Red Hat Product Errata RHSA-2024:1533 - Security Advisory
Issued:
2024-03-27
Updated:
2024-03-27

RHSA-2024:1533 - Security Advisory

Synopsis

Moderate: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)
  • kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

Bug Fix(es):

  • kernel-rt: kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:RHEL-22083)
  • kernel-rt: update RT source tree to the latest RHEL-9.2.z7 Batch (JIRA:RHEL-28866)
  • [RHEL9.3 nightly] NMI panic sometimes fails to start the 2nd kernel for kdump (JIRA:RHEL-24448)
  • kernel-rt: kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (JIRA:RHEL-26382)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64

Fixes

  • BZ - 2258518 - CVE-2024-0565 kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client
  • BZ - 2267695 - CVE-2024-26602 kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
kernel-rt-5.14.0-284.59.1.rt14.344.el9_2.src.rpm SHA-256: a44e8881706e9fa0b2b7cd15a566fffb26d3d79b48290c2a5405bea2d927e8b7
x86_64
kernel-rt-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 5afbd61f57217536c001ca887f71ee4bf773a25bfb5a3e16d552100df295b33e
kernel-rt-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 5afbd61f57217536c001ca887f71ee4bf773a25bfb5a3e16d552100df295b33e
kernel-rt-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 92ea843205d659dee10a51dcb93ce454bc467b392d3ad64c948ab5ac228b3471
kernel-rt-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 92ea843205d659dee10a51dcb93ce454bc467b392d3ad64c948ab5ac228b3471
kernel-rt-debug-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 38bf4095c6f7aee4105e0a50351970f9913c8c1f48e0659380e1a4fa5c7cf451
kernel-rt-debug-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 38bf4095c6f7aee4105e0a50351970f9913c8c1f48e0659380e1a4fa5c7cf451
kernel-rt-debug-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: c3dfe2a242b33aa590c22603573213a99e6b44f8d2192e7d01506e30d0286437
kernel-rt-debug-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: c3dfe2a242b33aa590c22603573213a99e6b44f8d2192e7d01506e30d0286437
kernel-rt-debug-debuginfo-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 19074e8b6e34199dedb96a5e26702252ed32d6a13470d2f5a1800ebf80869612
kernel-rt-debug-debuginfo-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 19074e8b6e34199dedb96a5e26702252ed32d6a13470d2f5a1800ebf80869612
kernel-rt-debug-devel-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 754ede08d271a550ae606c352ba07ea868100a50537553dc76ca223a3ef2487d
kernel-rt-debug-devel-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 754ede08d271a550ae606c352ba07ea868100a50537553dc76ca223a3ef2487d
kernel-rt-debug-kvm-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: fd7edf3a1547a8f63e3a3c6de552ff8ba1dd8fb784af0bbbaff07202d455786d
kernel-rt-debug-modules-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: bc8eadcfa39c6a193b701c7876480c73e39158b44126982589f7beeb72e14410
kernel-rt-debug-modules-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: bc8eadcfa39c6a193b701c7876480c73e39158b44126982589f7beeb72e14410
kernel-rt-debug-modules-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 43e91bb2c764243cf95f9bfc274a644bdda66bd97299b93218d2f100992d63b2
kernel-rt-debug-modules-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 43e91bb2c764243cf95f9bfc274a644bdda66bd97299b93218d2f100992d63b2
kernel-rt-debug-modules-extra-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: cca9c7508ec73d7a3701533b5810fc6157d6ba714bcc4ba2c176631187da2e17
kernel-rt-debug-modules-extra-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: cca9c7508ec73d7a3701533b5810fc6157d6ba714bcc4ba2c176631187da2e17
kernel-rt-debuginfo-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 8563ec35e770318a4e64052b782b1054e9fd23dea173c73bb5e6c3d5bda56fb7
kernel-rt-debuginfo-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 8563ec35e770318a4e64052b782b1054e9fd23dea173c73bb5e6c3d5bda56fb7
kernel-rt-debuginfo-common-x86_64-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 4a2413cbad27995fda5542a9753b7e27b96d1194fa5236b827860ac79b5b9d80
kernel-rt-debuginfo-common-x86_64-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 4a2413cbad27995fda5542a9753b7e27b96d1194fa5236b827860ac79b5b9d80
kernel-rt-devel-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 02dffecde54f9584fbeacca694ff2d0741f8e995894944e7d373a66f724d831f
kernel-rt-devel-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 02dffecde54f9584fbeacca694ff2d0741f8e995894944e7d373a66f724d831f
kernel-rt-kvm-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: f73b91812460eaae783c74db793f156d0aa05ac3cf37ddc6f3995003e39cce97
kernel-rt-modules-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: d609c5533261509fde82d5d8c148e703aa11a6b18428c444b7d2198c190ed46e
kernel-rt-modules-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: d609c5533261509fde82d5d8c148e703aa11a6b18428c444b7d2198c190ed46e
kernel-rt-modules-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 9f05cdd803bcfe38022735da3bc46043975850e24e2faba2f95bfad1d57f07e2
kernel-rt-modules-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 9f05cdd803bcfe38022735da3bc46043975850e24e2faba2f95bfad1d57f07e2
kernel-rt-modules-extra-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 76569f05193567790cff1392cfb7834716fd44d7d44a6b34916c1206c7e9950f
kernel-rt-modules-extra-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm SHA-256: 76569f05193567790cff1392cfb7834716fd44d7d44a6b34916c1206c7e9950f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.