ba0b3 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-41091-tun-add-missing-verification-for-short-frame.patch kpatch-description: tun: add missing verification for short frame kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-41091 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41091 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=049584807f1d797fc3078b68035450a9769eb5c3 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26668-netfilter-nft-limit-reject-configurations-that.patch kpatch-description: netfilter: nft_limit: reject configurations that cause integer overflow kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26668 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26668 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38538-net-bridge-xmit-make-sure-we-have-at-least-eth.patch kpatch-description: net: bridge: xmit: make sure we have at least eth kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38538 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38538 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2023-52880-tty-n-gsm-require-cap-net-admin-to-attach.patch kpatch-description: tty: n_gsm: require CAP_NET_ADMIN to attach kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2023-52880 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52880 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=67c37756898a5a6b2941a13ae7260c89b54e0d88 kpatch-name: skipped/CVE-2024-26908.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26908 kpatch-skip-reason: CVE marked as rejected by vendor kpatch-cvss: kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27016-netfilter-flowtable-validate-pppoe-header.patch kpatch-description: netfilter: flowtable: validate pppoe header kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27016 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27016 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=87b3593bed1868b2d9fe096c01bcdf0ea86cbebf kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27019-netfilter-nf-tables-fix-potential-data-race-in.patch kpatch-description: netfilter: nf_tables: Fix potential data-race in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27019 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27019 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d78d867dcea69c328db30df665be5be7d0148484 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35896-netfilter-validate-user-input-for-expected.patch kpatch-description: netfilter: validate user input for expected length kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35896 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35896 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0c83842df40f86e529db6842231154772c20edcc kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35962-netfilter-complete-validation-of-user-input.patch kpatch-description: netfilter: complete validation of user input kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35962 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35962 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=65acf6e0501ac8880a4f73980d01b5d27648b956 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35897-netfilter-nf_tables-reject-table-flag-and-netdev-basechain-updates.patch kpatch-description: netfilter: nf_tables: discard table flag update kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35897 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35897 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6cbbe1ba76ee7e674a86abd43009b083a45838cb kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35897-netfilter-nf-tables-discard-table-flag-update.patch kpatch-description: netfilter: nf_tables: discard table flag update kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35897 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35897 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1bc83a019bbe268be3526406245ec28c2458a518 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2023-52771-cxl-port-fix-delete-endpoint-vs-parent.patch kpatch-description: cxl/port: Fix delete_endpoint() vs parent kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2023-52771 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52771 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8d2ad999ca3c64cb08cf6a58d227b9d9e746d708 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26810-vfio-pci-lock-external-intx-masking-ops.patch kpatch-description: vfio/pci: Lock external INTx masking ops kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26810 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26810 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=810cd4bb53456d0503cc4e7934e063835152c1b7 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-42152-nvmet-fix-a-possible-leak-when-destroy-a-ctrl.patch kpatch-description: nvmet: fix a possible leak when destroy a ctrl kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-42152 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42152 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26855-net-ice-fix-potential-null-pointer-dereference.patch kpatch-description: net: ice: Fix potential NULL pointer dereference kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26855 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26855 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=06e456a05d669ca30b224b8ed962421770c1496c kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-41076-nfsv4-fix-memory-leak-in-nfs4-set-security-label.patch kpatch-description: NFSv4: Fix memory leak in nfs4_set_security_label kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-41076 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41076 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aad11473f8f4be3df86461081ce35ec5b145ba68 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-41041-udp-set-sock-rcu-free-earlier-in.patch kpatch-description: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-41041 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41041 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c0b485a8c6116516f33925b9ce5b6104a6eadfd kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-42110-net-ntb-netdev-move-ntb-netdev-rx-handler-to.patch kpatch-description: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-42110 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42110 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e15a5d821e5192a3769d846079bc9aa380139baf kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40957-seg6-fix-parameter-passing-when-calling.patch kpatch-description: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40957 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40957 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9a3bc8d16e0aacd65c31aaf23a2bced3288a7779 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40978-scsi-qedi-fix-crash-while-reading-debugfs.patch kpatch-description: scsi: qedi: Fix crash while reading debugfs attribute kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40978 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40978 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=28027ec8e32ecbadcd67623edb290dad61e735b5 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40941-wifi-iwlwifi-mvm-don-t-read-past-the-mfuart.patch kpatch-description: wifi: iwlwifi: mvm: don't read past the mfuart notifcation kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40941 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40941 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4bb95f4535489ed830cf9b34b0a891e384d1aee4 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40929-wifi-iwlwifi-mvm-check-n-ssids-before.patch kpatch-description: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40929 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40929 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=60d62757df30b74bf397a2847a6db7385c6ee281 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40912-wifi-mac80211-fix-deadlock-in.patch kpatch-description: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40912 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40912 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=44c06bbde6443de206b30f513100b5670b23fc5e kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40911-wifi-cfg80211-lock-wiphy-in.patch kpatch-description: wifi: cfg80211: Lock wiphy in cfg80211_get_station kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40911 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40911 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=642f89daa34567d02f312d03e41523a894906dae kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40939-net-wwan-iosm-fix-tainted-pointer-delete-is.patch kpatch-description: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b0c9a26435413b81799047a7be53255640432547 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40905-ipv6-fix-possible-race-in.patch kpatch-description: ipv6: fix possible race in __fib6_drop_pcpu_from() kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40905 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b01e1c030770ff3b4fe37fc7cc6bca03f594133f kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40983-tipc-force-a-dst-refcount-before-doing.patch kpatch-description: tipc: force a dst refcount before doing decryption kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40983 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40983 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2ebe8f840c7450ecbfca9d18ac92e9ce9155e269 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40914-mm-huge_memory-don-t-unpoison-huge_zero_folio.patch kpatch-description: mm/huge_memory: don't unpoison huge_zero_folio kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40914 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40914 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fe6f86f4b40855a130a19aa589f9ba7f650423f4 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38544-rdma-rxe-fix-seg-fault-in-rxe-comp-queue-pkt.patch kpatch-description: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38544 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38544 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2b23b6097303ed0ba5f4bc036a1c07b6027af5c6 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38579-crypto-bcm-fix-pointer-arithmetic.patch kpatch-description: crypto: bcm - Fix pointer arithmetic kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38579 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38579 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38540-bnxt-re-avoid-shift-undefined-behavior-in.patch kpatch-description: bnxt_re: avoid shift undefined behavior in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38540 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38540 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=78cfd17142ef70599d6409cbd709d94b3da58659 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35898-netfilter-nf-tables-fix-potential-data-race-in.patch kpatch-description: netfilter: nf_tables: Fix potential data-race in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35898 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35898 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=24225011d81b471acc0e1e315b7d9905459a6304 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38608-net-mlx5e-Add-wrapping-for-auxiliary_driver-ops-and.patch kpatch-description: net/mlx5e: Add wrapping for auxiliary_driver ops and remove unused args kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38608 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38608 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b1a33e65134786b9ef97f978572531c6004c8526 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38608-net-mlx5e-Fix-netif-state-handling.patch kpatch-description: net/mlx5e: Fix netif state handling kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38608 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38608 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d5918477f94e4c2f064567875c475468e264644 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27415-netfilter-bridge-confirm-multicast-packets.patch kpatch-description: netfilter: bridge: confirm multicast packets kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27415 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27415 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=62e7151ae3eb465e0ab52a20c941ff33bb6332e9 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27415-netfilter-bridge-confirm-multicast-packets-kpatch.patch kpatch-description: netfilter: bridge: confirm multicast packets kpatch kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27415 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27415 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=62e7151ae3eb465e0ab52a20c941ff33bb6332e9 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36979-net-bridge-mst-fix-vlan-use-after-free.patch kpatch-description: net: bridge: mst: fix vlan use-after-free kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36979 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36979 kpatch-patch-url: https://git.kernel.org/linus/3a7c1661ae1383364cd6092d851f5e5da64d476b kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36979-CVE-2024-40920-net-bridge-mst-fix-suspicious-rcu-usage-in-br_mst_se.patch kpatch-description: net: bridge: mst: fix vlan use-after-free kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36979 CVE-2024-40920 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36979 kpatch-patch-url: https://git.kernel.org/linus/546ceb1dfdac866648ec959cbc71d9525bd73462 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36979-CVE-2024-40921-net-bridge-mst-pass-vlan-group-directly-to-br_mst_vl.patch kpatch-description: net: bridge: mst: fix vlan use-after-free kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36979 CVE-2024-40921 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36979 kpatch-patch-url: https://git.kernel.org/linus/36c92936e868601fa1f43da6758cf55805043509 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-26630-mm-cachestat-fix-folio-read-after-free-in-cache-walk.patch kpatch-description: mm: cachestat: fix folio read-after-free in cache walk kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-26630 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26630 kpatch-patch-url: https://git.kernel.org/linus/3a75cb05d53f4a6823a32deb078de1366954a804 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41096-PCI-MSI-Fix-UAF-in-msi_capability_init.patch kpatch-description: PCI/MSI: Fix UAF in msi_capability_init kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41096 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41096 kpatch-patch-url: https://git.kernel.org/linus/9eee5330656bf92f51cb1f09b2dc9f8cf975b3d1 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41073-vme-avoid-double-free-special-payload.patch kpatch-description: nvme: avoid double free special payload kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41073 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41073 kpatch-patch-url: https://git.kernel.org/linus/e5d574ab37f5f2e7937405613d9b1a724811e5ad kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41040-net-sched-Fix-UAF-when-resolving-a-clash.patch kpatch-description: net/sched: Fix UAF when resolving a clash kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41040 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41040 kpatch-patch-url: https://git.kernel.org/linus/26488172b0292bed837b95a006a3f3431d1898c3 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2023-52801-iommufd-Fix-missing-update-of-domains_itree-after-s.patch kpatch-description: iommufd: Fix missing update of domains_itree after splitting iopt_area kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2023-52801 kpatch-cvss: 9.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52801 kpatch-patch-url: https://git.kernel.org/linus/e7250ab7ca4998fe026f2149805b03e09dc32498 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-35797-mm-cachestat-fix-two-shmem-bugs.patch kpatch-description: mm: cachestat: fix two shmem bugs kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-35797 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35797 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d5d39c707a4cf0bcc84680178677b97aa2cb2627 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-26629-nfsd-fix-RELEASE_LOCKOWNER.patch kpatch-description: nfsd: fix RELEASE_LOCKOWNER kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-26629 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26629 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=edcf9725150e42beeca42d085149f4c88fa97afd kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-26946-kprobes-x86-use-copy-from-kernel-nofault-to.patch kpatch-description: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-26946 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26946 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36000-mm-hugetlb-fix-missing-hugetlb_lock-for-resv-unchar.patch kpatch-description: mm/hugetlb: fix missing hugetlb_lock for resv kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36000 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36000 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b76b46902c2d0395488c8412e1116c2486cdfcb2 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36019-regmap-maple-fix-cache-corruption-in.patch kpatch-description: regmap: maple: Fix cache corruption in kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36019 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36019 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=00bb549d7d63a21532e76e4a334d7807a54d9f31 kpatch-name: skipped/CVE-2024-26720.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26720 kpatch-skip-reason: This CVE introduces a regression and is reverted by CVE-2024-42102 in the same errata kpatch-cvss: kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2023-52463-efivarfs-force-RO-when-remounting-if-SetVariable-is-not-supported.patch kpatch-description: efivarfs: force RO when remounting if SetVariable kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2023-52463 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52463 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0e8d2444168dd519fea501599d150e62718ed2fe kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2023-52463-efivarfs-force-RO-when-remounting-if-SetVariable-is-not-supported-kpatch.patch kpatch-description: efivarfs: force RO when remounting if SetVariable kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2023-52463 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52463 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0e8d2444168dd519fea501599d150e62718ed2fe kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-35791-kvm-svm-flush-pages-under-kvm-lock-to-fix-uaf.patch kpatch-description: KVM: SVM: Flush pages under kvm->lock to fix UAF kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-35791 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35791 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36883-net-fix-out-of-bounds-access-in-ops-init.patch kpatch-description: net: fix out-of-bounds access in ops_init kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36883 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36883 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a26ff37e624d12e28077e5b24d2b264f62764ad6 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-38559-scsi-qedf-ensure-the-copied-buf-is-nul.patch kpatch-description: scsi: qedf: Ensure the copied buf is NUL kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-38559 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38559 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d0184a375ee797eb657d74861ba0935b6e405c62 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-40927-xhci-handle-td-clearing-for-multiple-streams.patch kpatch-description: xhci: Handle TD clearing for multiple streams kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-40927 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40927 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5ceac4402f5d975e5a01c806438eb4e554771577 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-40936-cxl-region-fix-memregion-leaks-in.patch kpatch-description: cxl/region: Fix memregion leaks in devm_cxl_add_region() kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-40936 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40936 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=49ba7b515c4c0719b866d16f068e62d16a8a3dd1 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41044-ppp-reject-claimed-as-lcp-but-actually-malformed.patch kpatch-description: ppp: reject claimed-as-LCP but actually malformed kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41044 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41044 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f2aeb7306a898e1cbd03963d376f4b6656ca2b55 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41055-mm-kmsan-fix-infinite-recursion-due-to-rcu.patch kpatch-description: mm, kmsan: fix infinite recursion due to RCU kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41055 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=82f0b6f041fad768c28b4ad05a683065412c226e kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41055-mm-prevent-derefencing-null-ptr-in.patch kpatch-description: mm: prevent derefencing NULL ptr in kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41055 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=82f0b6f041fad768c28b4ad05a683065412c226e kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-42082-xdp-remove-warn-from-xdp-reg-mem-model.patch kpatch-description: xdp: Remove WARN() from __xdp_reg_mem_model() kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-42082 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42082 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7e9f79428372c6eab92271390851be34ab26bfb4 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-42096-x86-stop-playing-stack-games-in-profile-pc.patch kpatch-description: x86: stop playing stack games in profile_pc() kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-42096 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42096 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=093d9603b60093a9aaae942db56107f6432a5dca kpatch-name: skipped/CVE-2024-42102.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42102 kpatch-skip-reason: Reverts CVE-2024-26720, which we don't use. kpatch-cvss: kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-42131-mm-avoid-overflows-in-dirty-throttling-logic.patch kpatch-description: mm: avoid overflows in dirty throttling logic kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-42131 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42131 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=385d838df280eba6c8680f9777bfa0d0bfe7e8b2 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-35875-x86-coco-Require-seeding-RNG-with-RDRAND-on-CoCo-systems.patch kpatch-description: x86/coco: Require seeding RNG with RDRAND on CoCo kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-35875 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35875 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=99485c4c026f024e7cb82da84c7951dbe3deb584 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-35875-x86-coco-Require-seeding-RNG-with-RDRAND-on-CoCo-systems-kpatch.patch kpatch-description: x86/coco: Require seeding RNG with RDRAND on CoCo kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-35875 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35875 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=99485c4c026f024e7cb82da84c7951dbe3deb584 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-38619-usb-storage-alauda-check-whether-the-media-is.patch kpatch-description: usb-storage: alauda: Check whether the media is initialized kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-38619 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38619 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=16637fea001ab3c8df528a8995b3211906165a30 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-38619-usb-storage-alauda-check-whether-the-media-is-initialized-kpatch.patch kpatch-description: usb-storage: alauda: Check whether the media is initialized (Adaptation) kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-38619 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38619 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=16637fea001ab3c8df528a8995b3211906165a30 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-26886-bluetooth-af-bluetooth-fix-deadlock.patch kpatch-description: Bluetooth: af_bluetooth: Fix deadlock kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-26886 kpatch-cvss: 5.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26886 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f7b94bdc1ec107c92262716b073b3e816d4784fb kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2023-52439-uio-fix-use-after-free-in-uio-open.patch kpatch-description: uio: Fix use-after-free in uio_open kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2023-52439 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52439 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0c9ae0b8605078eafc3bea053cc78791e97ba2e2 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38570-01-gfs2-Remove-ill-placed-consistency-check.patch kpatch-description: gfs2: Remove ill-placed consistency check kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38570 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=59f60005797b4018d7b46620037e0c53d690795e kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38570-02-gfs2-simplify-gdlm_put_lock-with-out_free-label.patch kpatch-description: gfs2: simplify gdlm_put_lock with out_free label kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38570 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a9b0f6f4adb1a8b4219e3e14ab6ef46c14987ac0 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38570-03-gfs2-Fix-potential-glock-use-after-free-on-unmount.patch kpatch-description: gfs2: Fix potential glock use-after-free on unmount kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38570 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=501cd8fabf621d10bd4893e37f6ce6c20523c8ca kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38570-03-gfs2-Fix-potential-glock-use-after-free-on-unmount-kpatch.patch kpatch-description: gfs2: Fix potential glock use-after-free on unmount kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38570 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=501cd8fabf621d10bd4893e37f6ce6c20523c8ca kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26929-scsi-qla2xxx-fix-double-free-of-fcport.patch kpatch-description: scsi: qla2xxx: Fix double free of fcport kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26929 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26929 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=82f522ae0d97119a43da53e0f729275691b9c525 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26930-scsi-qla2xxx-fix-double-free-of-the-ha-vp-map-pointer.patch kpatch-description: scsi: qla2xxx: Fix double free of the ha->vp_map pointer kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26930 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26930 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e288285d47784fdcf7c81be56df7d65c6f10c58b kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-27022-fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch kpatch-description: fork: defer linking file vma until vma is fully initialized kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-27022 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27022 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=35e351780fa9d8240dd6f7e4f245f9ea37e96c19 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38562-wifi-nl80211-avoid-address-calculations-via-out-of-bounds-array-indexing.patch kpatch-description: wifi: nl80211: Avoid address calculations via out of bounds array indexing kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38562 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38562 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=838c7b8f1f278404d9d684c34a8cb26dc41aaaa1 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-41071-wifi-mac80211-avoid-address-calculations-via-out-of-bounds-array-indexing.patch kpatch-description: wifi: mac80211: Avoid address calculations via out of bounds array indexing kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-41071 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41071 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2663d0462eb32ae7c9b035300ab6b1523886c718 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-36016-tty-n-gsm-fix-possible-out-of-bounds-in-gsm0-receive.patch kpatch-description: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-36016 kpatch-cvss: 7.