- Issued:
- 2024-07-08
- Updated:
- 2024-07-08
RHSA-2024:4352 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[Updated 03 July 2024]
The text of this advisory has been updated with the correct product name (Red
Hat Enterprise Linux 8) in the Topics section. In the Problem Description
section, CVEs of the same sub-components have been grouped together. The
packages included in this revised update have not been changed in any way from
the packages included in the original advisory.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: tls (CVE-2024-26585,CVE-2024-26584, CVE-2024-26583
- kernel-rt: kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909)
- kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069)
- kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615)
- kernel-rt: kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)
- kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset CVE-2024-26801)
- kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)
- kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)
- kernel: wifi: mac80211: (CVE-2024-35789, CVE-2024-35838, CVE-2024-35845)
- kernel: wifi: nl80211: reject iftype change with mesh ID change (CVE-2024-27410)
- kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835)
- kernel:TCP-spoofed ghost ACKs and leak initial sequence number (CVE-2023-52881)
- kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)
- kernel: ovl: fix leaked dentry (CVE-2021-46972)
- kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073)
- kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560)
- kernel: ppp_async: limit MRU to 64K (CVE-2024-26675)
- kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759)
- kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907)
- kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)
- kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)
- kernel: net/usb: kalmia: avoid printing uninitialized value on error path (CVE-2023-52703)
- kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090)
- kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464)
- kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)
- kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)
- kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859)
- kernel: crypto: (CVE-2024-26974, CVE-2023-52813)
- kernel: can: (CVE-2023-52878, CVE-2021-47456)
- kernel: usb: (CVE-2023-52781, CVE-2023-52877)
- kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)
- kernel: usbnet: sanity check for maxpacket (CVE-2021-47495)
- kernel: gro: fix ownership transfer (CVE-2024-35890)
- kernel: erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888)
- kernel: tipc: fix kernel warning when sending SYN message (CVE-2023-52700)
- kernel: net/mlx5/mlxsw: (CVE-2024-35960, CVE-2024-36007, CVE-2024-35855)
- kernel: net/mlx5e: (CVE-2024-35959, CVE-2023-52626, CVE-2024-35835)
- kernel: mlxsw: (CVE-2024-35854, CVE-2024-35853, CVE-2024-35852)
- kernel: net: (CVE-2024-35958, CVE-2021-47311, CVE-2021-47236, CVE-2021-47310)
- kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004)
- kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356)
- kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353)
Bug Fix(es):
- kernel-rt: update RT source tree to the latest RHEL-8.10.z kernel (JIRA:RHEL-40882)
- [rhel8.9][cxgb4]BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/54735 (JIRA:RHEL-8779)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
Fixes
- BZ - 1918601 - CVE-2020-26555 kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack
- BZ - 2248122 - CVE-2023-5090 kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
- BZ - 2258875 - CVE-2023-52881 kernel:TCP-spoofed ghost ACKs and leak leak initial sequence number
- BZ - 2265517 - CVE-2024-26585 kernel: tls: race between tx work scheduling and socket close
- BZ - 2265519 - CVE-2024-26584 kernel: tls: handle backlogging of crypto requests
- BZ - 2265520 - CVE-2024-26583 kernel: tls: race between async notify and socket close
- BZ - 2265800 - CVE-2023-52464 kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c
- BZ - 2266408 - CVE-2021-46909 kernel: PCI interrupt mapping cause oops
- BZ - 2266831 - CVE-2021-46972 kernel: ovl: fix leaked dentry
- BZ - 2267513 - CVE-2021-47069 kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
- BZ - 2267518 - CVE-2021-47073 kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
- BZ - 2267730 - CVE-2023-52560 kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions()
- BZ - 2270093 - CVE-2023-52615 kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng
- BZ - 2271680 - CVE-2023-52626 kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context
