- Issued:
- 2024-06-05
- Updated:
- 2024-06-05
RHSA-2024:3627 - Security Advisory
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)
- kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340)
- kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744)
- kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593)
- kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445)
- kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever (CVE-2024-26603)
- kernel: use after free in i2c (CVE-2019-25162)
- kernel: i2c: validate user data in compat ioctl (CVE-2021-46934)
- kernel: media: dvbdev: Fix memory leak in dvb_media_device_free() (CVE-2020-36777)
- kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors (CVE-2023-52477)
- kernel: mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055)
- kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump (CVE-2024-26615)
- kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627)
- kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307)
- kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu() (CVE-2023-52565)
- kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)
- kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (CVE-2023-52528)
- kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520)
- kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513)
- kernel: pid: take a reference when initializing `cad_pid` (CVE-2021-47118)
- kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610)
- kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643)
- kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)
- kernel: i2c: i801: Don't generate an interrupt on bus reset (CVE-2021-47153)
- kernel: xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659)
- kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664)
- kernel: wifi: mac80211: fix race condition on enabling fast-xmit (CVE-2024-26779)
- kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter (CVE-2024-26744)
- kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743)
- kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (CVE-2021-47185)
- kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901)
- kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872)
- kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919)
- kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964)
- kernel: USB: core: Fix deadlock in usb_deauthorize_interface() (CVE-2024-26934)
- kernel: USB: core: Fix deadlock in port "disable" sysfs attribute (CVE-2024-26933)
- kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)
- kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973)
- kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (CVE-2024-27059)
Bug Fix(es):
- kernel-rt: update RT source tree to the latest RHEL-8.10.z kernel (JIRA:RHEL-34640)
- kernel-rt: epoll_wait not reporting catching all events to application (JIRA:RHEL-23022)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
Fixes
- BZ - 2250843 - CVE-2023-6240 kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation
- BZ - 2257406 - CVE-2024-0340 kernel: Information disclosure in vhost/vhost.c:vhost_new_msg()
- BZ - 2263875 - CVE-2024-25744 kernel: untrusted VMM can trigger int80 syscall handling
- BZ - 2265271 - CVE-2023-52439 kernel: uio: Fix use-after-free in uio_open
- BZ - 2265646 - CVE-2024-26593 kernel: i2c: i801: Fix block process call transactions
- BZ - 2265654 - CVE-2023-52445 kernel: pvrusb2: fix use after free on context disconnection
- BZ - 2265833 - CVE-2024-26603 kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever
- BZ - 2266296 - CVE-2019-25162 kernel: use after free in i2c
- BZ - 2266446 - CVE-2021-46934 kernel: i2c: validate user data in compat ioctl
- BZ - 2266746 - CVE-2020-36777 kernel: media: dvbdev: Fix memory leak in dvb_media_device_free()
- BZ - 2266841 - CVE-2021-47013 kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
- BZ - 2267038 - CVE-2023-52477 kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors
- BZ - 2267185 - CVE-2021-47055 kernel: mtd: require write permissions for locking and badblock ioctls
- BZ - 2267355 - CVE-2024-26615 kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump
- BZ - 2267509 - CVE-2022-48627 kernel: vt: fix memory overlapping when deleting chars in the buffer
- BZ - 2267705 - CVE-2024-23307 kernel: Integer Overflow in raid5_cache_count
