- Issued:
- 2024-05-15
- Updated:
- 2024-05-15
RHSA-2024:2846 - Security Advisory
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744)
- kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628)
Bug Fix(es):
- kernel-rt: kernel: untrusted VMM can trigger int80 syscall handling (JIRA:RHEL-30421)
- kernel-rt: kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (JIRA:RHEL-31093)
- kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-34746)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64
Fixes
- BZ - 2263875 - CVE-2024-25744 kernel: untrusted VMM can trigger int80 syscall handling
- BZ - 2272041 - CVE-2023-52628 kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2
| SRPM | |
|---|---|
| kernel-rt-5.14.0-284.66.1.rt14.351.el9_2.src.rpm | SHA-256: 790891c350314cc13a58b3a3793fee13332776712b4454eb13ba6bc929167d83 |
| x86_64 | |
| kernel-rt-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: f225106926a68f987a920c8bcb43847defc22e79e932cb536f9071e7fca15fb3 |
| kernel-rt-core-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 599688aa503d2cd4f50f622e3a8fa8d4a55f5c1bc28ea3f633406003f9945e27 |
| kernel-rt-debug-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 9b6bbe48bd9128c482f3fee7ab364e28268dc8f3f021a9bd92ddd34201306121 |
| kernel-rt-debug-core-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 56a56f21d2e561a3f5a16b362932f54a0bea3bea342c3cbe43c3ea39cd85921e |
| kernel-rt-debug-debuginfo-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: b18db39fac3d428e44e4207641da749c9e64edd8cfcc9619c5dba6c44047cfe2 |
| kernel-rt-debug-devel-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 88efabb854df55411e4a213357902a58839176d83b0bb8eabba086d2cbfab261 |
| kernel-rt-debug-modules-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 6630f92c7d55def2a614145512d4eccb72c96efa404e6c4bb8a3e30f6bf225de |
| kernel-rt-debug-modules-core-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 60c29b18fde6ad72ed69a6b492dc5fef00265f5fc9a96a81383bcc4c01309cdb |
| kernel-rt-debug-modules-extra-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: d59f41af89e1650c6324d30d2988c80cf76fc07f1640fa941cd88908d2c03cf8 |
| kernel-rt-debuginfo-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 1e10e37292ac154bd7367c2ad0f36c9e684c4746621c85c660224eecc6c36327 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 2c78300b29106addd43d0c06d4fb7065d16e10eef62e890373738795a057d6fb |
| kernel-rt-devel-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 0ea8e6d13992463459ce3892f4d23184a735323a248333595a3b3136bc22cadd |
| kernel-rt-modules-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: d4aad1bfdf3d54599944247f8a79d64c6480a5d59df90a41d29db8fc66f66119 |
| kernel-rt-modules-core-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 9b61318d96f31fc8c313e9d6470515efdf3df629813ccfb3b9eb7809e147893c |
| kernel-rt-modules-extra-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 664eb44ae39f42512bb5b7fb06fdf5b80bf641227e41bd2e9d439391f643c314 |
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2
| SRPM | |
|---|---|
| kernel-rt-5.14.0-284.66.1.rt14.351.el9_2.src.rpm | SHA-256: 790891c350314cc13a58b3a3793fee13332776712b4454eb13ba6bc929167d83 |
| x86_64 | |
| kernel-rt-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: f225106926a68f987a920c8bcb43847defc22e79e932cb536f9071e7fca15fb3 |
| kernel-rt-core-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 599688aa503d2cd4f50f622e3a8fa8d4a55f5c1bc28ea3f633406003f9945e27 |
| kernel-rt-debug-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 9b6bbe48bd9128c482f3fee7ab364e28268dc8f3f021a9bd92ddd34201306121 |
| kernel-rt-debug-core-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 56a56f21d2e561a3f5a16b362932f54a0bea3bea342c3cbe43c3ea39cd85921e |
| kernel-rt-debug-debuginfo-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: b18db39fac3d428e44e4207641da749c9e64edd8cfcc9619c5dba6c44047cfe2 |
| kernel-rt-debug-devel-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 88efabb854df55411e4a213357902a58839176d83b0bb8eabba086d2cbfab261 |
| kernel-rt-debug-kvm-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: be5c4380f2a0e2a063882537f8dd103294de64b408c6dd778d826f64ed51bdcb |
| kernel-rt-debug-modules-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 6630f92c7d55def2a614145512d4eccb72c96efa404e6c4bb8a3e30f6bf225de |
| kernel-rt-debug-modules-core-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 60c29b18fde6ad72ed69a6b492dc5fef00265f5fc9a96a81383bcc4c01309cdb |
| kernel-rt-debug-modules-extra-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: d59f41af89e1650c6324d30d2988c80cf76fc07f1640fa941cd88908d2c03cf8 |
| kernel-rt-debuginfo-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 1e10e37292ac154bd7367c2ad0f36c9e684c4746621c85c660224eecc6c36327 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 2c78300b29106addd43d0c06d4fb7065d16e10eef62e890373738795a057d6fb |
| kernel-rt-devel-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 0ea8e6d13992463459ce3892f4d23184a735323a248333595a3b3136bc22cadd |
| kernel-rt-kvm-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 8838cbd8694d76fdcc041c0649938bfec7534f7c753f9ab3d9447a6900de58d9 |
| kernel-rt-modules-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: d4aad1bfdf3d54599944247f8a79d64c6480a5d59df90a41d29db8fc66f66119 |
| kernel-rt-modules-core-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 9b61318d96f31fc8c313e9d6470515efdf3df629813ccfb3b9eb7809e147893c |
| kernel-rt-modules-extra-5.14.0-284.66.1.rt14.351.el9_2.x86_64.rpm | SHA-256: 664eb44ae39f42512bb5b7fb06fdf5b80bf641227e41bd2e9d439391f643c314 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
