chore(deps): refresh rpm lockfiles [SECURITY]#3866
Merged
openshift-merge-bot[bot] merged 1 commit intorelease-4.20from Mar 31, 2026
Merged
Conversation
openshift-ci
bot
added
the
needs-rebase
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
red-hat-konflux
bot
force-pushed
the
konflux/mintmaker/release-4.20/lock-file-maintenance-vulnerability
branch
from
b0e515c to
f6345f3
Compare
openshift-ci
bot
removed
the
needs-rebase
Contributor
|
/approve |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fontivan, red-hat-konflux[bot] The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
openshift-merge-bot
bot
deleted the
konflux/mintmaker/release-4.20/lock-file-maintenance-vulnerability
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
File cnf-tests/.konflux/rpms.in.yaml:
5.14.0-611.41.1.el9_7->5.14.0-611.45.1.el9_7kernel: net/sched: cls_u32: use skb_header_pointer_careful()
CVE-2026-23204
More information
Details
In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_u32: use skb_header_pointer_careful()
skb_header_pointer() does not fully validate negative @offset values.
Use skb_header_pointer_careful() instead.
GangMin Kim provided a report and a repro fooling u32_classify():
BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0
net/sched/cls_u32.c:221
Severity
Moderate
References
kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()
CVE-2026-23193
More information
Details
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()
In iscsit_dec_session_usage_count(), the function calls complete() while
holding the sess->session_usage_lock. Similar to the connection usage count
logic, the waiter signaled by complete() (e.g., in the session release
path) may wake up and free the iscsit_session structure immediately.
This creates a race condition where the current thread may attempt to
execute spin_unlock_bh() on a session structure that has already been
deallocated, resulting in a KASAN slab-use-after-free.
To resolve this, release the session_usage_lock before calling complete()
to ensure all dereferences of the sess pointer are finished before the
waiter is allowed to proceed with deallocation.
Severity
Moderate
References
kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem
CVE-2025-38180
More information
Details
A flaw was found in the Linux kernel's Asynchronous Transfer Mode (ATM) subsystem. An authenticated local attacker could exploit a Use-After-Free (UAF) vulnerability in the /proc/net/atm/lec handling. This flaw occurs due to improper dev_put() calls without prior dev_hold() calls, leading to an imbalance in reference counting. Successful exploitation could allow the attacker to achieve privilege escalation or cause a denial of service.
Severity
Moderate
References
kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies
CVE-2025-40096
More information
Details
A flaw was found in the kernel subsystem handling of the DRM scheduler. Under certain error conditions, the function drm_sched_job_add_dependency() consumes a fence reference and then later erroneously attempts to free it again (double free). This may lead to memory corruption and, in some configurations, escalation of privileges.
Severity
Moderate
References
kernel: ALSA: aloop: Fix racy access at PCM trigger
CVE-2026-23191
More information
Details
In the Linux kernel, the following vulnerability has been resolved:
ALSA: aloop: Fix racy access at PCM trigger
The PCM trigger callback of aloop driver tries to check the PCM state
and stop the stream of the tied substream in the corresponding cable.
Since both check and stop operations are performed outside the cable
lock, this may result in UAF when a program attempts to trigger
frequently while opening/closing the tied stream, as spotted by
fuzzers.
For addressing the UAF, this patch changes two things:
cable->lock spinlock, and add the proper NULL checks. This avoids
already some racy accesses.
that may be stopped in this function, which was the major pain point
leading to UAF.
Severity
Moderate
References
kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution
CVE-2026-23171
More information
Details
A flaw was found in the Linux kernel's bonding module. This use-after-free vulnerability occurs when a new slave device is added to the bonding array but fails during the enslave process. A local attacker can exploit this by triggering the enslave failure, which may lead to a system crash, resulting in a Denial of Service (DoS), or potentially allow for arbitrary code execution.
Severity
Moderate
References
kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure
CVE-2026-23144
More information
Details
A flaw was found in the Linux kernel's Data Access MONitor (DAMON) sysfs interface. A local attacker, typically a privileged user, could exploit a cleanup bug during DAMON context setup. If the setup fails after the attrs directory is created, stale sysfs directories are left behind. This can lead to a local denial of service, making the DAMON sysfs interface unusable until a system reboot, and potentially cause a kernel memory leak if repeatedly triggered.
Severity
Moderate
References
kernel: macvlan: fix error recovery in macvlan_common_newlink()
CVE-2026-23209
More information
Details
A use-after-free vulnerability was found in the macvlan driver. When creating a macvlan interface in source mode fails after the source MAC has been added to the hash table (e.g., due to an invalid interface name), the hash entry still references the freed net_device structure. Subsequent packets matching that source MAC trigger use-after-free in macvlan_forward_source().
Severity
Moderate
References
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.