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36016 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47388e807f85948eefc403a8a5fdc5b406a65d5a kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38573-cppc-cpufreq-fix-possible-null-pointer-dereference.patch kpatch-description: cppc_cpufreq: Fix possible null pointer dereference kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38573 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38573 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cf7de25878a1f4508c69dc9f6819c21ba177dbfe kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-42225-wifi-mt76-replace-skb-put-with-skb-put-zero.patch kpatch-description: wifi: mt76: replace skb_put with skb_put_zero kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-42225 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42225 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7f819a2f4fbc510e088b49c79addcf1734503578 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38615-cpufreq-exit-callback-is-optional.patch kpatch-description: cpufreq: exit() callback is optional kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38615 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38615 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b8f85833c05730d631576008daaa34096bc7f3ce kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-36899-gpiolib-cdev-fix-use-after-free-in-lineinfo-changed-notify.patch kpatch-description: gpiolib: cdev: Fix use after free in lineinfo_changed_notify kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-36899 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36899 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=02f6b0e1ec7e0e7d059dddc893645816552039da kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-35895-bpf-sockmap-prevent-lock-inversion-deadlock-in-map-delete-elem.patch kpatch-description: bpf, sockmap: Prevent lock inversion deadlock in map delete elem kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-35895 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35895 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ff91059932401894e6c86341915615c5eb0eca48 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26931-scsi-qla2xxx-fix-command-flush-on-cable-pull.patch kpatch-description: scsi: qla2xxx: Fix command flush on cable pull kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26931 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a27d4d0e7de305def8a5098a614053be208d1aa1 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38601-ring-buffer-fix-a-race-between-readers-and-resize-checks.patch kpatch-description: ring-buffer: Fix a race between readers and resize checks kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38601 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38601 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c2274b908db05529980ec056359fae916939fdaa kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2023-52884-input-cyapa-add-missing-input-core-locking-to-suspend-resume-functions.patch kpatch-description: Input: cyapa - add missing input core locking to suspend/resume functions kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2023-52884 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52884 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7b4e0b39182cf5e677c1fc092a3ec40e621c25b6 kpatch-name: skipped/CVE-2024-26947.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26947 kpatch-skip-reason: ARM related CVE kpatch-cvss: kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-40984-acpica-revert-acpica-avoid-info-mapping-multiple-bars-your-kernel-is-fine.patch kpatch-description: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-40984 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40984 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a83e1385b780d41307433ddbc86e3c528db031f0 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26991-kvm-x86-mmu-x86-don-t-overflow-lpage-info-when-checking-attributes.patch kpatch-description: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26991 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26991 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=992b54bd083c5bee24ff7cc35991388ab08598c4 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-42246-net-sunrpc-remap-eperm-in-case-of-connection-failure-in-xs-tcp-setup-socket.patch kpatch-description: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-42246 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42246 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=626dfed5fa3bfb41e0dffd796032b555b69f9cde kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26739-net-sched-act_mirred-Create-function-tcf_mirred_to_.patch kpatch-description: net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=16085e48cb48aeb50a1178dc276747749910b0f2 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26739-net-sched-act-mirred-don-t-override-retval-if-we-already-lost-the-skb.patch kpatch-description: net/sched: act_mirred: don't override retval if we already lost the skb kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-36978-net-sched-sch-multiq-fix-possible-oob-write-in-multiq-tune.patch kpatch-description: net: sched: sch_multiq: fix possible OOB write in multiq_tune() kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-36978 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36978 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=affc18fdc694190ca7575b9a86632a73b9fe043d kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-42284-tipc-return-non-zero-value-from-tipc-udp-addr2str-on-error.patch kpatch-description: tipc: Return non-zero value from tipc_udp_addr2str() on error kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-42284 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42284 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fa96c6baef1b5385e2f0c0677b32b3839e716076 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2021-47385-hwmon-w83792d-fix-null-pointer-dereference-by-removing-unnecessary-structure-field.patch kpatch-description: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2021-47385 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47385 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0f36b88173f028e372668ae040ab1a496834d278 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2021-47385-hwmon-w83792d-fix-null-pointer-dereference-by-removing-unnecessary-structure-field-kpatch.patch kpatch-description: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2021-47385 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47385 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0f36b88173f028e372668ae040ab1a496834d278 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-35989-dmaengine-idxd-fix-oops-during-rmmod-on-single-cpu-platforms.patch kpatch-description: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-35989 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35989 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f221033f5c24659dc6ad7e5cf18fb1b075f4a8be kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-40959-xfrm6-check-ip6-dst-idev-return-value-in-xfrm6-get-saddr.patch kpatch-description: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-40959 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40959 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d46401052c2d5614da8efea5788532f0401cb164 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-42079-gfs2-fix-null-pointer-dereference-in-gfs2-log-flush.patch kpatch-description: gfs2: Fix NULL pointer dereference in gfs2_log_flush kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-42079 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42079 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=35264909e9d1973ab9aaa2a1b07cda70f12bb828 kpatch-name: skipped/CVE-2023-28746.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-28746 kpatch-skip-reason: RFDS: Medium score vulnerability affecting only Intel Atom CPUs, mitigated via microcode update. kpatch-cvss: kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2023-52658-revert-net-mlx5-block-entering-switchdev-mode-with-ns-inconsistency.patch kpatch-description: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2023-52658 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52658 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8deeefb24786ea7950b37bde4516b286c877db00 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-27403-netfilter-nft-flow-offload-reset-dst-in-route-object-after-setting-up-flow.patch kpatch-description: netfilter: nft_flow_offload: reset dst in route object after setting up flow kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-27403 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27403 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9e0f0430389be7696396c62f037be4bf72cf93e3 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-36889-mptcp-ensure-snd-nxt-is-properly-initialized-on-connect.patch kpatch-description: mptcp: ensure snd_nxt is properly initialized on connect kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-36889 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36889 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fb7a0d334894206ae35f023a82cad5a290fd7386 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-39483-kvm-svm-warn-on-vnmi-nmi-window-iff-nmis-are-outright-masked.patch kpatch-description: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-39483 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39483 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4bd556467477420ee3a91fbcba73c579669edc6 kpatch-name: skipped/CVE-2024-39502.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39502 kpatch-skip-reason: Patches a sleepable function, there is a small but non-zero risk of livepatching failure kpatch-cvss: kpatch-name: skipped/CVE-2024-42272.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42272 kpatch-skip-reason: el9 kernels are not vulnerable: no versions with commit 88c67aeb1407 only. kpatch-cvss: kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-38556-net-mlx5-add-a-timeout-to-acquire-the-command-queue-semaphore.patch kpatch-description: net/mlx5: Add a timeout to acquire the command queue semaphore kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-38556 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-38556 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=485d65e1357123a697c591a5aeb773994b247ad7 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-38556-net-mlx5-add-a-timeout-to-acquire-the-command-queue-semaphore-kpatch.patch kpatch-description: net/mlx5: Add a timeout to acquire the command queue semaphore kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-38556 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-38556 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=485d65e1357123a697c591a5aeb773994b247ad7 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-45018-netfilter-flowtable-initialise-extack-before-use.patch kpatch-description: netfilter: flowtable: initialise extack before use kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-45018 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45018 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e9767137308daf906496613fd879808a07f006a2 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-41005-netpoll-fix-race-condition-in-netpoll-owner-active.patch kpatch-description: netpoll: Fix race condition in netpoll_owner_active kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-41005 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41005 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c2e6a872bde9912f1a7579639c5ca3adf1003916 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26923-af_unix-Fix-garbage-collector-racing-against-connec.patch kpatch-description: af_unix: Fix garbage collector racing against connect() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26923 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26923 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47d8ac011fe1c9251070e1bd64cb10b48193ec51 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-41013-xfs-don-t-walk-off-the-end-of-a-directory-data-block.patch kpatch-description: xfs: don't walk off the end of a directory data block kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-41013 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41013 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0c7fcdb6d06cdf8b19b57c17605215b06afa864a kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-41014-xfs-add-bounds-checking-to-xlog-recover-process-data.patch kpatch-description: xfs: add bounds checking to xlog_recover_process_data kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-41014 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fb63435b7c7dc112b1ae1baea5486e0a6e27b196 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40995-net-sched-act-api-fix-possible-infinite-loop-in-tcf-idr-check-alloc.patch kpatch-description: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40995 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40995 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d864319871b05fadd153e0aede4811ca7008f5d6 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40960-ipv6-prevent-possible-null-dereference-in-rt6-probe.patch kpatch-description: ipv6: prevent possible NULL dereference in rt6_probe() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40960 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40960 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b86762dbe19a62e785c189f313cda5b989931f37 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40972-ext4-fold-quota-accounting-into-ext4-xattr-inode-lookup-create.patch kpatch-description: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40972 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40972 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0a46ef234756dca04623b7591e8ebb3440622f0b kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40972-ext4-do-not-create-ea-inode-under-buffer-lock.patch kpatch-description: ext4: do not create EA inode under buffer lock kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40972 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40972 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0a46ef234756dca04623b7591e8ebb3440622f0b kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40998-ext4-turn-quotas-off-if-mount-failed-after-enabling-quotas.patch kpatch-description: ext4: turn quotas off if mount failed after enabling quotas kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40998 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40998 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4b4fda34e535756f9e774fb2d09c4537b7dfd1c kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40998-ext4-fix-uninitialized-ratelimit-state-lock-access-in-ext4-fill-super.patch kpatch-description: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40998 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40998 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4b4fda34e535756f9e774fb2d09c4537b7dfd1c kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40977-wifi-mt76-mt7921s-fix-potential-hung-tasks-during-chip-recovery.patch kpatch-description: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40977 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40977 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ecf0b2b8a37c8464186620bef37812a117ff6366 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2021-47383-tty-fix-out-of-bound-vmalloc-access-in-imageblit.patch kpatch-description: tty: Fix out-of-bound vmalloc access in imageblit kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2021-47383 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47383 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3b0c406124719b625b1aba431659f5cdc24a982c kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26640-tcp-add-sanity-checks-to-rx-zerocopy.patch kpatch-description: tcp: add sanity checks to rx zerocopy kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26640 kpatch-cvss: 5.5 kpatch-cve-url: https://www.cve.org/CVERecord?id=CVE-CVE-2024-26640 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=577e4432f3ac810049cb7e6b71f4d96ec7c6e894 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26826-mptcp-fix-data-re-injection-from-stale-subflow.patch kpatch-description: mptcp: fix data re-injection from stale subflow kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26826 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26826 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b6c620dc43ccb4e802894e54b651cf81495e9598 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26935-scsi-core-fix-unremoved-procfs-host-directory-regression.patch kpatch-description: scsi: core: Fix unremoved procfs host directory regression kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26935 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26935 kpatch-patch-url: https://github.com/torvalds/linux/commit/f23a4d6e07570826fe95023ca1aa96a011fa9f84 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26961-mac802154-fix-llsec-key-resources-release-in_new.patch kpatch-description: mac802154: fix llsec key resources release in mac802154_llsec_key_del kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26961 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26961 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e8a1e58345cf40b7b272e08ac7b32328b2543e40 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26961-mac802154-fix-llsec-key-resources-release-in_new-kpatch.patch kpatch-description: mac802154: fix llsec key resources release in mac802154_llsec_key_del kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26961 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26961 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e8a1e58345cf40b7b272e08ac7b32328b2543e40 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-36244-net-sched-taprio-extend-minimum-interval-restriction-to-entire.patch kpatch-description: net/sched: taprio: extend minimum interval restriction to entire cycle too kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-36244 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36244 kpatch-patch-url: https://github.com/torvalds/linux/commit/fb66df20a7201e60f2b13d7f95d031b31a8831d3 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-39472-xfs-fix-log-recovery-buffer-allocation-for-the-lega.patch kpatch-description: xfs: fix log recovery buffer allocation for the kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-39472 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39472 kpatch-patch-url: https://github.com/torvalds/linux/commit/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-39504-netfilter-nft_inner-validate-mandatory-meta.patch kpatch-description: netfilter: nft_inner: validate mandatory meta and payload kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-39504 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39504 kpatch-patch-url: https://github.com/torvalds/linux/commit/c4ab9da85b9df3692f861512fe6c9812f38b7471 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-39504-netfilter-nft_inner-validate-mandatory-payload.patch kpatch-description: netfilter: nft_inner: validate mandatory meta and payload kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-39504 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39504 kpatch-patch-url: https://github.com/torvalds/linux/commit/c4ab9da85b9df3692f861512fe6c9812f38b7471 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40904-usb-class-cdc-wdm-fix-cpu-lockup-caused-by-excessive-log-messages.patch kpatch-description: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40904 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40904 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22f00812862564b314784167a89f27b444f82a46 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40931-mptcp-ensure-snd_una-is-properly-initialized-on-con.patch kpatch-description: mptcp: ensure snd_una is properly initialized on connect kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40931 kpatch-patch-url: https://github.com/torvalds/linux/commit/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/kpatch-add-alt-asm-definitions.patch kpatch-description: kpatch add alt asm definitions kpatch-kernel: N/A kpatch-cve: N/A kpatch-cvss: N/A kpatch-cve-url: https://www.kernel.org kpatch-patch-url: https://www.kernel.org kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-2201-x86-bugs-Change-commas-to-semicolons-in-spectre_v2-sysfs-file.patch kpatch-description: x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-2201 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-2201 kpatch-patch-url: https://git.kernel.org/linus/0cd01ac5dcb1e18eb18df0f0d05b5de76522a437 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-2201-x86-bhi-Add-support-for-clearing-branch-history-at-syscall-entry.patch kpatch-description: x86/bugs: x86/bhi: Add support for clearing branch history at syscall entry kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-2201 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-2201 kpatch-patch-url: https://git.kernel.org/linus/7390db8aea0d64e9deb28b8e1ce716f5020c7ee5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52560-mm-damon-vaddr-test-fix-memory-leak-in-damon_do_test_apply_three_regions.patch kpatch-description: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52560 kpatch-cvss: 3.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52560 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=45120b15743fa7c0aa53d5db6dfb4c8f87be4abd kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26631-ipv6-mcast-fix-data-race-in-ipv6_mc_down-mld_ifc_work.patch kpatch-description: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26631 kpatch-cvss: 2.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26631 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e7ef287f07c74985f1bf2858bedc62bd9ebf155 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52758-string.h-add-array-wrappers-for-v-memdup_user.patch kpatch-description: string.h: add array-wrappers for (v)memdup_user() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52758 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52758 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cc9c54232f04aef3a5d7f64a0ece7df00f1aaa3d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52758-i2c-dev-copy-userspace-array-safely.patch kpatch-description: i2c: dev: copy userspace array safely kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52758 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52758 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cc9c54232f04aef3a5d7f64a0ece7df00f1aaa3d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35923-io-uring-clear-opcode-specific-data-for-an-early-failure.patch kpatch-description: io_uring: clear opcode specific data for an early failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35923 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35923 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e21e1c45e1fe2e31732f40256b49c04e76a17cee kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52565-media-uvcvideo-fix-oob-read.patch kpatch-description: media: uvcvideo: Fix OOB read kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52565 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52565 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52466-pci-avoid-potential-out-of-bounds-read-in-pci-dev-for-each-resource.patch kpatch-description: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52466 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52466 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3171e46d677a668eed3086da78671f1e4f5b8405 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26611-xsk-fix-usage-of-multi-buffer-bpf-helpers-for-zc-xdp.patch kpatch-description: xsk: fix usage of multi-buffer BPF helpers for ZC XDP kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26611 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26611 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c5114710c8ce86b8317e9b448f4fd15c711c2a82 kpatch-name: skipped/CVE-2024-36930.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36930 kpatch-skip-reason: function can sleep with no time out kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36891-maple-tree-fix-mas-empty-area-rev-null-pointer-dereference.patch kpatch-description: maple_tree: fix mas_empty_area_rev() null pointer dereference kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36891 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36891 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=955a923d2809803980ff574270f81510112be9cf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36927-ipv4-fix-uninit-value-access-in-ip-make-skb.patch kpatch-description: ipv4: Fix uninit-value access in __ip_make_skb() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36927 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36927 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fc1092f51567277509563800a3c56732070b6aa4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36901-ipv6-prevent-null-dereference-in-ip6-output.patch kpatch-description: ipv6: prevent NULL dereference in ip6_output() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36901 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36901 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4db783d68b9b39a411a96096c10828ff5dfada7a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36917-block-fix-overflow-in-blk_ioctl_discard.patch kpatch-description: block: fix overflow in blk_ioctl_discard() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36917 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36917 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36933-nsh-restore-skb-protocol-data-mac-header-for-outer-header-in-nsh-gso-segment.patch kpatch-description: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36933 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36933 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4b911a9690d72641879ea6d13cce1de31d346d79 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36902-ipv6-fib6_rules-avoid-possible-NULL-dereference-in-fib6_rule_action.patch kpatch-description: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36902 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36902 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d101291b2681e5ab938554e3e323f7a7ee33e3aa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26612-netfs-fscache-prevent-oops-in-fscache-put-cache.patch kpatch-description: netfs, fscache: Prevent Oops in fscache_put_cache() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26612 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26612 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3be0b3ed1d76c6703b9ee482b55f7e01c369cc68 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26601-ext4-regenerate-buddy-after-block-freeing-failed-if-under-fc-replay.patch kpatch-description: ext4: regenerate buddy after block freeing failed if under fc replay kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26601 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26601 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c9b528c35795b711331ed36dc3dbee90d5812d4e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47384-hwmon-w83793-Fix-NULL-pointer-dereference-by-removing-unnecessary-structure-field.patch kpatch-description: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47384 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47384 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dd4d747ef05addab887dc8ff0d6ab9860bbcd783 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47384-hwmon-w83793-Fix-NULL-pointer-dereference-by-removing-unnecessary-structure-field-kpatch.patch kpatch-description: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47384 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47384 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dd4d747ef05addab887dc8ff0d6ab9860bbcd783 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-0340-vhost-use-kzalloc-instead-of-kmalloc-followed-by-memset.patch kpatch-description: vhost: use kzalloc() instead of kmalloc() followed by memset() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-0340 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-0340 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-1151-net-openvswitch-limit-the-number-of-recursions-from-action-sets.patch kpatch-description: net: openvswitch: limit the number of recursions from action sets kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-1151 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-1151 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6e2f90d31fe09f2b852de25125ca875aabd81367 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-25739-ubi-Check-for-too-small-LEB-size-in-VTBL-code.patch kpatch-description: ubi: Check for too small LEB size in VTBL code kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-25739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-25739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26591-bpf-fix-re-attachment-branch-in-bpf-tracing-prog-attach.patch kpatch-description: bpf: Fix re-attachment branch in bpf_tracing_prog_attach kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26591 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26591 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=715d82ba636cb3629a6e18a33bb9dbe53f9936ee kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26603-x86-fpu-stop-relying-on-userspace-for-info-to-fault-in-xsave-buffer.patch kpatch-description: x86/fpu: Stop relying on userspace for info to fault in xsave buffer kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26603 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26603 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d877550eaf2dc9090d782864c96939397a3c6835 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26614-tcp-make-sure-init-the-accept-queue-s-spinlocks-once.patch kpatch-description: tcp: make sure init the accept_queue's spinlocks once kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26614 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26614 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=198bc90e0e734e5f98c3d2833e8390cac3df61b2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-23848-media-cec-core-avoid-recursive-cec_claim_log_addrs.patch kpatch-description: media: cec: core: avoid recursive cec_claim_log_addrs kpatch kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-23848 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-23848 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47c82aac10a6954d68f29f10d9758d016e8e5af1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-23848-media-cec-core-avoid-recursive-cec_claim_log_addrs-kpatch.patch kpatch-description: media: cec: core: avoid recursive cec_claim_log_addrs kpatch kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-23848 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-23848 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47c82aac10a6954d68f29f10d9758d016e8e5af1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2019-25162-i2c__Fix_a_potential_use_after_free.patch kpatch-description: i2c: Fix a potential use after free kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2019-25162 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-25162 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e4c72c06c367758a14f227c847f9d623f1994ecf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-48672-of-fdt-fix-off-by-one-error-in-unflatten-dt-nodes.patch kpatch-description: of: fdt: fix off-by-one error in unflatten_dt_nodes() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-48672 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48672 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2f945a792f67815abca26fa8a5e863ccf3fa1181 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52445-media-pvrusb2-fix-use-after-free-on-context-disconnection.patch kpatch-description: media: pvrusb2: fix use after free on context disconnection kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52445 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52445 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ded85b0c0edd8f45fec88783d7555a5b982449c1 kpatch-name: skipped/CVE-2023-52451.