RHBA-2024:4494 - Bug Fix Advisory

Topic

Updated Red Hat Enterprise Linux 8 container images are now available

Description

The Red Hat Enterprise Linux 8 container images have been updated to address the following security advisory: RHSA-2024:4211 (see References)

Users of Red Hat Enterprise Linux 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat Enterprise Linux 8 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

• BZ - 1918601 - CVE-2020-26555 kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack
• BZ - 2248122 - CVE-2023-5090 kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
• BZ - 2258875 - CVE-2023-52881 kernel:TCP-spoofed ghost ACKs and leak leak initial sequence number
• BZ - 2265517 - CVE-2024-26585 kernel: tls: race between tx work scheduling and socket close
• BZ - 2265519 - CVE-2024-26584 kernel: tls: handle backlogging of crypto requests
• BZ - 2265520 - CVE-2024-26583 kernel: tls: race between async notify and socket close
• BZ - 2265800 - CVE-2023-52464 kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c
• BZ - 2266408 - CVE-2021-46909 kernel: PCI interrupt mapping cause oops
• BZ - 2266831 - CVE-2021-46972 kernel: ovl: fix leaked dentry
• BZ - 2267513 - CVE-2021-47069 kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
• BZ - 2267518 - CVE-2021-47073 kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
• BZ - 2267730 - CVE-2023-52560 kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions()
• BZ - 2270093 - CVE-2023-52615 kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng
• BZ - 2271680 - CVE-2023-52626 kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context
• BZ - 2272692 - CVE-2024-26656 kernel: drm/amdgpu: use-after-free vulnerability
• BZ - 2272829 - CVE-2024-26675 kernel: ppp_async: limit MRU to 64K
• BZ - 2273204 - CVE-2024-26759 kernel: mm/swap: fix race when skipping swapcache
• BZ - 2273278 - CVE-2024-26735 kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref
• BZ - 2273423 - CVE-2024-26804 kernel: net: ip_tunnel: prevent perpetual headroom growth
• BZ - 2273429 - CVE-2024-26801 kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset
• BZ - 2275604 - CVE-2024-26826 kernel: mptcp: fix data re-injection from stale subflow
• BZ - 2275633 - CVE-2024-26907 kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment
• BZ - 2275635 - CVE-2024-26906 kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
• BZ - 2275733 - CVE-2024-26859 kernel: net/bnx2x: Prevent access to a freed page in page_pool
• BZ - 2278337 - CVE-2024-26982 kernel: Squashfs: check the inode number is not the invalid value of zero
• BZ - 2278354 - CVE-2024-26974 kernel: crypto: qat - resolve race condition during AER recovery
• BZ - 2280434 - CVE-2024-27397 kernel: netfilter: nf_tables: use timestamp to check for set element timeout
• BZ - 2281057 - CVE-2024-35789 kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
• BZ - 2281113 - CVE-2024-27410 kernel: wifi: nl80211: reject iftype change with mesh ID change
• BZ - 2281157 - CVE-2024-35838 kernel: wifi: mac80211: fix potential sta-link leak
• BZ - 2281165 - CVE-2024-35835 kernel: net/mlx5e: fix a double-free in arfs_create_groups
• BZ - 2281251 - CVE-2024-35855 kernel: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
• BZ - 2281253 - CVE-2024-35854 kernel: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
• BZ - 2281255 - CVE-2024-35853 kernel: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
• BZ - 2281257 - CVE-2024-35852 kernel: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
• BZ - 2281272 - CVE-2024-35845 kernel: wifi: iwlwifi: dbg-tlv: ensure NUL termination
• BZ - 2281311 - CVE-2023-52686 kernel: powerpc/powernv: Add a null pointer check in opal_event_init()
• BZ - 2281334 - CVE-2023-52675 kernel: powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
• BZ - 2281346 - CVE-2023-52669 kernel: crypto: s390/aes - Fix buffer overread in CTR mode
• BZ - 2281350 - CVE-2023-52667 kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups
• BZ - 2281689 - CVE-2024-35890 kernel: gro: fix ownership transfer
• BZ - 2281693 - CVE-2024-35888 kernel: erspan: make sure erspan_base_hdr is present in skb->head
• BZ - 2281920 - CVE-2024-35960 kernel: net/mlx5: Properly link new fs rules into the tree
• BZ - 2281923 - CVE-2024-35959 kernel: net/mlx5e: Fix mlx5e_priv_init() cleanup flow
• BZ - 2281925 - CVE-2024-35958 kernel: net: ena: Fix incorrect descriptor free behavior
• BZ - 2281953 - CVE-2024-36004 kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
• BZ - 2281986 - CVE-2024-36007 kernel: mlxsw: spectrum_acl_tcam: Fix warning during rehash
• BZ - 2282394 - CVE-2021-47356 kernel: mISDN: fix possible use-after-free in HFC_cleanup()
• BZ - 2282400 - CVE-2021-47353 kernel: udf: Fix NULL pointer dereference in udf_symlink function
• BZ - 2282471 - CVE-2021-47311 kernel: net: qcom/emac: fix UAF in emac_remove
• BZ - 2282472 - CVE-2021-47310 kernel: net: ti: fix UAF in tlan_remove_one
• BZ - 2282581 - CVE-2021-47236 kernel: net: cdc_eem: fix tx fixup skb leak
• BZ - 2282609 - CVE-2023-52700 kernel: tipc: fix kernel warning when sending SYN message
• BZ - 2282612 - CVE-2023-52703 kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
• BZ - 2282653 - CVE-2023-52813 kernel: crypto: pcrypt - Fix hungtask for PADATA_RESET
• BZ - 2282680 - CVE-2023-52878 kernel: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds
• BZ - 2282698 - CVE-2023-52781 kernel: usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
• BZ - 2282712 - CVE-2023-52877 kernel: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()
• BZ - 2282735 - CVE-2023-52835 kernel: perf/core: Bail out early if the request AUX area is out of bound
• BZ - 2282902 - CVE-2021-47456 kernel: can: peak_pci: peak_pci_remove(): fix UAF
• BZ - 2282920 - CVE-2021-47495 kernel: usbnet: sanity check for maxpacket

