The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. * A use-after-free flaw was found in the way the Linux kernel"s SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.