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52451 kpatch-skip-reason: Out of scope as the patch is for powerpc arch only, x86_64 is not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-36932.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36932 kpatch-skip-reason: Kernel versions older than 5.14.0-503.11.1.el9_5 are not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52464-edac-thunderx-fix-possible-out-of-bounds-string-access.patch kpatch-description: EDAC/thunderx: Fix possible out-of-bounds string access kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52464 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52464 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=475c58e1a471e9b873e3e39958c64a2d278275c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26882-net-ip-tunnel-make-sure-to-pull-inner-header-in-ip-tunnel-rcv.patch kpatch-description: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26882 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26882 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b0ec2abf98267f14d032102551581c833b0659d3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-23307-md-raid5-fix-atomicity-violation-in-raid5_cache_count.patch kpatch-description: md/raid5: fix atomicity violation in raid5_cache_count kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-23307 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-23307 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dfd2bf436709b2bccb78c2dda550dde93700efa7 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26589-bpf-reject-variable-offset-alu-on-ptr-to-flow-keys.patch kpatch-description: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26589 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26589 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22c7fa171a02d310e3a3f6ed46a698ca8a0060ed kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26907-rdma-mlx5-fix-fortify-source-warning-while-accessing-eth-segment.patch kpatch-description: RDMA/mlx5: Fix fortify source warning while accessing Eth segment kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26907 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26907 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4d5e86a56615cc387d21c629f9af8fb0e958d350 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47386-hwmon___w83791d__Fix_NULL_pointer_dereference_by_r.patch kpatch-description: hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47386 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47386 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=943c15ac1b84d378da26bba41c83c67e16499ac4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35801-x86-fpu-keep-xfd-state-in-sync-with-msr-ia32-xfd.patch kpatch-description: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35801 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35801 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=10e4b5166df9ff7a2d5316138ca668b42d004422 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35801-x86-fpu-keep-xfd-state-in-sync-with-msr-ia32-xfd-kpatch.patch kpatch-description: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35801 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35801 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=10e4b5166df9ff7a2d5316138ca668b42d004422 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38627-stm-class-fix-a-double-free-in-stm-register-device.patch kpatch-description: stm class: Fix a double free in stm_register_device() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38627 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38627 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3df463865ba42b8f88a590326f4c9ea17a1ce459 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38555-net-mlx5-discard-command-completions-in-internal-error.patch kpatch-description: net/mlx5: Discard command completions in internal error kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38555 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38555 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=db9b31aa9bc56ff0d15b78f7e827d61c4a096e40 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26934-usb-core-fix-deadlock-in-usb-deauthorize-interface.patch kpatch-description: USB: core: Fix deadlock in usb_deauthorize_interface() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26934 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26934 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=80ba43e9f799cbdd83842fc27db667289b3150f5 kpatch-name: skipped/CVE-2024-39291.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39291 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38581-drm-amdgpu-mes-fix-use-after-free-issue.patch kpatch-description: drm/amdgpu/mes: fix use-after-free issue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38581 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38581 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=948255282074d9367e01908b3f5dcf8c10fc9c3d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40903-usb-typec-tcpm-fix-use-after-free-case-in-tcpm-register-source-caps.patch kpatch-description: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40903 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40903 kpatch-patch-url: https://github.com/torvalds/linux/commit/e7e921918d905544500ca7a95889f898121ba886 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26933-01-USB-core-Add-hub_get-and-hub_put-routines.patch kpatch-description: USB: core: Fix deadlock in port "disable" sysfs attribute kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26933 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26933 kpatch-patch-url: https://github.com/torvalds/linux/commit/ee113b860aa169e9a4d2c167c95d0f1961c6e1b8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26933-02-usb-core-fix-deadlock-in-port-disable-sysfs-attribute.patch kpatch-description: USB: core: Fix deadlock in port "disable" sysfs attribute kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26933 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26933 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f4d1960764d8a70318b02f15203a1be2b2554ca1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39479-drm-i915-hwmon-get-rid-of-devm.patch kpatch-description: USB: core: Fix deadlock in port "disable" sysfs attribute kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39479 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39479 kpatch-patch-url: https://github.com/torvalds/linux/commit/5bc9de065b8bb9b8dd8799ecb4592d0403b54281 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40906-net-mlx5-always-stop-health-timer-during-driver-removal.patch kpatch-description: net/mlx5: Always stop health timer during driver removal kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40906 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40906 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c8b3f38d2dae0397944814d691a419c451f9906f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41039-firmware-cs-dsp-fix-overflow-checking-of-wmfw-header.patch kpatch-description: firmware: cs_dsp: Fix overflow checking of wmfw header kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41039 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41039 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3019b86bce16fbb5bc1964f3544d0ce7d0137278 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41039-firmware-cs-dsp-fix-overflow-checking-of-wmfw-header-kpatch.patch kpatch-description: firmware: cs_dsp: Fix overflow checking of wmfw header (adaptation) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41039 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41039 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3019b86bce16fbb5bc1964f3544d0ce7d0137278 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41049-filelock-fix-potential-use-after-free-in-posix-lock-inode.patch kpatch-description: filelock: fix potential use-after-free in posix_lock_inode kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41049 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41049 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41092-drm-i915-gt-fix-potential-uaf-by-revoke-of-fence-registers.patch kpatch-description: drm/i915/gt: Fix potential UAF by revoke of fence registers kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41092 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41092 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=996c3412a06578e9d779a16b9e79ace18125ab50 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42159-scsi-mpi3mr-sanitise-num-phys.patch kpatch-description: scsi: mpi3mr: Sanitise num_phys kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42159 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42159 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3668651def2c1622904e58b0280ee93121f2b10b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42228-drm-amdgpu-using-uninitialized-value-size-when-calling-amdgpu-vce-cs-reloc.patch kpatch-description: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42228 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42228 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=88a9a467c548d0b3c7761b4fd54a68e70f9c0944 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42271-net-iucv-fix-use-after-free-in-iucv-sock-close.patch kpatch-description: net/iucv: fix use after free in iucv_sock_close() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42271 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42271 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f558120cd709682b739207b48cf7479fd9568431 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42301-dev-parport-fix-the-array-out-of-bounds-risk.patch kpatch-description: dev/parport: fix the array out-of-bounds risk kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42301 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42301 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ab11dac93d2d568d151b1918d7b84c2d02bacbd5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43842-wifi-rtw89-fix-array-index-mistake-in-rtw89-sta-info-get-iter.patch kpatch-description: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43842 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43842 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=85099c7ce4f9e64c66aa397cd9a37473637ab891 kpatch-name: skipped/CVE-2023-52606.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52606 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2023-52696.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52696 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2024-26672.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26672 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26815-net-sched-taprio-proper-TCA_TAPRIO_TC_ENTRY_INDEX-check.patch kpatch-description: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26815 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26815 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=343041b59b7810f9cdca371f445dd43b35c740b1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26815-net-sched-taprio-proper-TCA_TAPRIO_TC_ENTRY_INDEX-check-kpatch.patch kpatch-description: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check kpatch kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26815 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26815 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=343041b59b7810f9cdca371f445dd43b35c740b1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35814-minmax-add-umin-a-b-and-umax-a-b.patch kpatch-description: minmax: add umin(a, b) and umax(a, b) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35814 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35814 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=80fcac55385ccb710d33a20dc1caaef29bd5a921 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35814-swiotlb-fix-double-allocation-of-slots-due-to-broken-alignment-handling.patch kpatch-description: swiotlb: Fix double-allocation of slots due to broken alignment handling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35814 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35814 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=04867a7a33324c9c562ee7949dbcaab7aaad1fb4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36030-octeontx2-af-fix-the-double-free-in-rvu-npc-freemem.patch kpatch-description: octeontx2-af: fix the double free in rvu_npc_freemem() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36030 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36030 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6e965eba43e9724f3e603d7b7cc83e53b23d155e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36955-alsa-hda-intel-sdw-acpi-fix-usage-of-device-get-named-child-node.patch kpatch-description: ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36955 kpatch-cvss: 7.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36955 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c158cf914713efc3bcdc25680c7156c48c12ef6a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39471-drm-amdgpu-add-error-handle-to-avoid-out-of-bounds.patch kpatch-description: drm/amdgpu: add error handle to avoid out-of-bounds kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39471 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39471 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8b2faf1a4f3b6c748c0da36cda865a226534d520 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39471-drm-amdgpu-fix-signedness-bug-in-sdma_v4_0_process_trap_irq.patch kpatch-description: drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39471 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39471 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6769a23697f17f9bf9365ca8ed62fe37e361a05a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39486-drm-drm_file-fix-pid-refcounting-race.patch kpatch-description: drm/drm_file: Fix pid refcounting race kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39486 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39486 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4f2a129b33a2054e62273edd5a051c34c08d96e9 kpatch-name: skipped/CVE-2024-43888.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-43888 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: skipped/CVE-2021-47428.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-47428 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2021-47429.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-47429 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2021-47454.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-47454 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2022-48669.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-48669 kpatch-skip-reason: Out of scope as the patch is for powerpc arch only, x86_64 is not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47432-include-linux-generic-radix-tree-h-replace-kernel-h-with-the-necessary-inclusions.patch kpatch-description: include/linux/generic-radix-tree.h: replace kernel.h with the necessary inclusions kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47432 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47432 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9492261ff2460252cf2d8de89cdf854c7e2b28a0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47432-lib-generic-radix-tree-c-don-t-overflow-in-peek.patch kpatch-description: lib/generic-radix-tree.c: Don't overflow in peek() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47432 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47432 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9492261ff2460252cf2d8de89cdf854c7e2b28a0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47457-can-isotp-isotp-sendmsg-add-result-check-for-wait-event-interruptible.patch kpatch-description: can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47457 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47457 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9acf636215a6ce9362fe618e7da4913b8bfe84c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47457-can-isotp-isotp_sendmsg-fix-TX-buffer-concurrent-access.patch kpatch-description: can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47457 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47457 kpatch-patch-url: https://github.com/torvalds/linux/commit/43a08c3bdac4cb42eff8fe5e2278bffe0c5c3daa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47457-kpatch.patch kpatch-description: can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47457 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47457 kpatch-patch-url: https://github.com/torvalds/linux/commit/43a08c3bdac4cb42eff8fe5e2278bffe0c5c3daa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47457-can-isotp-fix-error-path-in-isotp_sendmsg-to-unlock-wait-queue.patch kpatch-description: can: isotp: fix error path in isotp_sendmsg() to unlock wait queue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47457 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47457 kpatch-patch-url: https://github.com/torvalds/linux/commit/8375dfac4f683e1b2c5956d919d36aeedad46699 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47495-usbnet-sanity-check-for-maxpacket.patch kpatch-description: usbnet: sanity check for maxpacket kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47495 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47495 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=397430b50a363d8b7bdda00522123f82df6adc5e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47497-nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-cells.patch kpatch-description: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47497 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47497 kpatch-patch-url: https://github.com/torvalds/linux/commit/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26618-arm64-sme-Always-exit-sme_alloc-early-with-existing-storage.patch kpatch-description: arm64/sme: Always exit sme_alloc() early with existing kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26618 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26618 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47098-hwmon-lm90-prevent-integer-overflow-underflow-in-hysteresis-calculations.patch kpatch-description: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47098 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47098 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55840b9eae5367b5d5b29619dc2fb7e4596dba46 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47101-asix-fix-uninit-value-in-asix_mdio_read.patch kpatch-description: asix: fix uninit-value in asix_mdio_read() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47101 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47101 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8035b1a2a37a29d8c717ef84fca8fe7278bc9f03 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26924-netfilter-nft-set-pipapo-do-not-free-live-element.patch kpatch-description: netfilter: nft_set_pipapo: do not free live element kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26924 kpatch-cvss: 5.9 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26924 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26894-acpi-processor-idle-fix-memory-leak-in-acpi-processor-power-exit.patch kpatch-description: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26894 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26894 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e18afcb7b2a12b635ac10081f943fcf84ddacc51 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52834-atl1c-Work-around-the-DMA-RX-overflow-issue.patch kpatch-description: atl1c: Work around the DMA RX overflow issue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52834 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52834 kpatch-patch-url: https://git.kernel.org/linus/86565682e9053e5deb128193ea9e88531bbae9cf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52834-atl1c-Work-around-the-DMA-RX-overflow-issue-kpatch.patch kpatch-description: atl1c: Work around the DMA RX overflow issue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52834 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52834 kpatch-patch-url: https://git.kernel.org/linus/86565682e9053e5deb128193ea9e88531bbae9cf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41057-netfs-fscache-export-fscache_put_volume-and-add-fsca.patch kpatch-description: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41057 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41057 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=85b08b31a22b481ec6528130daf94eee4452e23f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41057-cachefiles-fix-slab-use-after-free-in-cachefiles-withdraw-cookie.patch kpatch-description: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41057 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41057 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5d8f805789072ea7fd39504694b7bd17e5f751c4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41058-cachefiles-fix-slab-use-after-free-in-fscache-withdraw-volume.patch kpatch-description: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41058 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41058 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=522018a0de6b6fcce60c04f86dfc5f0e4b6a1b36 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41058-cachefiles-fix-slab-use-after-free-in-fscache-withdraw-volume-kpatch.patch kpatch-description: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41058 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41058 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=522018a0de6b6fcce60c04f86dfc5f0e4b6a1b36 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26890-bluetooth-btrtl-fix-out-of-bounds-memory-access.patch kpatch-description: Bluetooth: btrtl: fix out of bounds memory access kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26890 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26890 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=de4e88ec58c4202efd1f02eebb4939bbf6945358 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26890-bluetooth-btrtl-fix-out-of-bounds-memory-access-kpatch.patch kpatch-description: Bluetooth: btrtl: fix out of bounds memory access kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26890 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26890 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=de4e88ec58c4202efd1f02eebb4939bbf6945358 kpatch-name: skipped/CVE-2023-52482.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52482 kpatch-skip-reason: CVE patch is for AMD Inception vulnerability related to Speculative Return Stack Overflow (SRSO) kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52475-Input-powermate-fix-use-after-free-in-powermate_conf.patch kpatch-description: Input: powermate - fix use-after-free in powermate_config_complete kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52475 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52475 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c15c60e7be615f05a45cd905093a54b11f461bc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-24857-bluetooth-fix-toctou-in-hci-debugfs-implementation.patch kpatch-description: Bluetooth: Fix TOCTOU in HCI debugfs implementation kpatch-kernel: 4.18.0-553.27.1.el8_10 kpatch-cve: CVE-2024-24857 CVE-2024-24858 CVE-2024-24859 kpatch-cvss: 6.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-24857 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-24858 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-24859 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7835fcfd132eb88b87e8eb901f88436f63ab60f7 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35976-xsk-validate-user-input-for-xdp-umem-completion-fill-ring.patch kpatch-description: xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35976 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35976 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=237f3cf13b20db183d3706d997eedc3c49eacd44 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35853-mlxsw-spectrum-acl-tcam-fix-memory-leak-during-rehash.patch kpatch-description: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35853 kpatch-cvss: 6.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35853 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8ca3f7a7b61393804c46f170743c3b839df13977 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41012-filelock-remove-locks-reliably-when-fcntl-close-race-is-detected.patch kpatch-description: filelock: Remove locks reliably when fcntl/close race is detected kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41012 kpatch-cvss: 6.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41012 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3cad1bc010416c6dd780643476bc59ed742436b9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-22099-bluetooth-rfcomm-fix-null-ptr-deref-in-rfcomm-check-security.patch kpatch-description: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-22099 CVE-2024-26903 kpatch-cvss: 6.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-22099 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2535b848fa0f42ddff3e5255cf5e742c9b77bb26 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-22099-Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_security-kpatch.patch kpatch-description: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-22099 CVE-2024-26903 kpatch-cvss: 6.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-22099 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2535b848fa0f42ddff3e5255cf5e742c9b77bb26 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26759-mm-swap-fix-race-when-skipping-swapcache.patch kpatch-description: mm/swap: fix race when skipping swapcache kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26759 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26759 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=13ddaf26be324a7f951891ecd9ccd04466d27458 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26761-cxl-pci-Fix-disabling-memory-if-DVSEC-CXL-Range-does.patch kpatch-description: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26761 kpatch-cvss: 5.5 kpatch-cve-url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-26761 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2cc1a530ab31c65b52daf3cb5d0883c8b614ea69 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26767-drm-amd-display-fixed-integer-types-and-null-check-l.patch kpatch-description: drm/amd/display: fixed integer types and null check locations kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26767 kpatch-cvss: 5.5 kpatch-cve-url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-26767 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0484e05d048b66d01d1f3c1d2306010bb57d8738 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26772-ext4-avoid-allocating-blocks-from-corrupted-group.patch kpatch-description: ext4: avoid allocating blocks from corrupted group kpatch-kernel: 4.18.0-553.16.1.el8_10 kpatch-cve: CVE-2024-26772 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26772 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=832698373a25950942c04a512daa652c18a9b513 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26774-ext4-avoid-dividing-by-0-in-mb-update-avg-fragment-size.patch kpatch-description: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26774 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26774 kpatch-patch-url: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=d75e5980e9baa1593477425fd71bf3a05b6326e9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26782-mptcp-fix-double-free-on-socket-dismantle.patch kpatch-description: mptcp: fix double-free on socket dismantle kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26782 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26782 kpatch-patch-url: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=bddc3abf4b9a9c710e93f3674a8614fa2f4f84a4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26785-iommufd-Fix-protection-fault-in-iommufd_test_syz_con.patch kpatch-description: iommufd: Fix protection fault in iommufd_test_syz_conv_iova kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26785 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26785 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf7c2789822db8b5efa34f5ebcf1621bc0008d48 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26786-iommufd-Fix-iopt_access_list_id-overwrite-bug.patch kpatch-description: iommufd: Fix iopt_access_list_id overwrite bug kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26786 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26786 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeb004c0cd6958e910123a1607634401009c9539 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26803-net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch kpatch-description: net: veth: clear GRO when clearing XDP even when down MIME-Version: 1.0 kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26803 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26803 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7985d73961bbb4e726c1be7b9cd26becc7be8325 kpatch-name: skipped/CVE-2023-52683.