- BZ - 2267724 - CVE-2023-52565 kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu()
- BZ - 2267758 - CVE-2023-52578 kernel: net: bridge: data races indata-races in br_handle_frame_finish()
- BZ - 2267789 - CVE-2023-52528 kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
- BZ - 2267797 - CVE-2023-52520 kernel: platform/x86: think-lmi: Fix reference leak
- BZ - 2267804 - CVE-2023-52513 kernel: RDMA/siw: Fix connection failure handling
- BZ - 2268315 - CVE-2023-52595 kernel: wifi: rt2x00: restart beacon queue when hardware reset
- BZ - 2268317 - CVE-2023-52594 kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
- BZ - 2269213 - CVE-2024-26610 kernel: wifi: iwlwifi: fix a memory corruption
- BZ - 2269856 - CVE-2021-47118 kernel: pid: take a reference when initializing `cad_pid`
- BZ - 2270080 - CVE-2023-52610 kernel: net/sched: act_ct: fix skb leak and crash on ooo frags
- BZ - 2270879 - CVE-2024-26643 kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
- BZ - 2270881 - CVE-2024-26642 kernel: netfilter: nf_tables: disallow anonymous set with timeout flag
- BZ - 2271469 - CVE-2021-47171 kernel: net: usb: fix memory leak in smsc75xx_bind
- BZ - 2271476 - CVE-2021-47153 kernel: i2c: i801: Don't generate an interrupt on bus reset
- BZ - 2272780 - CVE-2024-26659 kernel: xhci: handle isoc Babble and Buffer Overrun events properly
- BZ - 2272791 - CVE-2024-26664 kernel: hwmon: (coretemp) Fix out-of-bounds memory access
- BZ - 2273092 - CVE-2024-26694 kernel: wifi: iwlwifi: fix double-free bug
- BZ - 2273094 - CVE-2024-26693 kernel: wifi: iwlwifi: mvm: fix a crash when we run out of stations
- BZ - 2273223 - CVE-2024-26779 kernel: wifi: mac80211: fix race condition on enabling fast-xmit
- BZ - 2273260 - CVE-2024-26744 kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter
- BZ - 2273262 - CVE-2024-26743 kernel: RDMA/qedr: Fix qedr_create_user_qp error flow
- BZ - 2274624 - CVE-2021-47185 kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
- BZ - 2275645 - CVE-2024-26901 kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
- BZ - 2275655 - CVE-2024-26897 kernel: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
- BZ - 2275666 - CVE-2024-26892 kernel: wifi: mt76: mt7921e: fix use-after-free in free_irq()
- BZ - 2275707 - CVE-2024-26872 kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup
- BZ - 2275777 - CVE-2024-26919 kernel: usb: ulpi: Fix debugfs directory leak
- BZ - 2278169 - CVE-2024-26964 kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma
- BZ - 2278237 - CVE-2024-26934 kernel: USB: core: Fix deadlock in usb_deauthorize_interface()
- BZ - 2278240 - CVE-2024-26933 kernel: USB: core: Fix deadlock in port "disable" sysfs attribute
- BZ - 2278268 - CVE-2024-27014 kernel: net/mlx5e: Prevent deadlock while disabling aRFS
- BZ - 2278314 - CVE-2024-26993 kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection()
- BZ - 2278356 - CVE-2024-26973 kernel: fat: fix uninitialized field in nostale filehandles
- BZ - 2278398 - CVE-2024-27059 kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
- BZ - 2278409 - CVE-2024-27056 kernel: wifi: iwlwifi: mvm: ensure offloading TID queue exists
- BZ - 2278417 - CVE-2024-27052 kernel: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
- BZ - 2278431 - CVE-2024-27048 kernel: wifi: brcm80211: handle pmk_op allocation failure
CVEs
- CVE-2019-25162
- CVE-2020-36777
- CVE-2021-46934
- CVE-2021-47013
- CVE-2021-47055
- CVE-2021-47118
- CVE-2021-47153
- CVE-2021-47171
- CVE-2021-47185
- CVE-2022-48627
- CVE-2023-6240
- CVE-2023-52439
- CVE-2023-52445
- CVE-2023-52477
- CVE-2023-52513
- CVE-2023-52520
- CVE-2023-52528
- CVE-2023-52565
- CVE-2023-52578
- CVE-2023-52594
- CVE-2023-52595
- CVE-2023-52610
- CVE-2024-0340
- CVE-2024-23307
- CVE-2024-25744
- CVE-2024-26593
- CVE-2024-26603
- CVE-2024-26610
- CVE-2024-26615
- CVE-2024-26642
- CVE-2024-26643
- CVE-2024-26659
- CVE-2024-26664
- CVE-2024-26693
- CVE-2024-26694
- CVE-2024-26743
- CVE-2024-26744
- CVE-2024-26779
- CVE-2024-26872
- CVE-2024-26892
- CVE-2024-26897
- CVE-2024-26901
- CVE-2024-26919
- CVE-2024-26933
- CVE-2024-26934
- CVE-2024-26964
- CVE-2024-26973
- CVE-2024-26993
- CVE-2024-27014
- CVE-2024-27048
- CVE-2024-27052
- CVE-2024-27056
- CVE-2024-27059
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-553.5.1.rt7.346.el8_10.src.rpm | SHA-256: e1305be7d40170cdf56b220a652dd7da788653b1aff767aa50dd4f8f97166f45 |