- BZ - 2272692 - CVE-2024-26656 kernel: drm/amdgpu: use-after-free vulnerability
- BZ - 2272829 - CVE-2024-26675 kernel: ppp_async: limit MRU to 64K
- BZ - 2273204 - CVE-2024-26759 kernel: mm/swap: fix race when skipping swapcache
- BZ - 2273278 - CVE-2024-26735 kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref
- BZ - 2273423 - CVE-2024-26804 kernel: net: ip_tunnel: prevent perpetual headroom growth
- BZ - 2273429 - CVE-2024-26801 kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset
- BZ - 2275604 - CVE-2024-26826 kernel: mptcp: fix data re-injection from stale subflow
- BZ - 2275633 - CVE-2024-26907 kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment
- BZ - 2275635 - CVE-2024-26906 kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
- BZ - 2275733 - CVE-2024-26859 kernel: net/bnx2x: Prevent access to a freed page in page_pool
- BZ - 2278337 - CVE-2024-26982 kernel: Squashfs: check the inode number is not the invalid value of zero
- BZ - 2278354 - CVE-2024-26974 kernel: crypto: qat - resolve race condition during AER recovery
- BZ - 2280434 - CVE-2024-27397 kernel: netfilter: nf_tables: use timestamp to check for set element timeout
- BZ - 2281057 - CVE-2024-35789 kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
- BZ - 2281113 - CVE-2024-27410 kernel: wifi: nl80211: reject iftype change with mesh ID change
- BZ - 2281157 - CVE-2024-35838 kernel: wifi: mac80211: fix potential sta-link leak
- BZ - 2281165 - CVE-2024-35835 kernel: net/mlx5e: fix a double-free in arfs_create_groups
- BZ - 2281251 - CVE-2024-35855 kernel: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
- BZ - 2281253 - CVE-2024-35854 kernel: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
- BZ - 2281255 - CVE-2024-35853 kernel: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
- BZ - 2281257 - CVE-2024-35852 kernel: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
- BZ - 2281272 - CVE-2024-35845 kernel: wifi: iwlwifi: dbg-tlv: ensure NUL termination
- BZ - 2281350 - CVE-2023-52667 kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups
- BZ - 2281689 - CVE-2024-35890 kernel: gro: fix ownership transfer
- BZ - 2281693 - CVE-2024-35888 kernel: erspan: make sure erspan_base_hdr is present in skb->head
- BZ - 2281920 - CVE-2024-35960 kernel: net/mlx5: Properly link new fs rules into the tree
- BZ - 2281923 - CVE-2024-35959 kernel: net/mlx5e: Fix mlx5e_priv_init() cleanup flow
- BZ - 2281925 - CVE-2024-35958 kernel: net: ena: Fix incorrect descriptor free behavior
- BZ - 2281953 - CVE-2024-36004 kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
- BZ - 2281986 - CVE-2024-36007 kernel: mlxsw: spectrum_acl_tcam: Fix warning during rehash
- BZ - 2282394 - CVE-2021-47356 kernel: mISDN: fix possible use-after-free in HFC_cleanup()
- BZ - 2282400 - CVE-2021-47353 kernel: udf: Fix NULL pointer dereference in udf_symlink function
- BZ - 2282471 - CVE-2021-47311 kernel: net: qcom/emac: fix UAF in emac_remove
- BZ - 2282472 - CVE-2021-47310 kernel: net: ti: fix UAF in tlan_remove_one
- BZ - 2282581 - CVE-2021-47236 kernel: net: cdc_eem: fix tx fixup skb leak
- BZ - 2282609 - CVE-2023-52700 kernel: tipc: fix kernel warning when sending SYN message
- BZ - 2282612 - CVE-2023-52703 kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
- BZ - 2282653 - CVE-2023-52813 kernel: crypto: pcrypt - Fix hungtask for PADATA_RESET
- BZ - 2282680 - CVE-2023-52878 kernel: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds
- BZ - 2282698 - CVE-2023-52781 kernel: usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
- BZ - 2282712 - CVE-2023-52877 kernel: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()
- BZ - 2282735 - CVE-2023-52835 kernel: perf/core: Bail out early if the request AUX area is out of bound
- BZ - 2282902 - CVE-2021-47456 kernel: can: peak_pci: peak_pci_remove(): fix UAF
- BZ - 2282920 - CVE-2021-47495 kernel: usbnet: sanity check for maxpacket
CVEs
- CVE-2020-26555
- CVE-2021-46909
- CVE-2021-46972
- CVE-2021-47069
- CVE-2021-47073
- CVE-2021-47236
- CVE-2021-47310
- CVE-2021-47311
- CVE-2021-47353
- CVE-2021-47356
- CVE-2021-47456
- CVE-2021-47495
- CVE-2023-5090
- CVE-2023-52464
- CVE-2023-52560
- CVE-2023-52615
- CVE-2023-52626
- CVE-2023-52667
- CVE-2023-52700
- CVE-2023-52703
- CVE-2023-52781
- CVE-2023-52813
- CVE-2023-52835
- CVE-2023-52877
- CVE-2023-52878
- CVE-2023-52881
- CVE-2024-26583
- CVE-2024-26584
- CVE-2024-26585
- CVE-2024-26656
- CVE-2024-26675
- CVE-2024-26735
- CVE-2024-26759
- CVE-2024-26801
- CVE-2024-26804
- CVE-2024-26826
- CVE-2024-26859
- CVE-2024-26906
- CVE-2024-26907
- CVE-2024-26974
- CVE-2024-26982
- CVE-2024-27397