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52683 kpatch-skip-reason: Out of scope: boot time issue kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52676-bpf-guard-stack-limits-against-32bit-overflow.patch kpatch-description: bpf: Guard stack limits against 32bit overflow kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52676 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52676 kpatch-patch-url: https://github.com/torvalds/linux/commit/1d38a9ee81570c4bd61f557832dead4d6f816760 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52679-of-fix-double-free-in-of_parse_phandle_with_args_map.patch kpatch-description: of: Fix double free in of_parse_phandle_with_args_map kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52679 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52679 kpatch-patch-url: https://github.com/torvalds/linux/commit/4dde83569832f9377362e50f7748463340c5db6b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52674-ALSA-scarlett2-Add-clamp-in-scarlett2_mixer_ctl_put.patch kpatch-description: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52674 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52674 kpatch-patch-url: https://github.com/torvalds/linux/commit/04f8f053252b86c7583895c962d66747ecdc61b7 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52680-ALSA-scarlett2-Add-missing-error-checks-to-_ctl_get.patch kpatch-description: ALSA: scarlett2: Add missing error checks to *_ctl_get() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52680 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52680 kpatch-patch-url: https://github.com/torvalds/linux/commit/50603a67daef161c78c814580d57f7f0be57167e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52659-x86-mm-ensure-input-to-pfn-to-kaddr-is-treated-as-a-64-bit.patch kpatch-description: x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52659 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52659 kpatch-patch-url: https://github.com/torvalds/linux/commit/8e5647a723c49d73b9f108a8bb38e8c29d3948ea kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52664-net-atlantic-eliminate-double-free-in-error-handling-logic.patch kpatch-description: net: atlantic: eliminate double free in error handling logic kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52664 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52664 kpatch-patch-url: https://github.com/torvalds/linux/commit/b3cb7a830a24527877b0bc900b9bd74a96aea928 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52662-drm-vmwgfx-fix-a-memleak-in-vmw_gmrid_man_get_node.patch kpatch-description: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52662 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52662 kpatch-patch-url: https://github.com/torvalds/linux/commit/89709105a6091948ffb6ec2427954cbfe45358ce kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52663-asoc-sof-amd-fix-memory-leak-in-amd-sof-acp-probe.patch kpatch-description: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52663 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52663 kpatch-patch-url: https://github.com/torvalds/linux/commit/222be59e5eed1554119294edc743ee548c2371d0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52661-01-drm-tegra-rgb-Fix-some-error-handling-paths-in-tegra_dc_rgb_probe.patch kpatch-description: drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52661 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52661 kpatch-patch-url: https://github.com/torvalds/linux/commit/bc456b5d93dbfdbd89f2a036f4f3d8026595f9e4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52661-02-drm-tegra-rgb-fix-missing-clk-put-in-the-error-handling.patch kpatch-description: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52661 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52661 kpatch-patch-url: https://github.com/torvalds/linux/commit/45c8034db47842b25a3ab6139d71e13b4e67b9b3 kpatch-name: skipped/CVE-2024-26712.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26712 kpatch-skip-reason: Do not support powerpc build with kasan sanitizer 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26743-rdma-qedr-fix-qedr-create-user-qp-error-flow.patch kpatch-description: RDMA/qedr: Fix qedr_create_user_qp error flow kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26743 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26743 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5ba4e6d5863c53e937f49932dee0ecb004c65928 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26717-hid-i2c-hid-of-fix-null-deref-on-failed-power-up.patch kpatch-description: HID: i2c-hid-of: fix NULL-deref on failed power up kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26717 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26717 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=00aab7dcb2267f2aef59447602f34501efe1a07f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26717-hid-i2c-hid-of-fix-null-deref-on-failed-power-up-kpatch.patch kpatch-description: HID: i2c-hid-of: fix NULL-deref on failed power up kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26717 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26717 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=00aab7dcb2267f2aef59447602f34501efe1a07f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26744-rdma-srpt-support-specifying-the-srpt-service-guid-kpatch.patch kpatch-description: RDMA/srpt: Support specifying the srpt_service_guid kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26744 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26744 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=fdfa083549de5d50ebf7f6811f33757781e838c0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26733-arp-prevent-overflow-in-arp-req-get.patch kpatch-description: arp: Prevent overflow in arp_req_get(). kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26733 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26733 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a7d6027790acea24446ddd6632d394096c0f4667 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26758-md-don-t-ignore-suspended-array-in-md-check-recovery.patch kpatch-description: md: Don't ignore suspended array in md_check_recovery() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26758 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26758 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1baae052cccd08daf9a9d64c3f959d8cdb689757 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26740-net-sched-act-mirred-use-the-backlog-for-mirred-ingress-427.35.patch kpatch-description: net/sched: act_mirred: use the backlog for mirred ingress kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26740 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26740 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=52f671db18823089a02f07efc04efdb2272ddc17 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26757-md-don-t-ignore-read-only-array-in-md-check-recovery.patch kpatch-description: md: Don't ignore read-only array in md_check_recovery() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26757 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26757 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55a48ad2db64737f7ffc0407634218cc6e4c513b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-48804-vt-ioctl-fix-array-index-nospec-in-vt-setactivate.patch kpatch-description: vt_ioctl: fix array_index_nospec in vt_setactivate kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-48804 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48804 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=61cc70d9e8ef5b042d4ed87994d20100ec8896d9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52473-thermal-core-fix-null-pointer-dereference-in-zone-registration-error-path.patch kpatch-description: thermal: core: Fix NULL pointer dereference in zone registration error path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52473 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52473 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=04e6ccfc93c5a1aa1d75a537cf27e418895e20ea kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52501-ring-buffer-do-not-attempt-to-read-past-commit.patch kpatch-description: ring-buffer: Do not attempt to read past "commit" kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52501 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52501 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=95a404bd60af6c4d9d8db01ad14fe8957ece31ca kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-48703-thermal-int340x-thermal-handle-data-vault-when-the-value-is-zero-size-ptr.patch kpatch-description: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-48703 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48703 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7931e28098a4c1a2a6802510b0cbe57546d2049d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52462-bpf-fix-check-for-attempt-to-corrupt-spilled-pointer.patch kpatch-description: bpf: fix check for attempt to corrupt spilled pointer kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52462 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52462 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ab125ed3ec1c10ccc36bc98c7a4256ad114a3dae kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52467-mfd-syscon-fix-null-pointer-dereference-in-of-syscon-register.patch kpatch-description: mfd: syscon: Fix null pointer dereference in of_syscon_register() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52467 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52467 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=41673c66b3d0c09915698fec5c13b24336f18dd1 kpatch-name: skipped/CVE-2023-52490.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52490 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52520-platform-x86-think-lmi-fix-reference-leak.patch kpatch-description: platform/x86: think-lmi: Fix reference leak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52520 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52520 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=124cf0ea4b82e1444ec8c7420af4e7db5558c293 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52585-drm-amdgpu-fix-possible-null-dereference-in.patch kpatch-description: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52585 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52585 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b8d55a90fd55b767c25687747e2b24abd1ef8680 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52762-virtio-blk-fix-implicit-overflow-on-virtio-max-dma-size.patch kpatch-description: virtio-blk: fix implicit overflow on virtio_max_dma_size kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52762 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52762 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fafb51a67fb883eb2dde352539df939a251851be kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52784-bonding-stop-the-device-in-bond-setup-by-slave.patch kpatch-description: bonding: stop the device in bond_setup_by_slave() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52784 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52784 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3cffa2ddc4d3fcf70cde361236f5a614f81a09b2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52751-smb-client-fix-use-after-free-in-smb2-query-info-compound.patch kpatch-description: smb: client: fix use-after-free in smb2_query_info_compound() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52751 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52751 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c86919455c1edec99ebd3338ad213b59271a71b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52791-i2c-core-run-atomic-i2c-xfer-when-preemptible.patch kpatch-description: i2c: core: Run atomic i2c xfer when !preemptible kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52791 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52791 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aa49c90894d06e18a1ee7c095edbd2f37c232d02 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52791-i2c-core-fix-atomic-xfer-check-for-non-preempt-config.patch kpatch-description: i2c: core: Fix atomic xfer check for non-preempt config kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52791 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52791 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aa49c90894d06e18a1ee7c095edbd2f37c232d02 kpatch-name: skipped/CVE-2023-52756.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52756 kpatch-skip-reason: Bug doesn't hit as enum values are just shifted numbers kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52813-crypto-pcrypt-fix-hungtask-for-padata-reset.patch kpatch-description: crypto: pcrypt - Fix hungtask for PADATA_RESET kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52813 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52813 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8f4f68e788c3a7a696546291258bfa5fdb215523 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52811-scsi-ibmvfc-remove-bug-on-in-the-case-of-an-empty-event-pool.patch kpatch-description: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52811 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52811 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b39f2d10b86d0af353ea339e5815820026bca48f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52775-net-smc-avoid-data-corruption-caused-by-decline.patch kpatch-description: net/smc: avoid data corruption caused by decline kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52775 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52775 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e6d71b437abc2f249e3b6a1ae1a7228e09c6e563 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52831-cpu-hotplug-prevent-self-deadlock-on-cpu-hot-unplug.patch kpatch-description: cpu/hotplug: Prevent self deadlock on CPU hot-unplug kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52831 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52831 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=38685e2a0476127db766f81b1c06019ddc4c9ffa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52831-cpu-hotplug-don-t-offline-the-last-non-isolated-cpu.patch kpatch-description: cpu/hotplug: Don't offline the last non-isolated CPU kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52831 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52831 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=38685e2a0476127db766f81b1c06019ddc4c9ffa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52833-bluetooth-btusb-add-date-evt-skb-is-null-check.patch kpatch-description: Bluetooth: btusb: Add date->evt_skb is NULL check kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52833 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52833 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=624820f7c8826dd010e8b1963303c145f99816e9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52840-input-synaptics-rmi4-fix-use-after-free-in-rmi-unregister-function.patch kpatch-description: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52840 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52840 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=eb988e46da2e4eae89f5337e047ce372fe33d5b1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52859-perf-hisi-Fix-use-after-free-when-register-pmu-fails.patch kpatch-description: perf: hisi: Fix use-after-free when register pmu fails kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52859 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52859 kpatch-patch-url: https://github.com/torvalds/linux/commit/b805cafc604bfdb671fae7347a57f51154afa735 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52869-pstore-platform-add-check-for-kstrdup.patch kpatch-description: pstore/platform: Add check for kstrdup kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52869 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52869 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a19d48f7c5d57c0f0405a7d4334d1d38fe9d3c1c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52878-can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_priv-echo_skb-is-accessed-out-of-bounds.patch kpatch-description: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52878 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52878 kpatch-patch-url: https://github.com/torvalds/linux/commit/6411959c10fe917288cbb1038886999148560057 kpatch-name: skipped/CVE-2023-52902.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52902 kpatch-skip-reason: nommu: kernel is not vulnerable. Commit 8220543("nommu: remove uses of VMA linked list") is absent kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26840-cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch kpatch-description: cachefiles: fix memory leak in cachefiles_add_cache() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26840 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26840 kpatch-patch-url: https://github.com/torvalds/linux/commit/e21a2f17566cbd64926fb8f16323972f7a064444 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26857-geneve__make_sure_to_pull_inner_header_in_geneve_r.patch kpatch-description: geneve: make sure to pull inner header in geneve_rx() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26857 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26857 kpatch-patch-url: https://github.com/torvalds/linux/commit/1ca1ba465e55b9460e4e75dec9fff31e708fec74 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26863-hsr__Fix_uninit-value_access_in_hsr_get_node__.patch kpatch-description: hsr: Fix uninit-value access in hsr_get_node() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26863 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26863 kpatch-patch-url: https://github.com/torvalds/linux/commit/ddbec99f58571301679addbc022256970ca3eac6 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26870-NFSv4_2__fix_nfs4_listxattr_kernel_BUG_at_mm_userc.patch kpatch-description: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26870 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26870 kpatch-patch-url: https://github.com/torvalds/linux/commit/251a658bbfceafb4d58c76b77682c8bf7bcfad65 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26878-quota__Fix_potential_NULL_pointer_dereference.patch kpatch-description: quota: Fix potential NULL pointer dereference kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26878 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26878 kpatch-patch-url: https://github.com/torvalds/linux/commit/d0aa72604fbd80c8aabb46eda00535ed35570f1f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26889-Bluetooth-hci_core-Fix-possible-buffer-overflow.patch kpatch-description: Bluetooth: hci_core: Fix possible buffer overflow kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26889 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26889 kpatch-patch-url: https://github.com/torvalds/linux/commit/81137162bfaa7278785b24c1fd2e9e74f082e8e4 kpatch-name: skipped/CVE-2024-26899.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26899 kpatch-skip-reason: Current kernel is not vulnerable. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26901-do_sys_name_to_handle____use_kzalloc___to_fix_kern.patch kpatch-description: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26901 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26901 kpatch-patch-url: https://github.com/torvalds/linux/commit/3948abaa4e2be938ccdfc289385a27342fb13d43 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26906-x86-sev-es-Allow-copy_from_kernel_nofault-in-earlier-boot.patch kpatch-description: x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26906 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26906 kpatch-patch-url: https://github.com/torvalds/linux/commit/f79936545fb122856bd78b189d3c7ee59928c751 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26906-x86_mm__Disallow_vsyscall_page_read_for_copy_from.patch kpatch-description: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26906 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26906 kpatch-patch-url: https://github.com/torvalds/linux/commit/32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26915-drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch kpatch-description: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26915 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26915 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7330256268664ea0a7dd5b07a3fed363093477dd kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26920-tracing_trigger__Fix_to_return_error_if_failed_to_.patch kpatch-description: tracing/trigger: Fix to return error if failed to alloc snapshot kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26920 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26920 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b5085b5ac1d96ea2a8a6240f869655176ce44197 kpatch-name: skipped/CVE-2024-26921.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26921 kpatch-skip-reason: Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26937-drm-i915-gt-Reset-queue_priority_hint-on-parking.patch kpatch-description: drm/i915/gt: Reset queue_priority_hint on parking kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26937 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26937 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4a3859ea5240365d21f6053ee219bb240d520895 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26938-drm-i915-bios-Tolerate-devdata-NULL-in-intel_bios_encoder_supports_dp_dual_mode.patch kpatch-description: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26938 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26938 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32e39bab59934bfd3f37097d4dd85ac5eb0fd549 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26939-drm-i915-vma-Fix-UAF-on-destroy-against-retire-race.patch kpatch-description: drm/i915/vma: Fix UAF on destroy against retire race kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f3c71b2ded5c4367144a810ef25f998fd1d6c381 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26940-drm-vmwgfx-Create-debugfs-ttm_resource_manager-entry-only-if-needed.patch kpatch-description: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26940 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26940 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4be9075fec0a639384ed19975634b662bfab938f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26950-wireguard__netlink__access_device_through_ctx_inst.patch kpatch-description: wireguard: netlink: access device through ctx instead of peer kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26950 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26950 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26951-wireguard__netlink__check_for_dangling_peer_via_is.patch kpatch-description: wireguard: netlink: check for dangling peer via is_dead instead of empty list kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26951 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26951 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55b6c738673871c9b0edae05d0c97995c1ff08c4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26953-net__esp__fix_bad_handling_of_pages_from_page_pool.patch kpatch-description: net: esp: fix bad handling of pages from page_pool kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26953 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26953 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c3198822c6cb9fb588e446540485669cc81c5d34 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52837-nbd-fix-uaf-in-nbd-open.patch kpatch-description: nbd: fix uaf in nbd_open kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52837 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52837 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=327462725b0f759f093788dfbcb2f1fd132f956b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52837-nbd-fix-uaf-in-nbd-open-kpatch.patch kpatch-description: nbd: fix uaf in nbd_open kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52837 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52837 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=327462725b0f759f093788dfbcb2f1fd132f956b kpatch-name: skipped/CVE-2024-35983.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35983 kpatch-skip-reason: Kernel is not vulnerable: commit f2d5dcb4 is absent. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35946-wifi-rtw89-fix-null-pointer-access-when-abort-scan-pt1.patch kpatch-description: wifi: rtw89: fix null pointer access when abort scan kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35946 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35946 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7e11a2966f51695c0af0b1f976a32d64dee243b2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35946-wifi-rtw89-fix-null-pointer-access-when-abort-scan-pt2.patch kpatch-description: wifi: rtw89: fix null pointer access when abort scan kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35946 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35946 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7e11a2966f51695c0af0b1f976a32d64dee243b2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35947-dyndbg-fix-old-BUG_ON-in-control-parser.patch kpatch-description: dyndbg: fix old BUG_ON in >control parser kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35947 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35947 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35950-drm-client-Fully-protect-modes-with-dev-mode_config-mutex.patch kpatch-description: drm/client: Fully protect modes[] with dev->mode_config.mutex kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35950 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35950 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3eadd887dbac1df8f25f701e5d404d1b90fd0fea kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35959-net-mlx5e-fix-mlx5e-priv-init-cleanup-flow.patch kpatch-description: net/mlx5e: Fix mlx5e_priv_init() cleanup flow kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35959 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35959 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ecb829459a841198e142f72fadab56424ae96519 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35973-geneve-fix-header-validation-in-geneve-6-xmit-skb.patch kpatch-description: geneve: fix header validation in geneve[6]_xmit_skb kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35973 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35973 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d8a6213d70accb403b82924a1c229e733433a5ef kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35973-geneve-Fix-incorrect-inner-network-header-offset-when-innerprotoinherit-is-set.patch kpatch-description: geneve: Fix incorrect inner network header offset when innerprotoinherit is set kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35954 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35954 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c6ae073f5903f6c6439d0ac855836a4da5c0a701 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35973-bareudp-Pull-inner-IP-header-on-xmit.patch kpatch-description: bareudp: Pull inner IP header on xmit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35954 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35954 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c471236b2359e6b27388475dd04fff0a5e2bf922 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35973-vxlan-Pull-inner-IP-header-in-vxlan_xmit_one.patch kpatch-description: vxlan: Pull inner IP header in vxlan_xmit_one() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35954 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35954 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31392048f55f98cb01ca709d32d06d926ab9760a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36031-keys-fix-overwrite-of-key-expiration-on-instantiation.patch kpatch-description: keys: Fix overwrite of key expiration on instantiation kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36031 kpatch-cvss: 9.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36031 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9da27fb65a14c18efd4473e2e82b76b53ba60252 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36896-usb-core-fix-access-violation-during-port-device-removal.patch kpatch-description: USB: core: Fix access violation during port device removal kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36896 kpatch-cvss: 9.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36896 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a4b46d450c49f32e9d4247b421e58083fde304ce kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35854-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free.patch kpatch-description: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35854 kpatch-cvss: 9.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35854 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=54225988889931467a9b55fdbef534079b665519 kpatch-name: skipped/CVE-2024-38605.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-38605 kpatch-skip-reason: Not a bug for a real-life RHEL9 setup kpatch-cvss: kpatch-name: skipped/CVE-2024-26843.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26843 kpatch-skip-reason: EFI Firmware: CVE patch is for EFI firmware which runs at boot time. kpatch-cvss: kpatch-name: skipped/CVE-2024-35957.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35957 kpatch-skip-reason: Kernel is not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-26900.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26900 kpatch-skip-reason: Kernel is not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-36926.