--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-92664ae6fe
2024-05-22 01:26:21.009294
--------------------------------------------------------------------------------

Name        : kernel
Product     : Fedora 40
Version     : 6.8.10
Release     : 300.fc40
URL         : https://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 6.8.10 stable kernel update contains a number of important fixes across the
tree
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 17 2024 Augusto Caringi  [6.8.10-0]
- redhat/configs: Enable CONFIG_DEBUG_INFO_BTF_MODULES (Augusto Caringi)
- Add bugs to BugsFixed for 6.8.10 (Justin M. Forbes)
- Turn on INIT_ON_ALLOC_DEFAULT_ON for Fedora (Justin M. Forbes)
- Reapply "drm/qxl: simplify qxl_fence_wait" (Linus Torvalds)
- BugsFixed updates for 6.8.10 (Justin M. Forbes)
- e1000e: change usleep_range to udelay in PHY mdic access (Vitaly Lifshits)
- Linux v6.8.10
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2276325 - Lenovo M910Q hardware boot fails with "Bug: scheduling while atomic" when ethernet connected
        https://bugzilla.redhat.com/show_bug.cgi?id=2276325
  [ 2 ] Bug #2279678 - Missing automatic memory initialization: enable CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
        https://bugzilla.redhat.com/show_bug.cgi?id=2279678
  [ 3 ] Bug #2279734 - Kernel 6.8.8  deadlocks with 100% cpu when run in qemu/kvm
        https://bugzilla.redhat.com/show_bug.cgi?id=2279734
  [ 4 ] Bug #2280396 - CVE-2024-21823 kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2280396
  [ 5 ] Bug #2280408 - CVE-2024-27401 kernel: firewire: nosy: ensure user_length is taken into account when fetching packet contents [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2280408
  [ 6 ] Bug #2280461 - CVE-2024-27400 kernel: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2280461
  [ 7 ] Bug #2280463 - CVE-2024-27399 kernel: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2280463
  [ 8 ] Bug #2280465 - CVE-2024-27398 kernel: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2280465
  [ 9 ] Bug #2281511 - CVE-2024-35947 kernel: dyndbg: fix old BUG_ON in >control parser [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2281511
  [ 10 ] Bug #2281946 - CVE-2024-35949 kernel: btrfs: make sure that WRITTEN is set on all metadata blocks [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2281946
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-92664ae6fe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 40: kernel 2024-92664ae6fe Security Advisory Updates

May 22, 2024
The 6.8.10 stable kernel update contains a number of important fixes across the tree

Summary

The kernel meta package

Update Information:

The 6.8.10 stable kernel update contains a number of important fixes across the tree

Change Log

* Fri May 17 2024 Augusto Caringi [6.8.10-0] - redhat/configs: Enable CONFIG_DEBUG_INFO_BTF_MODULES (Augusto Caringi) - Add bugs to BugsFixed for 6.8.10 (Justin M. Forbes) - Turn on INIT_ON_ALLOC_DEFAULT_ON for Fedora (Justin M. Forbes) - Reapply "drm/qxl: simplify qxl_fence_wait" (Linus Torvalds) - BugsFixed updates for 6.8.10 (Justin M. Forbes) - e1000e: change usleep_range to udelay in PHY mdic access (Vitaly Lifshits) - Linux v6.8.10

References

[ 1 ] Bug #2276325 - Lenovo M910Q hardware boot fails with "Bug: scheduling while atomic" when ethernet connected https://bugzilla.redhat.com/show_bug.cgi?id=2276325 [ 2 ] Bug #2279678 - Missing automatic memory initialization: enable CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y https://bugzilla.redhat.com/show_bug.cgi?id=2279678 [ 3 ] Bug #2279734 - Kernel 6.8.8 deadlocks with 100% cpu when run in qemu/kvm https://bugzilla.redhat.com/show_bug.cgi?id=2279734 [ 4 ] Bug #2280396 - CVE-2024-21823 kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2280396 [ 5 ] Bug #2280408 - CVE-2024-27401 kernel: firewire: nosy: ensure user_length is taken into account when fetching packet contents [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2280408 [ 6 ] Bug #2280461 - CVE-2024-27400 kernel: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2280461 [ 7 ] Bug #2280463 - CVE-2024-27399 kernel: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2280463 [ 8 ] Bug #2280465 - CVE-2024-27398 kernel: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2280465 [ 9 ] Bug #2281511 - CVE-2024-35947 kernel: dyndbg: fix old BUG_ON in >control parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2281511 [ 10 ] Bug #2281946 - CVE-2024-35949 kernel: btrfs: make sure that WRITTEN is set on all metadata blocks [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2281946

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-92664ae6fe' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : kernel
Product : Fedora 40
Version : 6.8.10
Release : 300.fc40
URL : https://www.kernel.org/
Summary : The Linux kernel

Related News

32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
6.EmailConnection Touch Esm H170
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
20.Lock AbstractDigital Circular Esm H170
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server (apache2) impacting versions
24.Key Code Esm H170
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
8.Locks HexConnections CodeGlobe Esm H170
2 - 4 min read
A new backdoor, "Noodle RAT" has caused widespread alarm across the cybersecurity landscape. Research highlights this previously undisclosed malware
30.Lock Globe Motherboard Esm H170
3 - 5 min read
An update to OpenSSH , an open-source implementation of the Secure Shell (SSH) protocol, will introduce options to penalize unwanted behavior and
11.Locks IsometricPattern Esm H170
2 - 3 min read
Gitloker attacks have emerged with increased frequency in recent weeks, targeting GitHub repositories by wiping them clean of all content before

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved