- Issued:
- 2024-04-18
- Updated:
- 2024-04-18
RHSA-2024:1882 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)
- kernel: tls: use-after-free with partial reads and async decrypt (CVE-2024-26582)
- kernel: tls: handle backlogging of crypto requests (CVE-2024-26584)
- kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)
Bug Fix(es):
- kernel-rt: kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (JIRA:RHEL-29214)
- kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-30439)
- kernel-rt: kernel: tls: use-after-free with partial reads and async decrypt (JIRA:RHEL-26399)
- kernel-rt: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (JIRA:RHEL-29687)
- kernel-rt: kernel: tls: handle backlogging of crypto requests (JIRA:RHEL-30451)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64
Fixes
- BZ - 2250843 - CVE-2023-6240 kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation
- BZ - 2265518 - CVE-2024-26582 kernel: tls: use-after-free with partial reads and async decrypt
- BZ - 2265519 - CVE-2024-26584 kernel: tls: handle backlogging of crypto requests
- BZ - 2265645 - CVE-2024-26586 kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2
| SRPM | |
|---|---|
| kernel-rt-5.14.0-284.62.1.rt14.347.el9_2.src.rpm | SHA-256: 405b6918f3cb304fb21318925992cae9069e540dc44c3d269b3f230c0ee648fc |
| x86_64 | |
| kernel-rt-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 5c1d62df76d5ceb548675b4fa5686e0e325bd6e6e9260eafc53a7d6e7fd919b7 |
| kernel-rt-core-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 1a8ddf722329146733c098d7eeaa15e26b6c9bc0e979520cf96c1a43b62ee283 |
| kernel-rt-debug-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 016b1ee3827f9926ee4e62d18100cd2635c15428f6b6505ec6401d676ad2a6b2 |
| kernel-rt-debug-core-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 7ee371b61c9bc71df90a6703c005b910e0e9b637cc67956444dad7e2865eaca4 |
| kernel-rt-debug-debuginfo-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 46a12a5f428a0d69e76aac0aae545c46a6dac1809f732a27c51ee8edcfcfdb18 |
| kernel-rt-debug-devel-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: f7d8c6dc6bccafa2ae76ab0c0d19ff3215ab9cf6f048b4582e6c7e2bad62da24 |
| kernel-rt-debug-modules-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: c80ee21543171c3f17fdbf072314de463022f2fd726fde309bc42eec092345be |
| kernel-rt-debug-modules-core-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: ccab7e2efa9e9b68af9c87babd59200c524f86ca9d0ed0147a8a9d63e27a1601 |
| kernel-rt-debug-modules-extra-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 13423f1149bc3e27c71198d6fdd8292dbcd17d972154c4b6b2e0a010a0327e4e |
| kernel-rt-debuginfo-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 5ccc28481eb50857f27a05b25bd286adf859477c03a72b982cb13012ce423e92 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: b32ec7b8d6b8a8a5b4513988e06f4e7d5444b9a915e6497a155406f4b108b3a3 |
| kernel-rt-devel-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 82e85fedfdd376fa1bb775526d4a3f84a351365dc281b66eef67a92fe044c799 |
| kernel-rt-modules-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 7028377293384793696b14abfe9133762c4662cdc6e6ff6268be62d8cc9ce1e3 |
| kernel-rt-modules-core-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: c7ab4907a4ae4f499120a459843eefd147138eb46994caec30d400b63e787fc3 |
| kernel-rt-modules-extra-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 89f39e9f1419f37c387df2b3cb8a283638455561f634d384fa9a1143b564ce3b |
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2
| SRPM | |
|---|---|
| kernel-rt-5.14.0-284.62.1.rt14.347.el9_2.src.rpm | SHA-256: 405b6918f3cb304fb21318925992cae9069e540dc44c3d269b3f230c0ee648fc |
| x86_64 | |
| kernel-rt-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 5c1d62df76d5ceb548675b4fa5686e0e325bd6e6e9260eafc53a7d6e7fd919b7 |
| kernel-rt-core-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 1a8ddf722329146733c098d7eeaa15e26b6c9bc0e979520cf96c1a43b62ee283 |
| kernel-rt-debug-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 016b1ee3827f9926ee4e62d18100cd2635c15428f6b6505ec6401d676ad2a6b2 |
| kernel-rt-debug-core-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 7ee371b61c9bc71df90a6703c005b910e0e9b637cc67956444dad7e2865eaca4 |
| kernel-rt-debug-debuginfo-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 46a12a5f428a0d69e76aac0aae545c46a6dac1809f732a27c51ee8edcfcfdb18 |
| kernel-rt-debug-devel-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: f7d8c6dc6bccafa2ae76ab0c0d19ff3215ab9cf6f048b4582e6c7e2bad62da24 |
| kernel-rt-debug-kvm-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 73d7eeae1a7c40f1debf55e9b63bdd2cb38d445eb4b223d9ec3b667efa0afc2f |
| kernel-rt-debug-modules-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: c80ee21543171c3f17fdbf072314de463022f2fd726fde309bc42eec092345be |
| kernel-rt-debug-modules-core-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: ccab7e2efa9e9b68af9c87babd59200c524f86ca9d0ed0147a8a9d63e27a1601 |
| kernel-rt-debug-modules-extra-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 13423f1149bc3e27c71198d6fdd8292dbcd17d972154c4b6b2e0a010a0327e4e |
| kernel-rt-debuginfo-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 5ccc28481eb50857f27a05b25bd286adf859477c03a72b982cb13012ce423e92 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: b32ec7b8d6b8a8a5b4513988e06f4e7d5444b9a915e6497a155406f4b108b3a3 |
| kernel-rt-devel-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 82e85fedfdd376fa1bb775526d4a3f84a351365dc281b66eef67a92fe044c799 |
| kernel-rt-kvm-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 7d75d0153136221b522d143d7dd7452c771084d4248209aa2e48a581a89f4b3d |
| kernel-rt-modules-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 7028377293384793696b14abfe9133762c4662cdc6e6ff6268be62d8cc9ce1e3 |
| kernel-rt-modules-core-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: c7ab4907a4ae4f499120a459843eefd147138eb46994caec30d400b63e787fc3 |
| kernel-rt-modules-extra-5.14.0-284.62.1.rt14.347.el9_2.x86_64.rpm | SHA-256: 89f39e9f1419f37c387df2b3cb8a283638455561f634d384fa9a1143b564ce3b |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