| x86_64 | |
| kernel-rt-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 17669a8f3c5848ba521ce315f3cd02d031068d33b218e0ed9c9dd9afc25dc5a0 |
| kernel-rt-core-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 90d969e167bd0cc33353ac5638a9d7b6af01cb8d2e6b565ddb9d94a1c11f1010 |
| kernel-rt-debug-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 6a389d72f6c6dfa326aa81fe636f60a958b236012c64ba66ff560e3294537c32 |
| kernel-rt-debug-core-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 08fa099aac4d3e4bc4794854bcd905cdf55dd963d700981f9e317ae4d10e223d |
| kernel-rt-debug-debuginfo-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 10ecae1cf76a55643ee0f01eeba9821e86bb8fca4f927b6e828c721b5a065926 |
| kernel-rt-debug-devel-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 718904089034e4f931b0cbf324acb60b040d3c1fd53f0ffec1eb1ed44697077c |
| kernel-rt-debug-modules-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: c59c9e9bf2358e7d4cac0cd40143b9c2ddf0ca5c6a67e8e5e0317c0a31834802 |
| kernel-rt-debug-modules-extra-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: eba136cfbb1b47db90b60cc1431aca62d2756230866946ada07eebd2bbddf2f0 |
| kernel-rt-debuginfo-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: a417d24b5d1d06b28979d30de1f819dc7e7e6e6d76b87d46c8258ef45b04ae2e |
| kernel-rt-debuginfo-common-x86_64-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 7896f5e7e04f6bd2aa3340ed0466a699b9e592162609eb8467cbd3b5c135d143 |
| kernel-rt-devel-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 690ae807ae7f82969e7e588e2739378393c35c39d48afaa0bef5d71748f5e82c |
| kernel-rt-modules-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: d3a46acbaca1a9ad52c30fa5164d550e1fea97e3d3a0a5d3fa570c1e1a8029af |
| kernel-rt-modules-extra-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 8372b45e8881c41774d8d0524edca823f4a9a65401faac210f82c870ea8dd848 |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-553.5.1.rt7.346.el8_10.src.rpm | SHA-256: e1305be7d40170cdf56b220a652dd7da788653b1aff767aa50dd4f8f97166f45 |
| x86_64 | |
| kernel-rt-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 17669a8f3c5848ba521ce315f3cd02d031068d33b218e0ed9c9dd9afc25dc5a0 |
| kernel-rt-core-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 90d969e167bd0cc33353ac5638a9d7b6af01cb8d2e6b565ddb9d94a1c11f1010 |
| kernel-rt-debug-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 6a389d72f6c6dfa326aa81fe636f60a958b236012c64ba66ff560e3294537c32 |
| kernel-rt-debug-core-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 08fa099aac4d3e4bc4794854bcd905cdf55dd963d700981f9e317ae4d10e223d |
| kernel-rt-debug-debuginfo-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 10ecae1cf76a55643ee0f01eeba9821e86bb8fca4f927b6e828c721b5a065926 |
| kernel-rt-debug-devel-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 718904089034e4f931b0cbf324acb60b040d3c1fd53f0ffec1eb1ed44697077c |
| kernel-rt-debug-kvm-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 27776cd06870437dd9e7660b767a021500e5ee588e03bb1ef4977f4085f1f1bd |
| kernel-rt-debug-modules-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: c59c9e9bf2358e7d4cac0cd40143b9c2ddf0ca5c6a67e8e5e0317c0a31834802 |
| kernel-rt-debug-modules-extra-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: eba136cfbb1b47db90b60cc1431aca62d2756230866946ada07eebd2bbddf2f0 |
| kernel-rt-debuginfo-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: a417d24b5d1d06b28979d30de1f819dc7e7e6e6d76b87d46c8258ef45b04ae2e |
| kernel-rt-debuginfo-common-x86_64-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 7896f5e7e04f6bd2aa3340ed0466a699b9e592162609eb8467cbd3b5c135d143 |
| kernel-rt-devel-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 690ae807ae7f82969e7e588e2739378393c35c39d48afaa0bef5d71748f5e82c |
| kernel-rt-kvm-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 7936a94ff1c9bbcc8b4b0fef12e05ca0c65a5181f4449e8bca4c6e9c26205693 |
| kernel-rt-modules-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: d3a46acbaca1a9ad52c30fa5164d550e1fea97e3d3a0a5d3fa570c1e1a8029af |
| kernel-rt-modules-extra-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm | SHA-256: 8372b45e8881c41774d8d0524edca823f4a9a65401faac210f82c870ea8dd848 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
