- Issued:
- 2024-05-29
- Updated:
- 2024-05-29
RHSA-2024:3460 - Security Advisory
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643)
- kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)
- kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (CVE-2024-26673)
- kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)
- kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)
- kernel: cifs: fix underflow in parse_server_interfaces() (CVE-2024-26828)
- kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)
Bug Fix:
- kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-36221)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64
Fixes
- BZ - 2270879 - CVE-2024-26643 kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
- BZ - 2270881 - CVE-2024-26642 kernel: netfilter: nf_tables: disallow anonymous set with timeout flag
- BZ - 2272816 - CVE-2024-26673 kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
- BZ - 2273278 - CVE-2024-26735 kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref
- BZ - 2273423 - CVE-2024-26804 kernel: net: ip_tunnel: prevent perpetual headroom growth
- BZ - 2275600 - CVE-2024-26828 kernel: cifs: fix underflow in parse_server_interfaces()
- BZ - 2278314 - CVE-2024-26993 kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection()
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2
| SRPM | |
|---|---|
| kernel-rt-5.14.0-284.67.1.rt14.352.el9_2.src.rpm | SHA-256: 24862db9cef1b92c7974cba88e1343997077899df0ee4aa9ceee38fdd309f12a |
| x86_64 | |
| kernel-rt-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 73aa904a35ce5af4691546fe83f36f13bd6a24485481c6e4112bde145229c223 |
| kernel-rt-core-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 8ade15f377087c5c8b97848dae1183919f82e581a4f8d12f62517447b279bed2 |
| kernel-rt-debug-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: d6b9a0938548a5896b6586fb4a7c55ccdb5300346c310fb6b9c42f61e14ca24d |
| kernel-rt-debug-core-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 32b3f2cd1177a88febb43148067ec1b910d0c4e161593e43639ba48098ca8f8d |
| kernel-rt-debug-debuginfo-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 146366aac51d380381718141f55887998c31280d41915f00ebe719e66de50a3f |
| kernel-rt-debug-devel-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 2feb51dee3ea7e1b2e8fa3e4564225d92ee571cad25ee759d7294bb242de70e5 |
| kernel-rt-debug-modules-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: ffab656f54d2a41da4dfe56c0ee2ba1227d21576829b8c858fc3c0201fde985d |
| kernel-rt-debug-modules-core-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: b2b2b2124905e32da5a35e1ae357eabb0947c8145576cd94aeea5b28d4e09270 |
| kernel-rt-debug-modules-extra-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: cbf4852e214b1c4ed14e90fd46b3ed4c015876fee8a4cfc96b6457f0464eef94 |
| kernel-rt-debuginfo-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 10e9159b6ecbba14707e55fd810c7403cf396c8104ec515aad2592b18b633f35 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 5f2602f28d16c883399ae4e0b3a91757351ed219d754a485c19343b609ee44d6 |
| kernel-rt-devel-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: c1abf71e68955b078de5cafc67c8930118a5a97d4443f939a491d71385fcf705 |
| kernel-rt-modules-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 4a282ac561513bc15249ad26ccea8afdabdf5f067a607499142b753ca47125bf |
| kernel-rt-modules-core-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: df4f5f0c0064c0fadfbc0c4c2bad073b29304f52a0c7eb99c8fc66ebe6412f14 |
| kernel-rt-modules-extra-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: cfad30d066632ca5d9aaf629a9a65cbf50f961c4f0ab28c3efb5b196942d43d1 |
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2
| SRPM | |
|---|---|
| kernel-rt-5.14.0-284.67.1.rt14.352.el9_2.src.rpm | SHA-256: 24862db9cef1b92c7974cba88e1343997077899df0ee4aa9ceee38fdd309f12a |
| x86_64 | |
| kernel-rt-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 73aa904a35ce5af4691546fe83f36f13bd6a24485481c6e4112bde145229c223 |
| kernel-rt-core-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 8ade15f377087c5c8b97848dae1183919f82e581a4f8d12f62517447b279bed2 |
| kernel-rt-debug-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: d6b9a0938548a5896b6586fb4a7c55ccdb5300346c310fb6b9c42f61e14ca24d |
| kernel-rt-debug-core-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 32b3f2cd1177a88febb43148067ec1b910d0c4e161593e43639ba48098ca8f8d |
| kernel-rt-debug-debuginfo-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 146366aac51d380381718141f55887998c31280d41915f00ebe719e66de50a3f |
| kernel-rt-debug-devel-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 2feb51dee3ea7e1b2e8fa3e4564225d92ee571cad25ee759d7294bb242de70e5 |
| kernel-rt-debug-kvm-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 566295a0abdcc6a8a86d80ea37e3d3e94c7ecf7d130481d427e13c67d0f49b7c |
| kernel-rt-debug-modules-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: ffab656f54d2a41da4dfe56c0ee2ba1227d21576829b8c858fc3c0201fde985d |
| kernel-rt-debug-modules-core-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: b2b2b2124905e32da5a35e1ae357eabb0947c8145576cd94aeea5b28d4e09270 |
| kernel-rt-debug-modules-extra-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: cbf4852e214b1c4ed14e90fd46b3ed4c015876fee8a4cfc96b6457f0464eef94 |
| kernel-rt-debuginfo-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 10e9159b6ecbba14707e55fd810c7403cf396c8104ec515aad2592b18b633f35 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 5f2602f28d16c883399ae4e0b3a91757351ed219d754a485c19343b609ee44d6 |
| kernel-rt-devel-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: c1abf71e68955b078de5cafc67c8930118a5a97d4443f939a491d71385fcf705 |
| kernel-rt-kvm-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 36a3e86be2757143a2503384df1da201be331ac90cc8d80e26a08f46acf54356 |
| kernel-rt-modules-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: 4a282ac561513bc15249ad26ccea8afdabdf5f067a607499142b753ca47125bf |
| kernel-rt-modules-core-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: df4f5f0c0064c0fadfbc0c4c2bad073b29304f52a0c7eb99c8fc66ebe6412f14 |
| kernel-rt-modules-extra-5.14.0-284.67.1.rt14.352.el9_2.x86_64.rpm | SHA-256: cfad30d066632ca5d9aaf629a9a65cbf50f961c4f0ab28c3efb5b196942d43d1 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
