Red Hat Product Errata RHSA-2024:4412 - Security Advisory
Issued:
2024-07-09
Updated:
2024-07-09

RHSA-2024:4412 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation (CVE-2024-0193)
  • kernel: smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)
  • kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (CVE-2024-26673)

Bug Fix(es):

  • kernel-rt: update RT source tree to the latest RHEL-9.0.z Batch 18 (JIRA:RHEL-36756)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0 x86_64

Fixes

  • BZ - 2255653 - CVE-2024-0193 kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation
  • BZ - 2265285 - CVE-2023-52434 kernel: smb: client: fix potential OOBs in smb2_parse_contexts()
  • BZ - 2272816 - CVE-2024-26673 kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0

SRPM
kernel-rt-5.14.0-70.105.1.rt21.177.el9_0.src.rpm SHA-256: 5277aa48ee85ea7a0fda76695fa87d041e53a95519cfb20b1b52f74af264f84d
x86_64
kernel-rt-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: a9a3a97791b4262e0b6f96e23407ad99d3af75d536d0668f218e5c1760a1b902
kernel-rt-core-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 45b0d19c5b350cfafd708752b1989dc11e62051bfa9a46b166c06b54b3924660
kernel-rt-debug-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 40ddb47ca954191746fd6af67027265cb2d6201a89473ccd24459c869082b26d
kernel-rt-debug-core-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 003e6f9310fd404f7474778c8e5841a7d240c6d7168c49bc8dd1190b1b7ee77b
kernel-rt-debug-debuginfo-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 59ff348a485285155b5d920fe4c5f9bbf5f33fffa1b2e74995adbdb8e4274e32
kernel-rt-debug-devel-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 0a62b81569794066c93b3687aee8e2416caa77075542bef777c7ed5597087901
kernel-rt-debug-modules-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: ab84cb19ad57b9c86a6e614b90eb0a63355986f30f121e3508a3cbd96b316570
kernel-rt-debug-modules-extra-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 75bb56fad5578d37cc8b445d17f02c9c11950e860f7f7899907c18811ccb1f23
kernel-rt-debuginfo-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 24ee093cf470dcafe12f01c3e50c16fa7cda7b0b36ffff4734d75a9a98091cea
kernel-rt-debuginfo-common-x86_64-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 40839cfb1bb79ac67ad590d6892d63da53ffd94c6b94827b624615a62399fb44
kernel-rt-devel-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: dcc3e948ee7b0b749dff26a5d1e36074dc82c1c4f581ee4a4afe1e935b73d108
kernel-rt-modules-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: a37d73db380fafbd7df4d54db938bea3817c275faf3adbad76c0ac2e8cee009b
kernel-rt-modules-extra-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 50504685089adaecdb88f7019c1fb2cb0a6c6c40b935e62c4647542fe58abd1f

Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0

SRPM
kernel-rt-5.14.0-70.105.1.rt21.177.el9_0.src.rpm SHA-256: 5277aa48ee85ea7a0fda76695fa87d041e53a95519cfb20b1b52f74af264f84d
x86_64
kernel-rt-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: a9a3a97791b4262e0b6f96e23407ad99d3af75d536d0668f218e5c1760a1b902
kernel-rt-core-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 45b0d19c5b350cfafd708752b1989dc11e62051bfa9a46b166c06b54b3924660
kernel-rt-debug-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 40ddb47ca954191746fd6af67027265cb2d6201a89473ccd24459c869082b26d
kernel-rt-debug-core-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 003e6f9310fd404f7474778c8e5841a7d240c6d7168c49bc8dd1190b1b7ee77b
kernel-rt-debug-debuginfo-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 59ff348a485285155b5d920fe4c5f9bbf5f33fffa1b2e74995adbdb8e4274e32
kernel-rt-debug-devel-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 0a62b81569794066c93b3687aee8e2416caa77075542bef777c7ed5597087901
kernel-rt-debug-kvm-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 85ee63fb7763a0788eb71e982ed9536ce18a641d4290946497da5d363ae36adb
kernel-rt-debug-modules-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: ab84cb19ad57b9c86a6e614b90eb0a63355986f30f121e3508a3cbd96b316570
kernel-rt-debug-modules-extra-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 75bb56fad5578d37cc8b445d17f02c9c11950e860f7f7899907c18811ccb1f23
kernel-rt-debuginfo-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 24ee093cf470dcafe12f01c3e50c16fa7cda7b0b36ffff4734d75a9a98091cea
kernel-rt-debuginfo-common-x86_64-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 40839cfb1bb79ac67ad590d6892d63da53ffd94c6b94827b624615a62399fb44
kernel-rt-devel-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: dcc3e948ee7b0b749dff26a5d1e36074dc82c1c4f581ee4a4afe1e935b73d108
kernel-rt-kvm-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 4ba1d18c4770ba93c9c873278331aa29fcea918cc017ab67293b593c51afd767
kernel-rt-modules-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: a37d73db380fafbd7df4d54db938bea3817c275faf3adbad76c0ac2e8cee009b
kernel-rt-modules-extra-5.14.0-70.105.1.rt21.177.el9_0.x86_64.rpm SHA-256: 50504685089adaecdb88f7019c1fb2cb0a6c6c40b935e62c4647542fe58abd1f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.