CVEs

• CVE-2020-26555
• CVE-2021-46909
• CVE-2021-46972
• CVE-2021-47069
• CVE-2021-47073
• CVE-2021-47236
• CVE-2021-47310
• CVE-2021-47311
• CVE-2021-47353
• CVE-2021-47356
• CVE-2021-47456
• CVE-2021-47495
• CVE-2023-5090
• CVE-2023-52464
• CVE-2023-52560
• CVE-2023-52615
• CVE-2023-52626
• CVE-2023-52667
• CVE-2023-52669
• CVE-2023-52675
• CVE-2023-52686
• CVE-2023-52700
• CVE-2023-52703
• CVE-2023-52781
• CVE-2023-52813
• CVE-2023-52835
• CVE-2023-52877
• CVE-2023-52878
• CVE-2023-52881
• CVE-2024-26583
• CVE-2024-26584
• CVE-2024-26585
• CVE-2024-26656
• CVE-2024-26675
• CVE-2024-26735
• CVE-2024-26759
• CVE-2024-26801
• CVE-2024-26804
• CVE-2024-26826
• CVE-2024-26859
• CVE-2024-26906
• CVE-2024-26907
• CVE-2024-26974
• CVE-2024-26982
• CVE-2024-27397
• CVE-2024-27410
• CVE-2024-35789
• CVE-2024-35835
• CVE-2024-35838
• CVE-2024-35845
• CVE-2024-35852
• CVE-2024-35853
• CVE-2024-35854
• CVE-2024-35855
• CVE-2024-35888
• CVE-2024-35890
• CVE-2024-35958
• CVE-2024-35959
• CVE-2024-35960
• CVE-2024-36004
• CVE-2024-36007

References

• https://access.redhat.com/errata/RHSA-2024:4211
• https://access.redhat.com/containers