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36926 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36905-tcp-defer-shutdown-send-shutdown-for-tcp-syn-recv-sockets.patch kpatch-description: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36905 kpatch-cvss: 9.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=94062790aedb505bdda209b10bea47b294d6394f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26927-asoc-sof-add-some-bounds-checking-to-firmware-data.patch kpatch-description: ASoC: SOF: Add some bounds checking to firmware data kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26927 kpatch-cvss: 8.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26927 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=98f681b0f84cfc3a1d83287b77697679e0398306 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42154-tcp-metrics-validate-source-addr-length-kpatch.patch kpatch-description: tcp_metrics: validate source addr length kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42154 kpatch-cvss: 9.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42154 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=66be40e622e177316ae81717aa30057ba9e61dff kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26707-net-hsr-remove-warn-once-in-send-hsr-supervision-frame.patch kpatch-description: net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26707 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26707 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=37e8c97e539015637cb920d3e6f1e404f707a06e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26679-inet-read-sk-sk-family-once-in-inet-recv-error.patch kpatch-description: inet: read sk->sk_family once in inet_recv_error() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26679 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26679 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=eef00a82c568944f113f2de738156ac591bbd5cd kpatch-name: skipped/CVE-2024-26678.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26678 kpatch-skip-reason: Boot time issue kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26691-kvm-arm64-fix-circular-locking-dependency.patch kpatch-description: KVM: arm64: Fix circular locking dependency kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26691 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26691 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=10c02aad111df02088d1a81792a709f6a7eca6cc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26680-net-atlantic-fix-dma-mapping-for-ptp-hwts-ring.patch kpatch-description: net: atlantic: Fix DMA mapping for PTP hwts ring kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26680 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26680 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e7d3b67630dfd8f178c41fa2217aa00e79a5887 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26686-fs-proc-do_task_stat-move-thread_group_cputime_adjus.patch kpatch-description: fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26686 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26686 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=60f92acb60a989b14e4b744501a0df0f82ef30a3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26686-fs-proc-do-task-stat-use-sig-stats-lock-to-gather-the-threads-children-stats.patch kpatch-description: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26686 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26686 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7601df8031fd67310af891897ef6cc0df4209305 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26704-ext4-fix-double-free-of-blocks-due-to-wrong.patch kpatch-description: ext4: fix double-free of blocks due to wrong kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26704 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26704 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55583e899a5357308274601364741a83e78d6ac4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26700-drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch kpatch-description: drm/amd/display: Fix MST Null Ptr for RV kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26700 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26700 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1b5b72b4d67c1e72c4fc19151fd669acecc92faa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26675-ppp-async-limit-mru-to-64k.patch kpatch-description: ppp_async: limit MRU to 64K kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26675 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26675 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cb88cb53badb8aeb3955ad6ce80b07b598e310b8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52757-smb-client-fix-potential-deadlock-when-releasing-mids.patch kpatch-description: smb: client: fix potential deadlock when releasing mids kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52757 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52757 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/e6dbb199ae1025d695a34ef4f2f87460e06f0c99 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52632-drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch kpatch-description: drm/amdkfd: Fix lock dependency warning with srcu kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52632 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52632 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2a9de42e8d3c82c6990d226198602be44f43f340 kpatch-name: skipped/CVE-2024-36920.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36920 kpatch-skip-reason: Warning fix doesn't worth live-patching kpatch-cvss: kpatch-name: skipped/CVE-2024-36936.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36936 kpatch-skip-reason: Boot time fix cannot be fixed with live-patching kpatch-cvss: kpatch-name: skipped/CVE-2023-52634.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52634 kpatch-skip-reason: The patch for this CVE fixing vulnerability which was introduced in kernel v6.7 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52635-pm-devfreq-synchronize-devfreq-monitor-start-stop.patch kpatch-description: PM / devfreq: Synchronize devfreq_monitor_[start/stop] kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52635 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52635 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aed5ed595960c6d301dcd4ed31aeaa7a8054c0c6 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52648-drm-vmwgfx-unmap-the-surface-before-resetting-it-on-a-plane.patch kpatch-description: drm/vmwgfx: Unmap the surface before resetting it on a plane state state kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52648 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52648 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27571c64f1855881753e6f33c3186573afbab7ba kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52649-drm-vkms-avoid-reading-beyond-lut-array.patch kpatch-description: drm/vkms: Avoid reading beyond LUT array kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52649 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52649 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2fee84030d12d9fddfa874e4562d71761a129277 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52650-drm-tegra-dsi-add-missing-check-for-of-find-device-by-node.patch kpatch-description: drm/tegra: dsi: Add missing check for of_find_device_by_node kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52650 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52650 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=afe6fcb9775882230cd29b529203eabd5d2a638d kpatch-name: skipped/CVE-2023-52619.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52619 kpatch-skip-reason: Complex adaptation required. x86 and amd64 architectures are not affected. Issues triggers while dumping after another crash. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52731-fbdev-fix-invalid-page-access-after-closing-deferred-i-o-devices.patch kpatch-description: fbdev: Fix invalid page access after closing deferred I/O devices kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52731 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52731 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3efc61d95259956db25347e2a9562c3e54546e20 kpatch-name: skipped/CVE-2023-52686.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52686 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2023-52740.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52740 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2023-52690.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52690 kpatch-skip-reason: Out of scope as the patch is for powerpc arch only kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52730-mmc-sdio-fix-possible-resource-leaks-in-some-error-paths.patch kpatch-description: mmc: sdio: fix possible resource leaks in some error paths kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52730 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52730 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=605d9fb9556f8f5fb4566f4df1480f280f308ded kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52703-net-usb-kalmia-don-t-pass-act-len-in-usb-bulk-msg-error-path.patch kpatch-description: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52703 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52703 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c68f345b7c425b38656e1791a0486769a8797016 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52697-ASoC-Intel-sof_sdw_rt_sdca_jack_common-ctx-headset_codec_dev-NULL.patch kpatch-description: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52697 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52697 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/e502cdeaace02eccacb616335769bdf7cb586b7d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52698-calipso-fix-memory-leak-in-netlbl_calipso_add_pass.patch kpatch-description: calipso: fix memory leak in netlbl_calipso_add_pass() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52698 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52698 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/6706598da43cfbde852754274549717cc558d1dd kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52689-alsa-scarlett2-add-missing-mutex-lock-around-get-meter-levels.patch kpatch-description: ALSA: scarlett2: Add missing mutex lock around get meter levels kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52689 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52689 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=993f7b42fa066b055e3a19b7f76ad8157c0927a0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26958-nfs-fix-UAF-in-direct-writes.patch kpatch-description: nfs: fix UAF in direct writes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26958 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26958 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=17f46b803d4f23c66cacce81db35fef3adb8f2af kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26958-nfs-fix-UAF-in-direct-writes-kpatch.patch kpatch-description: nfs: fix UAF in direct writes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26958 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26958 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=17f46b803d4f23c66cacce81db35fef3adb8f2af kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26960-mm-swap-fix-race-between-free_swap_and_cache-and-swa.patch kpatch-description: mm: swap: fix race between free_swap_and_cache() and swapoff() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26960 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26960 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=82b1c07a0af603e3c47b906c8e991dc96f01688e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26964-usb-xhci-Add-error-handling-in-xhci_map_urb_for_dma.patch kpatch-description: usb: xhci: Add error handling in xhci_map_urb_for_dma kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26964 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26964 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=be95cc6d71dfd0cba66e3621c65413321b398052 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26973-fat-fix-uninitialized-field-in-nostale-filehandles.patch kpatch-description: fat: fix uninitialized field in nostale filehandles kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26973 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26973 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fde2497d2bc3a063d8af88b258dbadc86bd7b57c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26975-powercap-intel_rapl-Fix-a-NULL-pointer-dereference.patch kpatch-description: powercap: intel_rapl: Fix a NULL pointer dereference kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26975 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26975 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2d1f5006ff95770da502f8cee2a224a1ff83866e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26984-nouveau-fix-instmem-race-condition-around-ptr-stores.patch kpatch-description: nouveau: fix instmem race condition around ptr stores kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26984 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26984 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fff1386cc889d8fb4089d285f883f8cba62d82ce kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26987-mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch kpatch-description: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26987 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26987 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1983184c22dd84a4d95a71e5c6775c2638557dc7 kpatch-name: skipped/CVE-2024-26988.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26988 kpatch-skip-reason: Out of scope as the patch is for vmlinux init sections which are discarded after the boot kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26989-arm64-hibernate-Fix-level3-translation-fault-in-swsusp_save.patch kpatch-description: arm64: hibernate: Fix level3 translation fault in swsusp_save() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26989 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26989 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=50449ca66cc5a8cbc64749cf4b9f3d3fc5f4b457 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27025-nbd-null-check-for-nla-nest-start.patch kpatch-description: nbd: null check for nla_nest_start kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27025 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27025 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d kpatch-name: skipped/CVE-2024-27023.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-27023 kpatch-skip-reason: Fix commit isn't present kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27389-pstore-inode-only-d-invalidate-is-needed.patch kpatch-description: pstore: inode: Only d_invalidate() is needed kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27389 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27389 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a43e0fc5e9134a46515de2f2f8d4100b74e50de3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27038-clk-Fix-clk_core_get-NULL-dereference.patch kpatch-description: clk: Fix clk_core_get NULL dereference kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27038 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27038 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/ad3c36556614598882f9bfd24e917e329ca5f761 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27042-drm-amdgpu-Fix-potential-out-of-bounds-access-in-amdgpu_discovery_reg_base_init.patch kpatch-description: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27042 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27042 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8db10cee51e3e11a6658742465edc21986cf1e8d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27048-wifi-brcm80211-handle-pmk_op-allocation-failure.patch kpatch-description: wifi: brcm80211: handle pmk_op allocation failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27048 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27048 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/2ea4ff826876e4cd799a7df1e410bc9e6e7adb2c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27057-ASoC-SOF-ipc4-pcm-Workaround-for-crashed-firmware-on-system-suspend.patch kpatch-description: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27057 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27057 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/9fdefb89decb48ec0dd19c899c2c43e0094afc44 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27395-net-openvswitch-fix-use-after-free-in-ovs-ct-exit.patch kpatch-description: net: openvswitch: Fix Use-After-Free in ovs_ct_exit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27395 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27395 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9048616553c65e750d43846f225843ed745ec0d4 kpatch-name: skipped/CVE-2024-27404.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-27404 kpatch-skip-reason: Complex adaptation required. Network services prevents update because they can sleep in subflow_finish_connect() function. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27410-wifi-nl80211-reject-iftype-change-with-mesh-ID-chang.patch kpatch-description: wifi: nl80211: reject iftype change with mesh ID change kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27410 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27410 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=063715c33b4c37587aeca2c83cf08ead0c542995 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27414-rtnetlink-fix-error-logic-of-IFLA_BRIDGE_FLAGS-writing-back.patch kpatch-description: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27414 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27414 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a1227b27fcccc99dc44f912b479e01a17e2d7d31 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35787-md-md-bitmap-fix-incorrect-usage-for-sb_index.patch kpatch-description: md/md-bitmap: fix incorrect usage for sb_index kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35787 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35787 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=736ad6c577a367834118f57417038d45bb5e0a31 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35795-drm-amdgpu-fix-deadlock-while-reading-mqd-from-debugfs.patch kpatch-description: drm/amdgpu: fix deadlock while reading mqd from debugfs kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35795 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35795 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=197f6d6987c55860f6eea1c93e4f800c59078874 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27431-cpumap-Zero-initialise-xdp_rxq_info-struct-before-running-xdp-program.patch kpatch-description: cpumap: Zero-initialise xdp_rxq_info struct before running kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27431 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27431 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f0363af9619c77730764f10360e36c6445c12f7b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27436-ALSA-usb-audio-Stop-parsing-channels-bits-when-all-channels.patch kpatch-description: ALSA: usb-audio: Stop parsing channels bits when all channels kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27436 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27436 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9af1658ba293458ca6a13f70637b9654fa4be064 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-31076-genirq-cpuhotplug-x86-vector-Prevent-vector-leak-during-CPU-offline.patch kpatch-description: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-31076 kpatch-cvss: 5.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-31076 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9eeda3e0071a329af1eba15f4e57dc39576bb420 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26976-kvm-always-flush-async-pf-workqueue-when-vcpu-is-being-destroyed.patch kpatch-description: KVM: Always flush async #PF workqueue when vCPU is being destroyed kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26976 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26976 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d75b8aa5c29058a512db29da7cbee8052724157 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26976-kvm-always-flush-async-pf-workqueue-when-vcpu-is-being-destroyed-kpatch.patch kpatch-description: KVM: Always flush async #PF workqueue when vCPU is being destroyed kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26976 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26976 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d75b8aa5c29058a512db29da7cbee8052724157 kpatch-name: skipped/CVE-2024-35794.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35794 kpatch-skip-reason: Kernel is not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-27079.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-27079 kpatch-skip-reason: Bug triggers in kdump kernel which we don't patch kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26641-ip6-tunnel-make-sure-to-pull-inner-header-in-ip6-tnl-rcv.patch kpatch-description: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26641 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26641 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8d975c15c0cd744000ca386247432d57b21f9df0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26656-drm-amdgpu-fix-use-after-free-bug.patch kpatch-description: drm/amdgpu: fix use-after-free bug kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26656 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22207fd5c80177b860279653d017474b2812af5e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26660-drm-amd-display-implement-bounds-check-for-stream-encoder-creation-in-DCN301.patch kpatch-description: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26660 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26660 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=58fca355ad37dcb5f785d9095db5f748b79c5dc2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26661-drm-amd-display-add-null-test-for-timing-generator-in-dcn21_set_pipe.patch kpatch-description: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26661 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26661 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=66951d98d9bf45ba25acf37fe0747253fafdf298 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26662-drm-amd-display-fix-panel_cntl-could-be-null-in-dcn21_set_backlight_level.patch kpatch-description: drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26662 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26662 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e96fddb32931d007db12b1fce9b5e8e4c080401b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26663-tipc-check-the-bearer-type-before-calling-tipc_udp_nl_bearer_add.patch kpatch-description: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26663 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26663 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3871aa01e1a779d866fa9dfdd5a836f342f4eb87 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26669-net-sched-flower-fix-chain-template-offload-kpatch.patch kpatch-description: net/sched: flower: Fix chain template offload kpatch kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26669 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26669 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32f2a0afa95fae0d1ceec2ff06e0e816939964b8 kpatch-name: skipped/CVE-2024-26674.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26674 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26990-KVM-x86-mmu-Write-protect-L2-SPTEs-in-TDP-MMU-when-clearing-dirty-status.patch kpatch-description: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26990 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26990 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/4d44bfa805835e3c951faf2985249dd01af70c3c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27013-tun-limit-printing-rate-when-illegal-packet-received-by-tun-dev.patch kpatch-description: tun: limit printing rate when illegal packet received by tun dev kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27013 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27013 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/4e933e785236886890959d705f94e30c99775b87 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27015-netfilter-flowtable-incorrect-pppoe-tuple.patch kpatch-description: netfilter: flowtable: incorrect pppoe tuple kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27015 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27015 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/83c2f8f40816ecedf9da8ac3bd803f7261e99594 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35877-x86-mm-pat-fix-vm-pat-handling-in-cow-mappings.patch kpatch-description: x86/mm/pat: fix VM_PAT handling in COW mappings kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35877 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35877 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=04c35ab3bdae7fefbd7c7a7355f29fa03a035221 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35864-smb__client__fix_potential_UAF_in_smb2_is_valid_le.patch kpatch-description: smb: client: fix potential UAF in smb2_is_valid_lease_break() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35864 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35864 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=705c76fbf726c7a2f6ff9143d4013b18daaaebf1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35866-smb-client-fix-potential-uaf-in-cifs-dump-full-key.patch kpatch-description: smb: client: fix potential UAF in cifs_dump_full_key() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35866 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35866 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=58acd1f497162e7d282077f816faa519487be045 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35865-smb-client-fix-potential-uaf-in-smb2-is-valid-oplock-break.patch kpatch-description: smb: client: fix potential UAF in smb2_is_valid_oplock_break() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35865 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35865 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22863485a4626ec6ecf297f4cc0aef709bc862e4#if kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35867-smb__client__fix_potential_UAF_in_cifs_stats_proc_.patch kpatch-description: smb: client: fix potential UAF in cifs_stats_proc_show() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35867 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35867 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0865ffefea197b437ba78b5dd8d8e256253efd65 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35878-of-module-prevent-null-pointer-dereference-in-vsnprintf.patch kpatch-description: of: module: prevent NULL pointer dereference in vsnprintf() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35878 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35878 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a1aa5390cc912934fee76ce80af5f940452fa987 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35872-mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch kpatch-description: mm/secretmem: fix GUP-fast succeeding on secretmem folios kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35872 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35872 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6564b014af92b677c1f07c44d7f5b595d589cf6e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35876-x86-mce-make-sure-to-grab-mce-sysfs-mutex-in-set-bank.patch kpatch-description: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35876 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35876 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3ddf944b32f88741c303f0b21459dbb3872b8bc5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35886-ipv6-fix-infinite-recursion-in-fib6-dump-done.patch kpatch-description: ipv6: Fix infinite recursion in fib6_dump_done(). kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35886 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35886 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35888-erspan-make-sure-erspan_base_hdr-is-present-in-skb-h.patch kpatch-description: erspan: make sure erspan_base_hdr is present in skb->head kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35888 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35888 kpatch-patch-url: https://git.kernel.org/stable/c/17af420545a750f763025149fa7b833a4fc8b8f0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35892-net-sched-fix-lockdep-splat-in-qdisc-tree-reduce-backlog.patch kpatch-description: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35892 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35892 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7eb322360b0266481e560d1807ee79e0cef5742b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35894-mptcp-prevent-bpf-accessing-lowat-from-a-subflow-socket.patch kpatch-description: mptcp: prevent BPF accessing lowat from a subflow socket. kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35894 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35894 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fcf4692fa39e86a590c14a4af2de704e1d20a3b5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35900-netfilter-nf-tables-reject-new-basechain-after-table-flag-update.patch kpatch-description: netfilter: nf_tables: reject new basechain after table flag update kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35900 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35900 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=994209ddf4f430946f6247616b2e33d179243769 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35905-bpf-Fix-verification-of-indirect-var-off-stack-access.patch kpatch-description: bpf: Fix verification of indirect var-off stack access kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35905 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a833a17aeac73b33f79433d7cee68d5cafd71e4f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35905-bpf-protect-against-int-overflow-for-stack-access-size.patch kpatch-description: bpf: Protect against int overflow for stack access size kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35905 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ecc6a2101840177e57c925c102d2d29f260d37c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35908-tls-get-psock-ref-after-taking-rxlock-to-avoid-leak.patch kpatch-description: tls: get psock ref after taking rxlock to avoid leak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35908 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35908 kpatch-patch-url: https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35912-wifi-iwlwifi-mvm-rfi-fix-potential-response-leaks.patch kpatch-description: wifi: iwlwifi: mvm: rfi: fix potential response leaks kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35912 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35912 kpatch-patch-url: https://git.kernel.org/stable/c/06a093807eb7b5c5b29b6cff49f8174a4e702341 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35913-wifi-iwlwifi-mvm-pick-the-version-of-SESSION_PROTECT.patch kpatch-description: wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35913 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35913 kpatch-patch-url: https://git.kernel.org/stable/c/bbe806c294c9c4cd1221140d96e5f367673e393a kpatch-name: skipped/CVE-2024-35918.