kernel-4.18.0-553.52.1.el8_10

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (CVE-2022-49011)
* kernel: netfilter: ipset: add missing range check in bitmap_ip_uadt (CVE-2024-53141)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-49011
In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). So call it after using to avoid refcount leak.
CVE-2024-53141
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.