- CVE-2024-27410
- CVE-2024-35789
- CVE-2024-35835
- CVE-2024-35838
- CVE-2024-35845
- CVE-2024-35852
- CVE-2024-35853
- CVE-2024-35854
- CVE-2024-35855
- CVE-2024-35888
- CVE-2024-35890
- CVE-2024-35958
- CVE-2024-35959
- CVE-2024-35960
- CVE-2024-36004
- CVE-2024-36007
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-553.8.1.rt7.349.el8_10.src.rpm | SHA-256: 46b4481382673f47bf4bf93ff1db1e5e4add94ceee24f1bccdb9eeda968b2db2 |
| x86_64 | |
| kernel-rt-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 58013091cad40642b218005cd3d9a0ed851a147b7df873c0b51c7fa5e21235e0 |
| kernel-rt-core-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: d451799e6e26ea5cbdd40174ebeb0569494c4f6046ee16b56b80e70d8025c5b4 |
| kernel-rt-debug-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 3b90497f83a6b9e76039f916f3656ef31252b0df76542ca8ed5abae2169a6bc4 |
| kernel-rt-debug-core-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: b1930ce79105faba94babfc8c47dcad509b04a31d9a5727a397c2bfac4f38df8 |
| kernel-rt-debug-debuginfo-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: ab2edb32c884648781dee9a05ac5d4c1e010fcdce1e6ff031ba701d8962845ba |
| kernel-rt-debug-devel-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: e3819339709b68bd2ceef36e0b3325971f9a125e89e96a9f5d4cdaf9fd520e6b |
| kernel-rt-debug-modules-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 0774d927e7f748a9126f7042b56a1b715f0e10bbece0f4376b54b9ca1edafc9e |
| kernel-rt-debug-modules-extra-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 8b51ec38259964ff4b683335c1a2353189829493a28e7beb12af29eb25b764e6 |
| kernel-rt-debuginfo-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 84b4ed0c2cd8fcd5ae0e5a5cec82f9f3bb9600985ec7ea3c3a566f075faba379 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 4c294be76edf78253c09598126dd9cb3e7b62753dd1f7f78a05499aa7fbaa81a |
| kernel-rt-devel-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 06b3bab4bd5ae5277072f1569f82963a22a2eee25e316b76442bffbc98447566 |
| kernel-rt-modules-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 6735bd92d693d8035194f42a722683c9e390d05d32efdbab86e497aab4ac3e38 |
| kernel-rt-modules-extra-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 9f2eceaa619ee95bc03c9fb5d7958c7a54e66da1e91de9cdf4263f9b25c5afb9 |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-553.8.1.rt7.349.el8_10.src.rpm | SHA-256: 46b4481382673f47bf4bf93ff1db1e5e4add94ceee24f1bccdb9eeda968b2db2 |
| x86_64 | |
| kernel-rt-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 58013091cad40642b218005cd3d9a0ed851a147b7df873c0b51c7fa5e21235e0 |
| kernel-rt-core-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: d451799e6e26ea5cbdd40174ebeb0569494c4f6046ee16b56b80e70d8025c5b4 |
| kernel-rt-debug-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 3b90497f83a6b9e76039f916f3656ef31252b0df76542ca8ed5abae2169a6bc4 |
| kernel-rt-debug-core-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: b1930ce79105faba94babfc8c47dcad509b04a31d9a5727a397c2bfac4f38df8 |
| kernel-rt-debug-debuginfo-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: ab2edb32c884648781dee9a05ac5d4c1e010fcdce1e6ff031ba701d8962845ba |
| kernel-rt-debug-devel-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: e3819339709b68bd2ceef36e0b3325971f9a125e89e96a9f5d4cdaf9fd520e6b |
| kernel-rt-debug-kvm-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: bf4ee7f6959507424fd59937437bd91c7b5f18762a0601b6cedfbe91c0e37841 |
| kernel-rt-debug-modules-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 0774d927e7f748a9126f7042b56a1b715f0e10bbece0f4376b54b9ca1edafc9e |
| kernel-rt-debug-modules-extra-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 8b51ec38259964ff4b683335c1a2353189829493a28e7beb12af29eb25b764e6 |
| kernel-rt-debuginfo-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 84b4ed0c2cd8fcd5ae0e5a5cec82f9f3bb9600985ec7ea3c3a566f075faba379 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 4c294be76edf78253c09598126dd9cb3e7b62753dd1f7f78a05499aa7fbaa81a |
| kernel-rt-devel-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 06b3bab4bd5ae5277072f1569f82963a22a2eee25e316b76442bffbc98447566 |
| kernel-rt-kvm-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 210e568e3f45a797afafb3992513495523560ec562ea2404ff89128a0dd5d56c |
| kernel-rt-modules-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 6735bd92d693d8035194f42a722683c9e390d05d32efdbab86e497aab4ac3e38 |
| kernel-rt-modules-extra-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm | SHA-256: 9f2eceaa619ee95bc03c9fb5d7958c7a54e66da1e91de9cdf4263f9b25c5afb9 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