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35918 kpatch-skip-reason: It is not possible to fix this vulnerability using kernel livepatching because it lies below the system call level. kpatch-cvss: kpatch-name: skipped/CVE-2024-38604.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-38604 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: skipped/CVE-2024-38632.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-38632 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38635-soundwire-cadence-fix-invalid-PDI-offset.patch kpatch-description: soundwire: cadence: fix invalid PDI offset kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38635 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38635 kpatch-patch-url: https://github.com/torvalds/linux/commit/8ee1b439b1540ae543149b15a2a61b9dff937d91 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38618-alsa-timer-set-lower-bound-of-start-tick-time.patch kpatch-description: ALSA: timer: Set lower bound of start tick time kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38618 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38618 kpatch-patch-url: https://github.com/torvalds/linux/commit/4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38596-01-af_unix-Fix-data-races-around-sk-sk_shutdown.patch kpatch-description: af_unix: Fix data races around sk->sk_shutdown. kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38596 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38596 kpatch-patch-url: https://github.com/torvalds/linux/commit/e1d09c2c2f5793474556b60f83900e088d0d366d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38596-02-af_unix-Fix-data-races-around-sk-sk_shutdown.patch kpatch-description: af_unix: Fix data races around sk->sk_shutdown. kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38596 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38596 kpatch-patch-url: https://github.com/torvalds/linux/commit/afe8764f76346ba838d4f162883e23d2fcfaa90e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38596-03-af_unix-Fix-data-races-in-unix_stream_sendmsg.patch kpatch-description: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38596 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38596 kpatch-patch-url: https://github.com/torvalds/linux/commit/540bf24fba16b88c1b3b9353927204b4f1074e25 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39276-ext4-fix-mb-cache-entry-s-e-refcnt-leak-in-ext4-xattr-block-cache-find.patch kpatch-description: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39276 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39276 kpatch-patch-url: https://github.com/torvalds/linux/commit/0c0b4a49d3e7f49690a6827a41faeffad5df7e21 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38600-alsa-fix-deadlocks-with-kctl-removals-at-disconnection.patch kpatch-description: ALSA: Fix deadlocks with kctl removals at disconnection kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38600 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38600 kpatch-patch-url: https://github.com/torvalds/linux/commit/87988a534d8e12f2e6fc01fe63e6c1925dc5307c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38629-dmaengine-idxd-Avoid-unnecessary-destruction-of-file_ida.patch kpatch-description: dmaengine: idxd: Avoid unnecessary destruction of file_ida kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38629 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38629 kpatch-patch-url: https://github.com/torvalds/linux/commit/76e43fa6a456787bad31b8d0daeabda27351a480 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38388-alsa-hda-cs-dsp-ctl-use-private-free-for-control-cleanup.patch kpatch-description: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38388 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38388 kpatch-patch-url: https://github.com/torvalds/linux/commit/172811e3a557d8681a5e2d0f871dc04a2d17eb13 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38598-md-fix-resync-softlockup-when-bitmap-size-is-less-than-array-size.patch kpatch-description: md: fix resync softlockup when bitmap size is less than array size kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38598 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38598 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f0e729af2eb6bee9eb58c4df1087f14ebaefe26b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42124-scsi-qedf-make-qedf-execute-tmf-non-preemptible.patch kpatch-description: scsi: qedf: Make qedf_execute_tmf() non-preemptible kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42124 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42124 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0d8b637c9c5eeaa1a4e3dfb336f3ff918eb64fec kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42101-drm-nouveau-fix-null-pointer-dereference-in-nouveau-connector-get-modes.patch kpatch-description: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42101 kpatch-cvss: 5.5 kpatch-cve-url: https://linux.oracle.com/cve/CVE-2024-42101.html kpatch-patch-url: https://github.com/oracle/linux-uek/commit/9e170d4e0426331fba6e136244deffb68f983c09 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42084-ftruncate-pass-a-signed-offset.patch kpatch-description: ftruncate: pass a signed offset kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42084 kpatch-cvss: 5.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42084 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4b8e88e563b5f666446d002ad0dc1e6e8e7102b0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42090-pinctrl-fix-deadlock-in-create-pinctrl-when-handling-eprobe-defer.patch kpatch-description: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42090 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42090 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=adec57ff8e66aee632f3dd1f93787c13d112b7a1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42114-wifi-cfg80211-restrict-nl80211-attr-txq-quantum-values.patch kpatch-description: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42114 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42114 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d1cba2ea8121e7fdbe1328cea782876b1dd80993 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42114-wifi-cfg80211-restrict-nl80211-attr-txq-quantum-values-kpatch.patch kpatch-description: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Adaptation) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42114 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42114 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d1cba2ea8121e7fdbe1328cea782876b1dd80993 kpatch-name: skipped/CVE-2024-42125.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42125 kpatch-skip-reason: kernel version 5.14 not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-42123.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42123 kpatch-skip-reason: kernel version 5.14 not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-42078.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42078 kpatch-skip-reason: kernel version 5.14 not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42132-bluetooth-hci-disallow-setting-handle-bigger-than-hci-conn-handle-max.patch kpatch-description: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42132 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42132 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1cc18c2ab2e8c54c355ea7c0423a636e415a0c23 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42070-netfilter-nf-tables-fully-validate-nft-data-value-on-store-to-data-registers.patch kpatch-description: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42070 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42070 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7931d32955e09d0a11b1fe0b6aac1bfa061c005c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27004-clk-Get-runtime-PM-before-walking-tree-during-disable_unused.patch kpatch-description: clk: Get runtime PM before walking tree during disable_unused kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27004 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-27004 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/b4fcc898eb74b6e01a8191763e3855cd26845358 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27004-clk-Get-runtime-PM-before-walking-tree-during-disable_unused-adapt.patch kpatch-description: clk: Get runtime PM before walking tree during disable_unused kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27004 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-27004 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/b4fcc898eb74b6e01a8191763e3855cd26845358 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26708-mptcp-really-cope-with-fastopen-race.patch kpatch-description: mptcp: really cope with fastopen race kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26708 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26708 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=337cebbd850f94147cee05252778f8f78b8c337f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27003-clk-Get-runtime-PM-before-walking-tree-for-clk_summary.patch kpatch-description: Get runtime PM before walking tree for clk_summaryatch-description: kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27003 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-27003 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/2dc64ff7510173e6992ae33c7c1518559c040a83 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27062-nouveau-lock-the-client-object-tree.patch kpatch-description: nouveau: lock the client object tree kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27062 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b7cc4ff787a572edf2c55caeffaa88cd801eb135 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27062-nouveau-lock-the-client-object-tree-kpatch.patch kpatch-description: nouveau: lock the client object tree kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27062 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b7cc4ff787a572edf2c55caeffaa88cd801eb135 kpatch-name: skipped/CVE-2024-35904.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35904 kpatch-skip-reason: Affects only __init function for a built-in component, so patching will have no effect kpatch-cvss: kpatch-name: skipped/CVE-2024-35859.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35859 kpatch-skip-reason: None of the kernels is affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35835-net-mlx5e-fix-a-double-free-in-arfs-create-groups.patch kpatch-description: net/mlx5e: fix a double-free in arfs_create_groups kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35835 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35835 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3c6d5189246f590e4e1f167991558bdb72a4738b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35840-mptcp-use-option-mptcp-mpj-synack-in-subflow-finish-connect.patch kpatch-description: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35840 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35840 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=be1d9d9d38da922bd4beeec5b6dd821ff5a1dfeb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35855-mlxsw-spectrum-acl-tcam-fix-possible-use-after-free-during-activity-update.patch kpatch-description: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35855 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35855 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35838-wifi-mac80211-fix-potential-sta-link-leak.patch kpatch-description: wifi: mac80211: fix potential sta-link leak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35838 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35838 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b01a74b3ca6fd51b62c67733ba7c3280fa6c5d26 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35847-irqchip-gic-v3-its-prevent-double-free-on-error.patch kpatch-description: irqchip/gic-v3-its: Prevent double free on error kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35847 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35847 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c26591afd33adce296c022e3480dea4282b7ef91 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35831-io_uring-Fix-release-of-pinned-pages-when-__io_uaddr_map-fails.patch kpatch-description: io_uring: Fix release of pinned pages when __io_uaddr_map fails kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35831 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35831 kpatch-patch-url: https://github.com/torvalds/linux/commit/67d1189d1095d471ed7fa426c7e384a7140a5dd7 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26928-smb-client-fix-potential-UAF-in-cifs_debug_files_proc_show.patch kpatch-description: smb: client: fix potential UAF in cifs_debug_files_proc_show() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26928 kpatch-cvss: 5.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26928 kpatch-patch-url: https://github.com/torvalds/linux/commit/ca545b7f0823f19db0f1148d59bc5e1a56634502 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35861-smb-client-fix-potential-uaf-in-cifs-signal-cifsd-for-reconnect.patch kpatch-description: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35861 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35861 kpatch-patch-url: https://github.com/torvalds/linux/commit/e0e50401cc3921c9eaf1b0e667db174519ea939f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35862-smb-client-fix-potential-uaf-in-smb2-is-network-name-deleted.patch kpatch-description: smb: client: fix potential UAF in smb2_is_network_name_deleted() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35862 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35862 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=63981561ffd2d4987807df4126f96a11e18b0c1d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35863-smb-client-fix-potential-uaf-in-is-valid-oplock-break.patch kpatch-description: smb: client: fix potential UAF in is_valid_oplock_break() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35863 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35863 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26837-net-bridge-switchdev-Skip-MDB-replays-of-deferred-ev.patch kpatch-description: net: bridge: switchdev: Skip MDB replays of deferred events on offload kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26837 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26837 kpatch-patch-url: https://git.kernel.org/stable/c/2d5b4b3376fa146a23917b8577064906d643925f kpatch-name: skipped/CVE-2024-35942.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35942 kpatch-skip-reason: Out of scope as the patch is for i.MX SoC kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26892-wifi-mt76-mt7921e-fix-use-after-free-in-free-irq.patch kpatch-description: wifi: mt76: mt7921e: fix use-after-free in free_irq() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26892 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26892 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c957280ef6ab6bdf559a91ae693a6b34310697e3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39298-mm-memory-failure-fix-handling-of-dissolved-but-not-taken-off-from-buddy-pages.patch kpatch-description: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39298 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39298 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8cf360b9d6a840700e06864236a01a883b34bbad kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39473-asoc-sof-ipc4-topology-fix-input-format-query-of-process-modules-without-base-extension.patch kpatch-description: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39473 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39473 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39474-mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with.patch kpatch-description: mm/vmalloc: fix vmalloc which may return null if called with kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39474 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39474 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8e0545c83d672750632f46e3f9ad95c48c91a0fc kpatch-name: skipped/CVE-2024-39488.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39488 kpatch-skip-reason: Out of scope: ARM64 architecture issue kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39497-drm-shmem-helper-fix-bug-on-on-mmap-prot-write-map-private.patch kpatch-description: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39497 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39497 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=03c71c42809ef4b17f5d874cdb2d3bf40e847b86 kpatch-name: skipped/CVE-2024-39498.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39498 kpatch-skip-reason: Kernel is not affected. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39499-vmci-prevent-speculation-leaks-by-sanitizing-event-in-event-deliver.patch kpatch-description: vmci: prevent speculation leaks by sanitizing event in event_deliver() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39499 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39499 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8003f00d895310d409b2bf9ef907c56b42a4e0f4 kpatch-name: skipped/CVE-2024-40930.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40930 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40967-serial-imx-Introduce-timeout-when-waiting-on-transmitter-empty.patch kpatch-description: serial: imx: Introduce timeout when waiting on transmitter empty kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40967 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40967 kpatch-patch-url: https://github.com/torvalds/linux/commit/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40945-iommu-Return-right-value-in-iommu_sva_bind_device.patch kpatch-description: iommu: Return right value in iommu_sva_bind_device() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40945 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40945 kpatch-patch-url: https://github.com/torvalds/linux/commit/89e8a2366e3bce584b6c01549d5019c5cda1205e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40940-net-mlx5-fix-tainted-pointer-delete-is-case-of-flow-rules-creation-fail.patch kpatch-description: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40940 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40940 kpatch-patch-url: https://github.com/torvalds/linux/commit/229bedbf62b13af5aba6525ad10b62ad38d9ccb5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40988-drm-radeon-fix-UBSAN-warning-in-kv_dpm-c.patch kpatch-description: drm/radeon: fix UBSAN warning in kv_dpm.c kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40988 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40988 kpatch-patch-url: https://github.com/torvalds/linux/commit/a498df5421fd737d11bfd152428ba6b1c8538321 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40948-mm-page-table-check-fix-crash-on-zone-device.patch kpatch-description: mm/page_table_check: fix crash on ZONE_DEVICE kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40948 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40948 kpatch-patch-url: https://github.com/torvalds/linux/commit/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40997-cpufreq-amd-pstate-fix-memory-leak-on-cpu-epp-exit.patch kpatch-description: cpufreq: amd-pstate: fix memory leak on CPU EPP exit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40997 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40997 kpatch-patch-url: https://github.com/torvalds/linux/commit/cea04f3d9aeebda9d9c063c0dfa71e739c322c81 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40997-cpufreq-amd-pstate-fix-memory-leak-on-cpu-epp-exit-kpatch.patch kpatch-description: cpufreq: amd-pstate: fix memory leak on CPU EPP exit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40997 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40997 kpatch-patch-url: https://github.com/torvalds/linux/commit/cea04f3d9aeebda9d9c063c0dfa71e739c322c81 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39491-alsa-hda-cs35l56-fix-lifetime-of-cs-dsp-instance.patch kpatch-description: ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39491 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39491 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=60d5e087e5f334475b032ad7e6ad849fb998f303 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36939-nfs-handle-error-of-rpc-proc-register-in-init-nfs-fs.patch kpatch-description: nfs: handle error of rpc_proc_register() in init_nfs_fs() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=24457f1be29f1e7042e50a7749f5c2dde8c433c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36940-pinctrl-core-delete-incorrect-free-in-pinctrl_enable.patch kpatch-description: [PATCH] pinctrl: core: delete incorrect free in pinctrl_enable() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36940 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36940 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5038a66dad0199de60e5671603ea6623eb9e5c79 kpatch-name: skipped/CVE-2024-36944.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36944 kpatch-skip-reason: Kernel is not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36945-net-smc-fix-neighbour-and-rtable-leak-in-smc-ib-find-route.patch kpatch-description: net/smc: fix neighbour and rtable leak in smc_ib_find_route() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36945 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36945 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06 kpatch-name: skipped/CVE-2024-36956.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36956 kpatch-skip-reason: Thermal debugfs isn't present on redhat kernels. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36960-drm-vmwgfx-Fix-invalid-reads-in-fence-signaled-events.patch kpatch-description: [PATCH 1/1] drm/vmwgfx: Fix invalid reads in fence signaled events kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36960 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36960 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c kpatch-name: skipped/CVE-2024-36961.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36961 kpatch-skip-reason: Thermal debugfs isn't present on redhat kernels. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36967-KEYS-trusted-Fix-memory-leak-in-tpm2_key_encode.patch kpatch-description: [PATCH] KEYS: trusted: Fix memory leak in tpm2_key_encode() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36967 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36967 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ffcaa2172cc1a85ddb8b783de96d38ca8855e248 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36974-net-sched-taprio-always-validate-TCA_TAPRIO_ATTR_PRIOMAP.patch kpatch-description: [PATCH] net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36974 kpatch-cvss: 6.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36974 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f921a58ae20852d188f70842431ce6519c4fdc36 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36977-usb-dwc3-wait-unconditionally-after-issuing-endxfer-command.patch kpatch-description: usb: dwc3: Wait unconditionally after issuing EndXfer command kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36977 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36977 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1d26ba0944d398f88aaf997bda3544646cf21945 kpatch-name: skipped/CVE-2024-40907.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40907 kpatch-skip-reason: Intoduced in the same kernel version with the fix kpatch-cvss: kpatch-name: skipped/CVE-2024-40913.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40913 kpatch-skip-reason: Complex adaptation required kpatch-cvss: kpatch-name: skipped/CVE-2024-40925.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40925 kpatch-skip-reason: Intoduced in the same kernel version with the fix kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39507-net__hns3__fix_kernel_crash_problem_in_concurrent_.patch kpatch-description: net: hns3: fix kernel crash problem in concurrent scenario kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39507 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39507 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=12cda920212a49fa22d9e8b9492ac4ea013310a4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40901-scsi__mpt3sas__Avoid_test_set_bit___operating_in_n.patch kpatch-description: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40901 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40901 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4254dfeda82f20844299dca6c38cbffcfd499f41 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40919-bnxt_en__Adjust_logging_of_firmware_messages_in_ca.patch kpatch-description: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40919 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40919 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a9b9741854a9fe9df948af49ca5514e0ed0429df kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40922-io_uring_rsrc__don_t_lock_while__TASK_RUNNING.patch kpatch-description: io_uring/rsrc: don't lock while !TASK_RUNNING kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40922 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40922 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=54559642b96116b45e4b5ca7fd9f7835b8561272 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40923-vmxnet3__disable_rx_data_ring_on_dma_allocation_fa.patch kpatch-description: vmxnet3: disable rx data ring on dma allocation failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40923 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40923 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ffbe335b8d471f79b259e950cb20999700670456 kpatch-name: skipped/CVE-2024-41008.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41008 kpatch-skip-reason: Complex adaptation required, low score patch for non critical subsystem amdgpu kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41020-filelock-fix-fcntl-close-race-recovery-compat-path.patch kpatch-description: filelock: Fix fcntl/close race recovery compat path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41020 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41020 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8138f2ad2f745b9a1c696a05b749eabe44337ea kpatch-name: skipped/CVE-2024-41032.