- Issued:
- 2024-05-28
- Updated:
- 2024-05-28
RHSA-2024:3414 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)
- kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)
- kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)
- kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628)
- kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)
- kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)
Bug Fix(es):
- kernel-rt: update RT source tree to the latest RHEL-9.0.z Batch 17 (JIRA:RHEL-32673)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0 x86_64
Fixes
- BZ - 2235306 - CVE-2023-4244 kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction
- BZ - 2250843 - CVE-2023-6240 kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation
- BZ - 2255139 - CVE-2023-6817 kernel: inactive elements in nft_pipapo_walk
- BZ - 2262126 - CVE-2024-1086 kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function
- BZ - 2265645 - CVE-2024-26586 kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption
- BZ - 2272041 - CVE-2023-52628 kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.101.1.rt21.173.el9_0.src.rpm | SHA-256: 4582bc6087c92f037fc79d2be21770eda8ea65caf035abe5c2ad672e2340847a |
| x86_64 | |
| kernel-rt-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 97ce64fa321cdaff49bbfc6b8a67e58a1d309e9758196e4c117df7aa8dc96ebc |
| kernel-rt-core-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 4d2fbb01d3593ef88c0eb5ea32748c459e4ad18fcc88df04e3e4afaee9b5e02a |
| kernel-rt-debug-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: a2c7bd881e97df571b013832839d490977584759f1193572dc32c638b54817f0 |
| kernel-rt-debug-core-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 8c101633f9f1169a20360972fc27d3fe26b7d5184e598e8409610bc500b6cc45 |
| kernel-rt-debug-debuginfo-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: df2a2f971a10d8e766ed8c2a2b2d4ac86bc8f2565e280097d71f7526feca675f |
| kernel-rt-debug-devel-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 53df1190e718935f840f9e07c97f353b570f42b1ffcf8f29c21c97eed54afc4c |
| kernel-rt-debug-modules-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 31d2a283c508065d23601cd49e3d36becd9c141c21391ea90ca6a201fad0a006 |
| kernel-rt-debug-modules-extra-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: c0b2bc975e7394b615e8327430aaf520fca431f93517002a7c0323ee1882b4b9 |
| kernel-rt-debuginfo-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: a59445774dbf5f89717a2325b2253ec3f6bd20c3163d2bdfc4fb8680f80b6ec5 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 24925831a1ba642208b2af4cb06ef4d642ea21eacbfa29873b5cf5682e910b1f |
| kernel-rt-devel-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 55850dfbe6f838123e56b1bbb834e031da42b351faa24eaf2d42aa77e6c00e17 |
| kernel-rt-modules-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 4be16844235fef32ea8cf767f4217de4111c5c271af117d587c746f1667f3354 |
| kernel-rt-modules-extra-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: bb0c872096731ac65bac6539284e2d51c59a7fcc9e03ed1c442e12ccc14cd17f |
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.101.1.rt21.173.el9_0.src.rpm | SHA-256: 4582bc6087c92f037fc79d2be21770eda8ea65caf035abe5c2ad672e2340847a |
| x86_64 | |
| kernel-rt-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 97ce64fa321cdaff49bbfc6b8a67e58a1d309e9758196e4c117df7aa8dc96ebc |
| kernel-rt-core-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 4d2fbb01d3593ef88c0eb5ea32748c459e4ad18fcc88df04e3e4afaee9b5e02a |
| kernel-rt-debug-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: a2c7bd881e97df571b013832839d490977584759f1193572dc32c638b54817f0 |
| kernel-rt-debug-core-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 8c101633f9f1169a20360972fc27d3fe26b7d5184e598e8409610bc500b6cc45 |
| kernel-rt-debug-debuginfo-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: df2a2f971a10d8e766ed8c2a2b2d4ac86bc8f2565e280097d71f7526feca675f |
| kernel-rt-debug-devel-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 53df1190e718935f840f9e07c97f353b570f42b1ffcf8f29c21c97eed54afc4c |
| kernel-rt-debug-kvm-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 9d80317f7d9183efd51c1851f5e3570811d2ab46ff9e359cabcd1623184d55fc |
| kernel-rt-debug-modules-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 31d2a283c508065d23601cd49e3d36becd9c141c21391ea90ca6a201fad0a006 |
| kernel-rt-debug-modules-extra-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: c0b2bc975e7394b615e8327430aaf520fca431f93517002a7c0323ee1882b4b9 |
| kernel-rt-debuginfo-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: a59445774dbf5f89717a2325b2253ec3f6bd20c3163d2bdfc4fb8680f80b6ec5 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 24925831a1ba642208b2af4cb06ef4d642ea21eacbfa29873b5cf5682e910b1f |
| kernel-rt-devel-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 55850dfbe6f838123e56b1bbb834e031da42b351faa24eaf2d42aa77e6c00e17 |
| kernel-rt-kvm-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 99d8d4cca415391d4335b7438a60132ab4ba3df2435bedda703c5ba9637ff03c |
| kernel-rt-modules-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: 4be16844235fef32ea8cf767f4217de4111c5c271af117d587c746f1667f3354 |
| kernel-rt-modules-extra-5.14.0-70.101.1.rt21.173.el9_0.x86_64.rpm | SHA-256: bb0c872096731ac65bac6539284e2d51c59a7fcc9e03ed1c442e12ccc14cd17f |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
