- Issued:
- 2024-03-27
- Updated:
- 2024-03-27
RHSA-2024:1533 - Security Advisory
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)
- kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)
Bug Fix(es):
- kernel-rt: kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:RHEL-22083)
- kernel-rt: update RT source tree to the latest RHEL-9.2.z7 Batch (JIRA:RHEL-28866)
- [RHEL9.3 nightly] NMI panic sometimes fails to start the 2nd kernel for kdump (JIRA:RHEL-24448)
- kernel-rt: kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (JIRA:RHEL-26382)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64
Fixes
- BZ - 2258518 - CVE-2024-0565 kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client
- BZ - 2267695 - CVE-2024-26602 kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2
SRPM | |
---|---|
kernel-rt-5.14.0-284.59.1.rt14.344.el9_2.src.rpm | SHA-256: a44e8881706e9fa0b2b7cd15a566fffb26d3d79b48290c2a5405bea2d927e8b7 |
x86_64 | |
kernel-rt-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 5afbd61f57217536c001ca887f71ee4bf773a25bfb5a3e16d552100df295b33e |
kernel-rt-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 92ea843205d659dee10a51dcb93ce454bc467b392d3ad64c948ab5ac228b3471 |
kernel-rt-debug-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 38bf4095c6f7aee4105e0a50351970f9913c8c1f48e0659380e1a4fa5c7cf451 |
kernel-rt-debug-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: c3dfe2a242b33aa590c22603573213a99e6b44f8d2192e7d01506e30d0286437 |
kernel-rt-debug-debuginfo-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 19074e8b6e34199dedb96a5e26702252ed32d6a13470d2f5a1800ebf80869612 |
kernel-rt-debug-devel-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 754ede08d271a550ae606c352ba07ea868100a50537553dc76ca223a3ef2487d |
kernel-rt-debug-modules-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: bc8eadcfa39c6a193b701c7876480c73e39158b44126982589f7beeb72e14410 |
kernel-rt-debug-modules-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 43e91bb2c764243cf95f9bfc274a644bdda66bd97299b93218d2f100992d63b2 |
kernel-rt-debug-modules-extra-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: cca9c7508ec73d7a3701533b5810fc6157d6ba714bcc4ba2c176631187da2e17 |
kernel-rt-debuginfo-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 8563ec35e770318a4e64052b782b1054e9fd23dea173c73bb5e6c3d5bda56fb7 |
kernel-rt-debuginfo-common-x86_64-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 4a2413cbad27995fda5542a9753b7e27b96d1194fa5236b827860ac79b5b9d80 |
kernel-rt-devel-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 02dffecde54f9584fbeacca694ff2d0741f8e995894944e7d373a66f724d831f |
kernel-rt-modules-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: d609c5533261509fde82d5d8c148e703aa11a6b18428c444b7d2198c190ed46e |
kernel-rt-modules-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 9f05cdd803bcfe38022735da3bc46043975850e24e2faba2f95bfad1d57f07e2 |
kernel-rt-modules-extra-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 76569f05193567790cff1392cfb7834716fd44d7d44a6b34916c1206c7e9950f |
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2
SRPM | |
---|---|
kernel-rt-5.14.0-284.59.1.rt14.344.el9_2.src.rpm | SHA-256: a44e8881706e9fa0b2b7cd15a566fffb26d3d79b48290c2a5405bea2d927e8b7 |
x86_64 | |
kernel-rt-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 5afbd61f57217536c001ca887f71ee4bf773a25bfb5a3e16d552100df295b33e |
kernel-rt-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 92ea843205d659dee10a51dcb93ce454bc467b392d3ad64c948ab5ac228b3471 |
kernel-rt-debug-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 38bf4095c6f7aee4105e0a50351970f9913c8c1f48e0659380e1a4fa5c7cf451 |
kernel-rt-debug-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: c3dfe2a242b33aa590c22603573213a99e6b44f8d2192e7d01506e30d0286437 |
kernel-rt-debug-debuginfo-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 19074e8b6e34199dedb96a5e26702252ed32d6a13470d2f5a1800ebf80869612 |
kernel-rt-debug-devel-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 754ede08d271a550ae606c352ba07ea868100a50537553dc76ca223a3ef2487d |
kernel-rt-debug-kvm-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: fd7edf3a1547a8f63e3a3c6de552ff8ba1dd8fb784af0bbbaff07202d455786d |
kernel-rt-debug-modules-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: bc8eadcfa39c6a193b701c7876480c73e39158b44126982589f7beeb72e14410 |
kernel-rt-debug-modules-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 43e91bb2c764243cf95f9bfc274a644bdda66bd97299b93218d2f100992d63b2 |
kernel-rt-debug-modules-extra-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: cca9c7508ec73d7a3701533b5810fc6157d6ba714bcc4ba2c176631187da2e17 |
kernel-rt-debuginfo-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 8563ec35e770318a4e64052b782b1054e9fd23dea173c73bb5e6c3d5bda56fb7 |
kernel-rt-debuginfo-common-x86_64-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 4a2413cbad27995fda5542a9753b7e27b96d1194fa5236b827860ac79b5b9d80 |
kernel-rt-devel-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 02dffecde54f9584fbeacca694ff2d0741f8e995894944e7d373a66f724d831f |
kernel-rt-kvm-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: f73b91812460eaae783c74db793f156d0aa05ac3cf37ddc6f3995003e39cce97 |
kernel-rt-modules-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: d609c5533261509fde82d5d8c148e703aa11a6b18428c444b7d2198c190ed46e |
kernel-rt-modules-core-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 9f05cdd803bcfe38022735da3bc46043975850e24e2faba2f95bfad1d57f07e2 |
kernel-rt-modules-extra-5.14.0-284.59.1.rt14.344.el9_2.x86_64.rpm | SHA-256: 76569f05193567790cff1392cfb7834716fd44d7d44a6b34916c1206c7e9950f |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.