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41032 kpatch-skip-reason: Kernel not vulnerable: blamed commit is absent kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41038-firmware-cs-dsp-prevent-buffer-overrun-when-processing-v2-alg-headers.patch kpatch-description: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41038 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41038 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2163aff6bebbb752edf73f79700f5e2095f3559e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41042-netfilter-nf-tables-prefer-nft-chain-validate.patch kpatch-description: netfilter: nf_tables: prefer nft_chain_validate kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41042 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41042 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cff3bd012a9512ac5ed858d38e6ed65f6391008c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41056-firmware-cs-dsp-use-strnlen-on-name-fields-in-v1-wmfw-files.patch kpatch-description: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41056 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41056 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=680e126ec0400f6daecf0510c5bb97a55779ff03 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41060-drm-radeon-check-bo-va-bo-is-non-null-before-using-it.patch kpatch-description: drm/radeon: check bo_va->bo is non-NULL before using it kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41060 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41060 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6fb15dcbcf4f212930350eaee174bb60ed40a536 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41063-bluetooth-hci-core-cancel-all-works-upon-hci-unregister-dev.patch kpatch-description: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41063 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41063 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0d151a103775dd9645c78c97f77d6e2a5298d913 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26838-rdma-irdma-fix-kasan-issue-with-tasklet.patch kpatch-description: RDMA/irdma: Fix KASAN issue with tasklet kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26838 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26838 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bd97cea7b18a0a553773af806dfbfac27a7c4acb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26846-nvme-fc-do-not-wait-in-vain-when-unloading-module.patch kpatch-description: nvme-fc: do not wait in vain when unloading module kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26846 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26846 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=70fbfc47a392b98e5f8dba70c6efc6839205c982 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26846-nvme-fc-do-not-wait-in-vain-when-unloading-module-kpatch.patch kpatch-description: nvme-fc: do not wait in vain when unloading module kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26846 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26846 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=70fbfc47a392b98e5f8dba70c6efc6839205c982 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26872-rdma-srpt-do-not-register-event-handler-until-srpt-device-is-fully-setup.patch kpatch-description: RDMA/srpt: Do not register event handler until srpt device is fully setup kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26872 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26872 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e362d007294955a4fb929e1c8978154a64efdcb6 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26922-drm-amdgpu-validate-the-parameters-of-bo-mapping-operations-more-clearly.patch kpatch-description: drm/amdgpu: validate the parameters of bo mapping operations more clearly kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26922 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26922 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=212e3baccdb1939606420d88f7f52d346b49a284 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27437-vfio-pci-disable-auto-enable-of-exclusive-intx-irq.patch kpatch-description: vfio/pci: Disable auto-enable of exclusive INTx IRQ kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27437 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27437 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fe9a7082684eb059b925c535682e68c34d487d43 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26861-wireguard-receive-annotate-data-race-around-receiving-counter-counter.patch kpatch-description: wireguard: receive: annotate data-race around receiving_counter.counter kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26861 kpatch-cvss: 4.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26861 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bba045dc4d996d03dce6fe45726e78a1a1f6d4c3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39501-drivers-core-synchronize-really-probe-and-dev-uevent.patch kpatch-description: drivers: core: synchronize really_probe() and dev_uevent() kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39501 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39501 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c0a40097f0bc81deafc15f9195d1fb54595cd6d0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26992-KVM-x86-pmu-Disable-support-for-adaptive-PEBS.patch kpatch-description: KVM: x86/pmu: Disable support for adaptive PEBS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26992 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26992 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/dcc98864e4faf282b2bd6fdf2b11a6fea6c570d8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26992-KVM-x86-pmu-Disable-support-for-adaptive-PEBS-adapt.patch kpatch-description: KVM: x86/pmu: Disable support for adaptive PEBS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26992 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26992 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/dcc98864e4faf282b2bd6fdf2b11a6fea6c570d8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43830-leds-trigger-Unregister-sysfs-attributes-before-calling-deactivate.patch kpatch-description: [PATCH 1/1] leds: trigger: Unregister sysfs attributes before calling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43830 kpatch-cvss: 6.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43830 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c0dc9adf9474ecb7106e60e5472577375aedaed3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43856-dma-fix-call-order-in-dmam-free-coherent.patch kpatch-description: dma: fix call order in dmam_free_coherent kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43856 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43856 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=28e8b7406d3a1f5329a03aa25a43aa28e087cb20 kpatch-name: skipped/CVE-2024-43865.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-43865 kpatch-skip-reason: Affects only the s390 architecture. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43866-net-mlx5-always-drain-health-in-shutdown-callback.patch kpatch-description: net/mlx5: Always drain health in shutdown callback kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43866 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43866 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1b75da22ed1e6171e261bc9265370162553d5393 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43879-wifi-cfg80211-handle-2x996-ru-allocation-in-cfg80211-calculate-bitrate-he.patch kpatch-description: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43879 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43879 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43892-mm-memcg-minor-cleanup-for-MEM_CGROUP_ID_MAX.patch kpatch-description: [PATCH 5063/5129] mm/memcg: minor cleanup for MEM_CGROUP_ID_MAX kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43892 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43892 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=60b1e24ce8c3334d9204d6229356b750632136be kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43892-memcg__protect_concurrent_access_to_mem_cgroup_idr.patch kpatch-description: [PATCH] memcg: protect concurrent access to mem_cgroup_idr kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43892 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43892 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=37a060b64ae83b76600d187d76591ce488ab836b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43911-wifi-mac80211-fix-null-dereference-at-band-check-in-starting-tx-ba-session.patch kpatch-description: wifi: mac80211: fix NULL dereference at band check in starting tx ba session kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43911 kpatch-cvss: 5.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43911 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=021d53a3d87eeb9dbba524ac515651242a2a7e3b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-44947-fuse-initialize-beyond-eof-page-contents-before-setting-uptodate.patch kpatch-description: fuse: Initialize beyond-EOF page contents before setting uptodate kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-44947 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44947 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3c0da3d163eb32f1f91891efaade027fa9b245b9 kpatch-name: skipped/CVE-2024-40965.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40965 kpatch-skip-reason: complex adaptation required for el9-arm64, el9-x86 not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52749-spi-Fix-null-dereference-on-suspend.patch kpatch-description: spi: Fix null dereference on suspend kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52749 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52749 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/1d4e3a6f383420a71a60cfd34ba68336e5919558 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52749-spi-Fix-null-dereference-on-suspend-adapt.patch kpatch-description: spi: Fix null dereference on suspend kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52749 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52749 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/1d4e3a6f383420a71a60cfd34ba68336e5919558 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40966-tty-add-the-option-to-have-a-tty-reject-a-new-ldisc.patch kpatch-description: tty: add the option to have a tty reject a new ldisc kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40966 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40966 kpatch-patch-url: https://github.com/torvalds/linux/commit/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40966-tty-add-the-option-to-have-a-tty-reject-a-new-ldisc-kpatch.patch kpatch-description: tty: add the option to have a tty reject a new ldisc kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40966 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40966 kpatch-patch-url: https://github.com/torvalds/linux/commit/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b kpatch-name: skipped/CVE-2024-26650.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26650 kpatch-skip-reason: Affected p2sb driver is not present in kernel v5.14.0 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42141-bluetooth-iso-check-socket-flag-instead-of-hcon.patch kpatch-description: Bluetooth: ISO: Check socket flag instead of hcon kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42141 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42141 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=596b6f081336e77764ca35cfeab66d0fcdbe544e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42238-firmware-cs-dsp-return-error-if-block-header-overflows-file.patch kpatch-description: firmware: cs_dsp: Return error if block header overflows file kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42238 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42238 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=959fe01e85b7241e3ec305d657febbe82da16a02 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42237-firmware-cs-dsp-validate-payload-length-before-processing-block.patch kpatch-description: firmware: cs_dsp: Validate payload length before processing block kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42237 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42237 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6598afa9320b6ab13041616950ca5f8f938c0cf1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42245-revert-sched-fair-make-sure-to-try-to-detach-at-least-one-movable-task.patch kpatch-description: Revert "sched/fair: Make sure to try to detach at least one movable task" kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42245 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42245 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2feab2492deb2f14f9675dd6388e9e2bf669c27a kpatch-name: skipped/CVE-2024-42258.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42258 kpatch-skip-reason: Out of scope: 64-bit systems not affected. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42268-net-mlx5-fix-missing-lock-on-sync-reset-reload.patch kpatch-description: net/mlx5: Fix missing lock on sync reset reload kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42268 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42268 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42276-nvme-pci-add-missing-condition-check-for-existence-of-mapped-data.patch kpatch-description: nvme-pci: add missing condition check for existence of mapped data kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42276 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42276 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c31fad1470389666ac7169fe43aa65bf5b7e2cfd kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27012-restore-set-elements-when-delete-set-fails.patch kpatch-description: netfilter: nf_tables: restore set elements when delete set fails kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27012 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27012 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=86658fc7414d4b9e25c2699d751034537503d637 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36006-mlxsw-spectrum-acl-tcam-fix-incorrect-list-api-usage.patch kpatch-description: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36006 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36006 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b377add0f0117409c418ddd6504bd682ebe0bf79 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36882-mm-use-memalloc-nofs-save-in-page-cache-ra-order.patch kpatch-description: mm: use memalloc_nofs_save() in page_cache_ra_order() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36882 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36882 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=30153e4466647a17eebfced13eede5cbe4290e69 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36015-ppdev-add-an-error-check-in-register-device.patch kpatch-description: ppdev: Add an error check in register_device kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36015 kpatch-cvss: 5.5 kpatch-cve-url: https://ubuntu.com/security/CVE-2024-36015 kpatch-patch-url: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=ee47778457b95fde8fd2def8cc10faed98e8eb4d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36884-Use-the-correct-type-in-nvidia_smmu_context_fault.patch kpatch-description: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36884 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36884 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=65ade5653f5ab5a21635e51d0c65e95f490f5b6f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36881-mm-userfaultfd-reset-ptes-when-close-for-wr-protected-ones.patch kpatch-description: mm/userfaultfd: reset ptes when close() for wr-protected ones kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36881 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36881 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c88033efe9a391e72ba6b5df4b01d6e628f4e734 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35995-Use-access_width-over-bit_width-for-system.patch kpatch-description: ACPI: CPPC: Use access_width over bit_width for system memory accesses kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35995 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35995 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2f4a4d63a193be6fd530d180bb13c3592052904c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35810-drm-vmwgfx-fix-the-lifetime-of-the-bo-cursor-memory.patch kpatch-description: drm/vmwgfx: Fix the lifetime of the bo cursor memory kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35810 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35810 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35805-dm-snapshot-fix-lockup-in-dm-exception-table-exit.patch kpatch-description: dm snapshot: fix lockup in dm_exception_table_exit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35805 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35805 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35807-ext4-fix-corruption-during-on-line-resize.patch kpatch-description: ext4: fix corruption during on-line resize kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35807 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35807 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35808-md-export-helpers-to-stop-sync_thread.patch kpatch-description: md: export helpers to stop sync_thread kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35808 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35808 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7a2347e284d7ec2f0759be4db60fa7ca937284fc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35808-md-dm-raid-don-t-call-md-reap-sync-thread-directly.patch kpatch-description: md/dm-raid: don't call md_reap_sync_thread() directly kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35808 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35808 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cd32b27a66db8776d8b8e82ec7d7dde97a8693b0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35809-pci-pm-drain-runtime-idle-callbacks-before-driver-removal.patch kpatch-description: PCI/PM: Drain runtime-idle callbacks before driver removal kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35809 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35809 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9d5286d4e7f68beab450deddbb6a32edd5ecf4bf kpatch-name: skipped/CVE-2024-35812.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35812 kpatch-skip-reason: Patch for this CVE has been reverted. Hence skipped kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35817-drm-amdgpu-amdgpu_ttm_gart_bind-set-gtt-bound-flag.patch kpatch-description: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35817 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35817 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6c6064cbe58b43533e3451ad6a8ba9736c109ac3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35822-usb-udc-remove-warning-when-queue-disabled-ep.patch kpatch-description: usb: udc: remove warning when queue disabled ep kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35822 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35822 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2a587a035214fa1b5ef598aea0b81848c5b72e5e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35824-misc-lis3lv02d-i2c-fix-regulators-getting-en-dis-abled-twice-on-suspend-resume.patch kpatch-description: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35824 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35824 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ac3e0384073b2408d6cb0d972fee9fcc3776053d kpatch-name: skipped/CVE-2024-45005.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-45005 kpatch-skip-reason: s390 arch not supported. kpatch-cvss: kpatch-name: skipped/CVE-2024-44984.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-44984 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: skipped/CVE-2020-10135.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2020-10135 kpatch-skip-reason: Already fixed in the existing el9 kernels. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-44960-usb-gadget-core-Check-for-unset-descriptor.patch kpatch-description: tusb: gadget: core: Check for unset descriptor kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-44960 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44960 kpatch-patch-url: https://github.com/torvalds/linux/commit/973a57891608a98e894db2887f278777f564de18 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26862-packet-annotate-data-races-around-ignore_outgoing.patch kpatch-description: packet: annotate data-races around ignore_outgoing kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26862 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26862 kpatch-patch-url: https://github.com/torvalds/linux/commit/6ebfad33161afacb3e1e59ed1c2feefef70f9f97 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-44965-x86-mm-Fix-pti_clone_pgtable-alignment-assumption.patch kpatch-description: x86/mm: Fix pti_clone_pgtable() alignment assumption kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-44965 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44965 kpatch-patch-url: https://github.com/torvalds/linux/commit/41e71dbb0e0a0fe214545fe64af031303a08524c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26835-netfilter-nf_tables-set-dormant-flag-on-hook-register-failure.patch kpatch-description: netfilter: nf_tables: set dormant flag on hook register failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26835 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26835 kpatch-patch-url: https://github.com/torvalds/linux/commit/bccebf64701735533c8db37773eeacc6566cc8ec kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-44970-net-mlx5e-SHAMPO-Fix-invalid-WQ-linked-list-unlink.patch kpatch-description: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-44970 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44970 kpatch-patch-url: https://github.com/torvalds/linux/commit/fba8334721e266f92079632598e46e5f89082f30 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52615-hwrng-core-fix-page-fault-dead-lock-on-mmap-ed-hwrng.patch kpatch-description: hwrng: core - Fix page fault dead lock on mmap-ed hwrng kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52615 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52615 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=78aafb3884f6bc6636efcc1760c891c8500b9922 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52621-bpf-check-rcu-read-lock-trace-held-before-calling-bpf-map-helpers.patch kpatch-description: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52621 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52621 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=169410eba271afc9f0fb476d996795aa26770c6d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52643-iio-core-fix-memleak-in-iio-device-register-sysfs.patch kpatch-description: iio: core: fix memleak in iio_device_register_sysfs kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52643 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52643 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=95a0d596bbd0552a78e13ced43f2be1038883c81 kpatch-name: skipped/CVE-2024-26638.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26638 kpatch-skip-reason: nbd: Low-score CVE. Patched function is called from a kthread and sleeps, which may prevent patching/unpatching. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26645-tracing-ensure-visibility-when-inserting-an-element-into-tracing-map.patch kpatch-description: tracing: Ensure visibility when inserting an element into tracing_map kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26645 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26645 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2b44760609e9eaafc9d234a6883d042fc21132a7 kpatch-name: skipped/CVE-2024-26646.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26646 kpatch-skip-reason: Affects only boot __init stage, already booted kernels are not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-26746.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26746 kpatch-skip-reason: Kernel not vulnerable. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27011-netfilter-nf-tables-fix-memleak-in-map-from-abort-path.patch kpatch-description: netfilter: nf_tables: fix memleak in map from abort path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27011 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27011 kpatch-patch-url: https://github.com/torvalds/linux/commit/86a1471d7cde792941109b93b558b5dc078b9ee9 kpatch-name: skipped/CVE-2024-39503.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39503 kpatch-skip-reason: commit that introduces CVE is not present kpatch-cvss: kpatch-name: skipped/CVE-2023-52624.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52624 kpatch-skip-reason: older kernels do not have support for DisplayCoreNext 3.5 kpatch-cvss: kpatch-name: skipped/CVE-2023-52625.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52625 kpatch-skip-reason: older kernels do not have support for DisplayCoreNext 3.5 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35924-usb-typec-ucsi-limit-read-size-on-v1-2.patch kpatch-description: usb: typec: ucsi: Limit read size on v1.2 kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35924 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35924 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b3db266fb031fba88c423d4bb8983a73a3db6527 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35925-block-prevent-division-by-zero-in-blk_rq_stat_sum.patch kpatch-description: block: prevent division by zero in blk_rq_stat_sum() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35925 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35925 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93f52fbeaf4b676b21acfe42a5152620e6770d02 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35927-drm-Check-output-polling-initialized-before-disabling.patch kpatch-description: drm: Check output polling initialized before disabling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35927 kpatch-cvss: 5.5 kpatch-cve-url: https://ubuntu.com/security/CVE-2024-35927 kpatch-patch-url: https://git.kernel.org/linus/5abffb66d12bcac84bf7b66389c571b8bb6e82bd kpatch-name: skipped/CVE-2024-35928.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35928 kpatch-skip-reason: The patch was later reverted in eb4f139888f6 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35930-scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch kpatch-description: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35930 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35930 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2ae917d4bcab80ab304b774d492e2fcd6c52c06b kpatch-name: skipped/CVE-2024-35938.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35938 kpatch-skip-reason: wifi:ath11k, low score CVE that needs complex adaptation but decreasing MHI Bus' buf-len isn't a typical security fix. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35939-dma-direct-leak-pages-on-dma-set-decrypted-failure.patch kpatch-description: dma-direct: Leak pages on dma_set_decrypted() failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b9fa16949d18e06bdf728a560f5c8af56d2bdcaf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35944-vmci-use-struct-size-in-kmalloc.patch kpatch-description: VMCI: Use struct_size() in kmalloc() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35944 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35944 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e03d4910e6e45cb49f630258e870b08f2ee34e7a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35944-vmci-fix-memcpy-run-time-warning-in-dg-dispatch-as-host.patch kpatch-description: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35944 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35944 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=19b070fefd0d024af3daa7329cbc0d00de5302ec kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35944-vmci-fix-possible-memcpy-run-time-warning-in-vmci-datagram-invoke-guest-handler.patch kpatch-description: VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35944 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35944 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=19b070fefd0d024af3daa7329cbc0d00de5302ec kpatch-name: skipped/CVE-2024-26962.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26962 kpatch-skip-reason: None of the existing kernels is affected kpatch-cvss: kpatch-name: skipped/CVE-2024-41007.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41007 kpatch-skip-reason: Low-score CVE which might introduce problems in net subsystem kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41001-io_uring-sqpoll-work-around-a-potential-audit-memory-kpatch.patch kpatch-description: io_uring/sqpoll: work around a potential audit memory leak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41001 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41001 kpatch-patch-url: https://github.com/torvalds/linux/commit/c4ce0ab27646f420 kpatch-name: skipped/CVE-2024-26812.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26812 kpatch-skip-reason: Complex adaptation required, not worth the effort for 4.4 score CVE kpatch-cvss: kpatch-name: skipped/CVE-2024-41065.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41065 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2024-41084.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41084 kpatch-skip-reason: None of our RHEL9 kernels are affected by the bug kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41079-nvmet-always-initialize-cqe-result.patch kpatch-description: nvmet: always initialize cqe.result kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41079 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41079 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cd0c1b8e045a8d2785342b385cb2684d9b48e426 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41089-drm-nouveau-dispnv04-fix-null-pointer-dereference-in.patch kpatch-description: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41089 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41089 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6d411c8ccc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41095-drm-nouveau-dispnv04-fix-null-pointer-dereference.patch kpatch-description: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41095 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41095 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=66edf3fb331 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41077-null-blk-fix-validation-of-block-size.patch kpatch-description: null_blk: fix validation of block size kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41077 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41077 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c462ecd659b5fce731f1d592285832fd6ad54053 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41085-cxl-mem-fix-no-cxl-nvd-during-pmem-region-auto-assembling.patch kpatch-description: cxl/mem: Fix no cxl_nvd during pmem region auto-assembling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41085 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41085 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=84ec985944ef34a34a1605b93ce401aa8737af96 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41082-nvme-fabrics-use-reserved-tag-for-reg-read-write-command.patch kpatch-description: nvme-fabrics: use reserved tag for reg read/write command kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41082 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41082 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41094-drm-fbdev-dma-Only-set-smem_start-is-enable-per-module.patch kpatch-description: drm/fbdev-dma: Only set smem_start is enable per module option kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41094 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41094 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d92a7580392a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41093-drm-amdgpu-avoid-using-null-object-of-framebuffer.patch kpatch-description: drm/amdgpu: avoid using null object of framebuffer kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41093 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41093 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bcfa48ff785bd kpatch-name: skipped/CVE-2024-42226.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42226 kpatch-skip-reason: Patch introduced regression and was reverted later. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47185-tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_ldisc.patch kpatch-description: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47185 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47185 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/9c76cbe7cde247be1f3258b807eab76ca69ba217 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52477-usb-hub-Guard-against-accesses-to-uninitialized-BOS-descriptors.patch kpatch-description: usb: hub: Guard against accesses to uninitialized BOS descriptors kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52477 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52477 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/07563984720979c6e6a94ae06c00af2766e1fd11 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52492-dmaengine-fix-NULL-pointer-in-channel-unregistration-function.patch kpatch-description: dmaengine: fix NULL pointer in channel unregistration function kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52492 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52492 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/d6f49707be942ea97ed52ed5b941b8ba6b7a2f0b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52498-async-Split-async_schedule_node_domain.patch kpatch-description: PM: sleep: Fix possible deadlocks in core system-wide PM code kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52498 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52498 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/a32b93bf0a723d8e73f43c1aca257e1588551a86 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52498-async-Introduce-async_schedule_dev_nocall.patch kpatch-description: PM: sleep: Fix possible deadlocks in core system-wide PM code kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52498 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52498 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/a32b93bf0a723d8e73f43c1aca257e1588551a86 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52498-PM-sleep-Fix-possible-deadlocks-in-core-system-wide-PM-code.patch kpatch-description: PM: sleep: Fix possible deadlocks in core system-wide PM code kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52498 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52498 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/a32b93bf0a723d8e73f43c1aca257e1588551a86 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52513-RDMA-siw-Fix-connection-failure-handling.patch kpatch-description: RDMA/siw: Fix connection failure handling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52513 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52513 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/7608c307a993bfd11cebc76c393ec1ec6965c7f5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52528-net-usb-smsc75xx-Fix-uninit-value-access-in-__smsc75xx_read_reg.patch kpatch-description: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52528 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52528 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/2c893a88a6ab05e7aad61f8563acbeb18d801e59 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52594-wifi-ath9k-Fix-potential-array-index-out-of-bounds-read-in-ath9k_htc_txstatus.patch kpatch-description: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52594 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52594 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/f0a0cfd22759ea8c37a318561ada94000b85cc1a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52595-wifi-rt2x00-restart-beacon-queue-when-hardware-reset.patch kpatch-description: wifi: rt2x00: restart beacon queue when hardware reset kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52595 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52595 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/01d249eea31868b510e548a7c2f2747b80cdcf83 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52614-PM-devfreq-Fix-buffer-overflow-in-trans_stat_show.patch kpatch-description: PM / devfreq: Fix buffer overflow in trans_stat_show kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52614 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52614 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/009f3aca851dcab5ae2502f03902cf27592498c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35827-io_uring-net-fix-overflow-check-in-io_recvmsg_mshot_prep.patch kpatch-description: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-35827 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35827 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/7ba923ccba4030f236a5349983388d9944e9adf4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27010-net-sched-Fix-mirred-deadlock-on-device-recursion.patch kpatch-description: net/sched: Fix mirred deadlock on device recursion kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27010 kpatch-cvss: 5.5 kpatch-cve-url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-27010 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/c3c09e38bc617fa918353f8c98c2adafde92d74d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27010-net-sched-Fix-mirred-deadlock-on-device-recursion-kpatch.patch kpatch-description: net/sched: Fix mirred deadlock on device recursion kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27010 kpatch-cvss: 5.5 kpatch-cve-url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-27010 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/c3c09e38bc617fa918353f8c98c2adafde92d74d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27014-net-mlx5e-Prevent-deadlock-while-disabling-aRFS.patch kpatch-description: net/mlx5e: Prevent deadlock while disabling aRFS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27014 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=fef965764cf562f28afb997b626fc7c3cec99693 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27014-net-mlx5e-Prevent-deadlock-while-disabling-aRFS-kpatch.patch kpatch-description: net/mlx5e: Prevent deadlock while disabling aRFS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27014 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=fef965764cf562f28afb997b626fc7c3cec99693 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35931-drm-amdgpu-Add-hive-ras-recovery-check.patch kpatch-description: drm/amdgpu : Add hive ras recovery check kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35931 kpatch-patch-url: https://git.kernel.org/linus/53dd920c1f471a5763c660a7b94fe0aaf746d357 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35931-drm-amdgpu-Add-hive-ras-recovery-check-kpatch.patch kpatch-description: drm/amdgpu : Add hive ras recovery check kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35931 kpatch-patch-url: https://git.kernel.org/linus/53dd920c1f471a5763c660a7b94fe0aaf746d357 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35931-drm-amdgpu-Skip-do-PCI-error-slot-reset-during-RAS-recovery.patch kpatch-description: drm/amdgpu: Skip do PCI error slot reset during RAS recovery kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35931 kpatch-patch-url: https://git.kernel.org/linus/601429cca96b4af3be44172c3b64e4228515dbe1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27017-netfilter-nft-set-pipapo-walk-over-current-view-on-netlink-dump.patch kpatch-description: netfilter: nft_set_pipapo: walk over current view on netlink dump kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27017 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27017 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=29b359cf6d95fd60730533f7f10464e95bd17c73 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27017-netfilter-nf_tables-missing-iterator-type-in-lookup-walk.patch kpatch-description: nf_tables: missing iterator type in lookup walk kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27017 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27017 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/09cc2ea43e7650ba90980dd4b92bec858130fcbd kpatch-name: skipped/CVE-2024-26605.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26605 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39508-io_uring-io-wq-Use-set_bit-and-test_bit-at-worker-flags.patch kpatch-description: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39508 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39508 kpatch-patch-url: https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1cbb0affb15470a9621267fe0a8568007553a4bf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40924-drm-i915-dpt-Make-DPT-object-unshrinkable.patch kpatch-description: drm/i915/dpt: Make DPT object unshrinkable kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40924 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40924 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=327280149066f0e5f2e50356b5823f76dabfe86e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35979-raid1-fix-use-after-free-for-original-bio-in-raid1_write_request.patch kpatch-description: raid1: fix use-after-free for original bio in raid1_write_request() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35979 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-35979 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/0bc0ab758d44c21089633662acf877d683dff59a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52622-ext4-avoid-online-resizing-failures-due-to-oversized-flex-bg.patch kpatch-description: ext4: avoid online resizing failures due to oversized flex bg kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52622 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52622 kpatch-patch-url: https://github.com/torvalds/linux/commit/5d1935ac02ca5aee364a449a35e2977ea84509b0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52622-ext4-avoid-online-resizing-failures-due-to-oversized-flex-bg-kpatch.patch kpatch-description: ext4: avoid online resizing failures due to oversized flex bg kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52622 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52622 kpatch-patch-url: https://github.com/torvalds/linux/commit/5d1935ac02ca5aee364a449a35e2977ea84509b0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52656-io_uring-unix-drop-usage-of-io_uring-socket.patch kpatch-description: io_uring/unix: drop usage of io_uring socket kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52656 kpatch-patch-url: https://github.com/torvalds/linux/commit/a4104821ad651d8a0b374f0b2474c345bbb42f82 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52656-io_uring-unix-drop-usage-of-io_uring-socket-kpatch.patch kpatch-description: io_uring/unix: drop usage of io_uring socket kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52656 kpatch-patch-url: https://github.com/torvalds/linux/commit/a4104821ad651d8a0b374f0b2474c345bbb42f82 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52656-io_uring-drop-any-code-related-to-SCM_RIGHTS.patch kpatch-description: io_uring: drop any code related to SCM_RIGHTS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52656 kpatch-patch-url: https://github.com/torvalds/linux/commit/6e5e6d274956305f1fc0340522b38f5f5be74bdb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52656-io_uring-drop-any-code-related-to-SCM_RIGHTS-kpatch.patch kpatch-description: io_uring: drop any code related to SCM_RIGHTS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52656 kpatch-patch-url: https://github.com/torvalds/linux/commit/6e5e6d274956305f1fc0340522b38f5f5be74bdb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36010-igb-fix-string-truncation-warnings-in-igb_set_fw_version.patch kpatch-description: igb: Fix string truncation warnings in igb_set_fw_version kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36010 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36010 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c56d055893cbe97848611855d1c97d0ab171eccc kpatch-name: skipped/CVE-2021-47505.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-47505 kpatch-skip-reason: A complex adaptation is needed which is not possible to implement safely. Only Android OS is affected. Low score CVE. kpatch-cvss: kpatch-name: skipped/CVE-2024-35880.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35880 kpatch-skip-reason: Complex adaptation required. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36022-drm-amdgpu-Init-zone-device-and-drm-client-after-mode-1-reset-on-reload.patch kpatch-description: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36022 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36022 kpatch-patch-url: https://github.com/torvalds/linux/commit/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48 kpatch-name: skipped/CVE-2024-36028.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36028 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: skipped/CVE-2024-36885.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36885 kpatch-skip-reason: This CVE has been rejected upstream kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35843-iommu-vt-d-Use-device-rbtree-in-iopf-reporting-path-kpatch.patch kpatch-description: [PATCH] iommu/vt-d: Use device rbtree in iopf reporting path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35843 kpatch-cvss: 6.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35843 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=def054b01a867822254e1dda13d587f5c7a99e2a kpatch-name: rhel9/5.14.0-503.14.1.el9_5/CVE-2024-42283-net-nexthop-initialize-all-fields-in-dumped-nexthops.patch kpatch-description: net: nexthop: Initialize all fields in dumped nexthops kpatch-kernel: 5.14.0-503.14.1.el9_5 kpatch-cve: CVE-2024-42283 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42283 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/120bff1e127f6ec2b4a725bf22d76fbaed8bf559 kpatch-name: rhel9/5.14.0-503.14.1.el9_5/CVE-2024-46858-mptcp-pm-fix-uaf-in-timer-delete-sync.patch kpatch-description: mptcp: pm: Fix uaf in __timer_delete_sync kpatch-kernel: 5.14.0-503.14.1.el9_5 kpatch-cve: CVE-2024-46858 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46858 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=3554482f4691571fc4b5490c17ae26896e62171c kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-41009-bpf-fix-overrunning-reservations-in-ringbuf.patch kpatch-description: bpf: Fix overrunning reservations in ringbuf kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-41009 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41009 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cfa1a2329a691ffd991fcf7248a57d752e712881 kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-41009-bpf-fix-overrunning-reservations-in-ringbuf-kpatch.patch kpatch-description: bpf: Fix overrunning reservations in ringbuf kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-41009 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41009 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cfa1a2329a691ffd991fcf7248a57d752e712881 kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-42244-USB-serial-mos7840-fix-crash-on-resume.patch kpatch-description: USB: serial: mos7840: fix crash on resume kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-42244 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42244 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4 kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-42244-USB-serial-mos7840-fix-crash-on-resume-kpatch.patch kpatch-description: USB: serial: mos7840: fix crash on resume kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-42244 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42244 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4 kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-50226-cxl-port-fix-use-after-free-permit-out-of-order-decoder-shutdown-427.patch kpatch-description: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-50226 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50226 kpatch-patch-url: https://github.com/torvalds/linux/commit/101c268bd2f37e965a5468353e62d154db38838e kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-50251-netfilter-nft_payload-sanitize-offset-and-length-before-calling-skb_checksum.patch kpatch-description: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-50251 kpatch-cvss: 6.2 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50251 kpatch-patch-url: https://git.kernel.org/linus/d5953d680f7e96208c29ce4139a0e38de87a57fe kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-26615-net-smc-fix-illegal-rmb-desc-access-in-smc-d-connection-dump.patch kpatch-description: net/smc: fix illegal rmb_desc access in SMC-D connection dump kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-26615 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26615 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dbc153fd3c142909e564bb256da087e13fbf239c kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-43854-block-initialize-integrity-buffer-to-zero-before-writing-it-to-media-427.42.1.patch kpatch-description: block: initialize integrity buffer to zero before writing it to media kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-43854 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43854 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-46695-selinux-smack-don-t-bypass-permissions-check-in-inode-setsecctx-hook.patch kpatch-description: selinux,smack: don't bypass permissions check in inode_setsecctx hook kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-46695 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46695 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=eebec98791d0137e455cc006411bb92a54250924 kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-49949-net-avoid-potential-underflow-in-qdisc_pkt_len_init-with-UFO.patch kpatch-description: net: avoid potential underflow in qdisc_pkt_len_init() with UFO kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-49949 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49949 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c20029db28399ecc50e556964eaba75c43b1e2f1 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-27399-bluetooth-l2cap-fix-null-ptr-deref-in-l2cap-chan-timeout.patch kpatch-description: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-27399 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27399 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=adf0398cee86643b8eacde95f17d073d022f782c kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-38564-bpf-add-bpf-prog-type-cgroup-skb-attach-type-enforcement-in-bpf-link-create.patch kpatch-description: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-38564 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38564 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=543576ec15b17c0c93301ac8297333c7b6e84ac7 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-47675-bpf-fix-use-after-free-in-bpf-uprobe-multi-link-attach-5.14.0-427.42.1.el9_4.patch kpatch-description: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-47675 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47675 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5fe6e308abaea082c20fbf2aa5df8e14495622cf kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50099-arm64-probes-remove-broken-ldr-literal-uprobe-support.patch kpatch-description: arm64: probes: Remove broken LDR (literal) uprobe support kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50099 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50099 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=acc450aa07099d071b18174c22a1119c57da8227 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50262-bpf-fix-out-of-bounds-write-in-trie-get-next-key.patch kpatch-description: bpf: Fix out-of-bounds write in trie_get_next_key() kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50262 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50262 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=13400ac8fb80c57c2bfb12ebd35ee121ce9b4d21 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50115-KVM-nSVM-Ignore-nCR3-4-0-when-loading-PDPTEs-from-memory.patch kpatch-description: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50115 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50115 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f559b2e9c5c5308850544ab59396b7d53cfc67bd kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50110-xfrm-fix-one-more-kernel-infoleak-in-algo-dumping.patch kpatch-description: xfrm: fix one more kernel-infoleak in algo dumping kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50110 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50110 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6889cd2a93e1e3606b3f6e958aa0924e836de4d2 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50142-xfrm-validate-new-sa-s-prefixlen-using-sa-family-when-sel-family-is-unset.patch kpatch-description: xfrm: validate new SA's prefixlen using SA family when sel.family is unset kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50142 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50142 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3f0ab59e6537c6a8f9e1b355b48f9c05a76e8563 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50148-Bluetooth-bnep-fix-wild-memory-access-in-proto_unregister.patch kpatch-description: Bluetooth: bnep: fix wild-memory-access in proto_unregister kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50148 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50148 kpatch-patch-url: https://git.kernel.org/linus/64a90991ba8d4e32e3173ddd83d0b24167a5668c kpatch-name: skipped/CVE-2024-50255.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50255 kpatch-skip-reason: Bluetooth subsystem. Patched function may wait for a while, which may prevent patching/unpatching. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50125-Bluetooth-SCO-Fix-UAF-on-sco_sock_timeout-427.patch kpatch-description: Bluetooth: SCO: Fix UAF on sco_sock_timeout kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50125 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50125 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d30803f6a972 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50124-Bluetooth-ISO-Fix-UAF-on-iso_sock_timeout.patch kpatch-description: Bluetooth: ISO: Fix UAF on iso_sock_timeout kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50124 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50124 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=246b435ad668 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-49888-bpf-fix-a-sdiv-overflow-issue-427.patch kpatch-description: bpf: Fix a sdiv overflow issue kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-49888 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49888 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7dd34d7b7dcf9309fc6224caf4dd5b35bedddcb7 kpatch-name: skipped/CVE-2024-50192.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50192 kpatch-skip-reason: arm64: Low-score CVE requiring adaptation that is hard to implement; targets very rare hardware kpatch-cvss: kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-50208-rdma-bnxt-re-fix-a-bug-while-setting-up-level-2-pbl-pages.patch kpatch-description: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-50208 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50208 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7988bdbbb85ac85a847baf09879edcd0f70521dc kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-53122-mptcp-cope-racing-subflow-creation-in-mptcp-rcv-space-adjust.patch kpatch-description: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-53122 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53122 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ce7356ae35943cc6494cc692e62d51a734062b7d kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-50252-mlxsw-spectrum_ipip-Fix-memory-leak-when-changing-remote-IPv6-address.patch kpatch-description: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-50252 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50252 kpatch-patch-url: https://github.com/torvalds/linux/commit/12ae97c531fcd3bfd774d4dfeaeac23eafe24280 kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-46713-perf-aux-Fix-AUX-buffer-serialization.patch kpatch-description: perf/aux: Fix AUX buffer serialization kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-46713 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46713 kpatch-patch-url: https://github.com/torvalds/linux/commit/2ab9d830262c132ab5db2f571003d80850d56b2a kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-46713-perf-aux-Fix-AUX-buffer-serialization-kpatch.patch kpatch-description: perf/aux: Fix AUX buffer serialization (Adaptation) kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-46713 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46713 kpatch-patch-url: https://github.com/torvalds/linux/commit/2ab9d830262c132ab5db2f571003d80850d56b2a kpatch-name: rhel9/5.14.0-503.22.1.el9_5/CVE-2024-50154-tcp-dccp-Don-t-use-timer_pending-in-reqsk_queue_unlink.patch kpatch-description: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink() kpatch-kernel: 5.14.0-503.22.1.el9_5 kpatch-cve: CVE-2024-50154 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50154 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8c526f2bdf1 kpatch-name: rhel9/5.14.0-503.22.1.el9_5/CVE-2024-50275-arm64-sve-Discard-stale-CPU-state-when-handling-SVE.patch kpatch-description: Discard stale CPU state when handling SVE traps kpatch-kernel: 5.14.0-503.22.1.el9_5 kpatch-cve: CVE-2024-50275 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50275 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=751ecf6afd65 kpatch-name: rhel9/5.14.0-503.22.1.el9_5/CVE-2024-53088-0001-i40e-fix-i40e_count_filters-to-count-only-active-new-427.patch kpatch-description: i40e: fix i40e_count_filters() to count only active/new filters kpatch-kernel: 5.14.0-503.22.1.el9_5 kpatch-cve: CVE-2024-53088 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53088 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb58c598ce kpatch-name: rhel9/5.14.0-503.22.1.el9_5/CVE-2024-53088-0002-i40e-fix-race-condition-by-adding-filter-s-intermediate-sync-state.patch kpatch-description: fix race condition by adding filter's intermediate sync state kpatch-kernel: 5.14.0-503.22.1.el9_5 kpatch-cve: CVE-2024-53088 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53088 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f30490e969 kpatch-name: rhel9/5.14.0-503.23.2.el9_5/CVE-2024-53104-media-uvcvideo-Skip-parsing-frames-of-type-UVC_VS_UNDEFINED.patch kpatch-description: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format kpatch-kernel: 5.14.0-503.23.2.el9_5 kpatch-cve: CVE-2024-53104 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53104 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=beced2cb09b58c1243733f374c560a55382003d6 kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2024-53113-mm-fix-null-pointer-dereference-in-alloc-pages-bulk-noprof.patch kpatch-description: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2024-53113 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53113 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8ce41b0f9d77cca074df25afd39b86e2ee3aa68e kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2024-53197-ALSA-usb-audio-Fix-potential-out-of-bound-accesses-for-Extigy-and-Mbox-devices.patch kpatch-description: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2024-53197 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53197 kpatch-patch-url: https://github.com/torvalds/linux/commit/b909df18ce2a998afef81d58bbd1a05dc0788c40 kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2023-52922-can-bcm-fix-uaf-in-bcm-proc-show.patch kpatch-description: can: bcm: Fix UAF in bcm_proc_show() kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2023-52922 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52922 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55c3b96074f3f9b0aee19bf93cd71af7516582bb kpatch-name: skipped/CVE-2023-52605.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52605 kpatch-skip-reason: CVE Rejected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2024-50264-vsock-virtio-initialization-of-the-dangling-pointer-occurring-in-vsk-trans.patch kpatch-description: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2024-50264 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50264 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2024-50302-hid-core-zero-initialize-the-report-buffer.patch kpatch-description: HID: core: zero-initialize the report buffer kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2024-50302 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50302 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=177f25d1292c7e16e1199b39c85480f7f8815552 kpatch-name: skipped/CVE-2025-21785.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21785 kpatch-skip-reason: Out of scope: ARM64 architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-503.38.1.el9_5/CVE-2024-53150-alsa-usb-audio-fix-out-of-bounds-reads-when-finding-clock-sources.patch kpatch-description: ALSA: usb-audio: Fix out of bounds reads when finding clock sources kpatch-kernel: 5.14.0-503.38.1.el9_5 kpatch-cve: CVE-2024-53150 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53150 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/cb8dcd77eb63e1e6b2497838cac19502bcc277de uname: 5.14.0-503.38.1.el9_5