Red Hat Product Errata RHSA-2024:5365 - Security Advisory
Issued:
2024-08-14
Updated:
2024-08-14

RHSA-2024:5365 - Security Advisory

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (CVE-2024-26897)
  • kernel: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (CVE-2024-27052)
  • kernel: wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (CVE-2023-52651)
  • kernel: wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937)
  • kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)
  • kernel: net: CVE-2024-36971 kernel: UAF in network route management (CVE-2024-36971)
  • kernel: net/mlx5: Add a timeout to acquire the command queue semaphore (CVE-2024-38556)
  • kernel: stm class: Fix a double free in stm_register_device() (CVE-2024-38627)

Bug Fix(es):

  • kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-52875)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64

Fixes

  • BZ - 2265653 - CVE-2023-52448 kernel: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
  • BZ - 2275655 - CVE-2024-26897 kernel: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
  • BZ - 2275742 - CVE-2024-26855 kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
  • BZ - 2278417 - CVE-2024-27052 kernel: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
  • BZ - 2278435 - CVE-2024-27046 kernel: nfp: flower: handle acti_netdevs allocation failure
  • BZ - 2278519 - CVE-2023-52651 kernel: wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
  • BZ - 2278989 - CVE-2024-21823 kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application
  • BZ - 2281057 - CVE-2024-35789 kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
  • BZ - 2281257 - CVE-2024-35852 kernel: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
  • BZ - 2281272 - CVE-2024-35845 kernel: wifi: iwlwifi: dbg-tlv: ensure NUL termination
  • BZ - 2281647 - CVE-2024-35907 kernel: mlxbf_gige: call request_irq() after NAPI initialized
  • BZ - 2281821 - CVE-2024-35937 kernel: wifi: cfg80211: check A-MSDU format more carefully
  • BZ - 2282357 - CVE-2021-47383 kernel: tty: Fix out-of-bound vmalloc access in imageblit
  • BZ - 2282719 - CVE-2023-52864 kernel: platform/x86: wmi: Fix opening of char device
  • BZ - 2282720 - CVE-2023-52771 kernel: cxl/port: Fix delete_endpoint() vs parent unregistration race
  • BZ - 2284474 - CVE-2024-36941 kernel: wifi: nl80211: don't free NULL coalescing rule
  • BZ - 2284511 - CVE-2024-36922 kernel: wifi: iwlwifi: read txq->read_ptr under lock
  • BZ - 2292331 - CVE-2024-36971 kernel: net: UAF in network route management
  • BZ - 2293402 - CVE-2024-38586 kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets.
  • BZ - 2293443 - CVE-2024-38556 kernel: net/mlx5: Add a timeout to acquire the command queue semaphore
  • BZ - 2293444 - CVE-2024-38555 kernel: net/mlx5: Discard command completions in internal error
  • BZ - 2293461 - CVE-2024-38538 kernel: net: bridge: xmit: make sure we have at least eth header len bytes
  • BZ - 2293700 - CVE-2024-38627 kernel: stm class: Fix a double free in stm_register_device()

Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2

SRPM
kernel-rt-5.14.0-284.79.1.rt14.364.el9_2.src.rpm SHA-256: c20a830d0736b4b2a94b73c139dba5149684e9258a33d6fb66373392199ead5d
x86_64
kernel-rt-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 3bb6f0d80b34443abc88abcea706b9a936181fb280c419ad5f02ddbadfedd5ab
kernel-rt-core-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 05a8e15042963b3122631bb1c909bb7c9820f88ae546d499b2200c30ef652b29
kernel-rt-debug-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 2157e4d9d75eab6706480e547048ba3cc8e456ac8ba2718e7157bcb0729d338d
kernel-rt-debug-core-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 7184c100aa6e68e4418771d67a8afb3e898dd361009eb48607048cc4868f920e
kernel-rt-debug-debuginfo-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 305eae15e4d9aecef83623f5d74865f0b775e5c9b4f26d4114ae961bc6c42566
kernel-rt-debug-devel-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 185c7b41019efdbfd0636721dc6fd78cd1ef2c6f4b900f3a373d7ad8d21a35d2
kernel-rt-debug-modules-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 26fc260c45269fcdfb1cf8f8a34e2467c1c1bbb43ee25d0443d146bac59fa2d8
kernel-rt-debug-modules-core-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 7ce65108f81c6b96d443419b5636d0c7bec794e07362acf370e061551d1eb41b
kernel-rt-debug-modules-extra-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 64dff24aa410ba313cec9cbb4d62eb0657f58f505e592046fd9fc791bcd53357
kernel-rt-debuginfo-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 4377ad091172bd4a531b2a9c638509d935a94db45c1ca4810b805fcb1c11c9c2
kernel-rt-debuginfo-common-x86_64-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: fcbe8a8d5d50e951ef28ab4f1372bf27eb6c114f8902b1c3f54895a754e21ae8
kernel-rt-devel-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 591ef58f594453930f12f53931768c065bb190dd724fe9f321cec85597cfe5d7
kernel-rt-modules-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 18622ed43363159e988edc47c5fca81ae4795c4a307ae1114617fad59a0d1248
kernel-rt-modules-core-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: e221415399377ab4f370cbe2869ad1944345d3a3a756a8fc552a84aa9953f59b
kernel-rt-modules-extra-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: c037936422a624b94f275150c909e9a7e8c01abd9ced333ea0eed7b75328ac93

Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2

SRPM
kernel-rt-5.14.0-284.79.1.rt14.364.el9_2.src.rpm SHA-256: c20a830d0736b4b2a94b73c139dba5149684e9258a33d6fb66373392199ead5d
x86_64
kernel-rt-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 3bb6f0d80b34443abc88abcea706b9a936181fb280c419ad5f02ddbadfedd5ab
kernel-rt-core-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 05a8e15042963b3122631bb1c909bb7c9820f88ae546d499b2200c30ef652b29
kernel-rt-debug-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 2157e4d9d75eab6706480e547048ba3cc8e456ac8ba2718e7157bcb0729d338d
kernel-rt-debug-core-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 7184c100aa6e68e4418771d67a8afb3e898dd361009eb48607048cc4868f920e
kernel-rt-debug-debuginfo-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 305eae15e4d9aecef83623f5d74865f0b775e5c9b4f26d4114ae961bc6c42566
kernel-rt-debug-devel-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 185c7b41019efdbfd0636721dc6fd78cd1ef2c6f4b900f3a373d7ad8d21a35d2
kernel-rt-debug-kvm-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 1aebda52858ee1e8830177e37f04c6c1be9797b515c16957df96c971ede8cccf
kernel-rt-debug-modules-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 26fc260c45269fcdfb1cf8f8a34e2467c1c1bbb43ee25d0443d146bac59fa2d8
kernel-rt-debug-modules-core-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 7ce65108f81c6b96d443419b5636d0c7bec794e07362acf370e061551d1eb41b
kernel-rt-debug-modules-extra-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 64dff24aa410ba313cec9cbb4d62eb0657f58f505e592046fd9fc791bcd53357
kernel-rt-debuginfo-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 4377ad091172bd4a531b2a9c638509d935a94db45c1ca4810b805fcb1c11c9c2
kernel-rt-debuginfo-common-x86_64-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: fcbe8a8d5d50e951ef28ab4f1372bf27eb6c114f8902b1c3f54895a754e21ae8
kernel-rt-devel-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 591ef58f594453930f12f53931768c065bb190dd724fe9f321cec85597cfe5d7
kernel-rt-kvm-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 1f5ec58f9bcc1c1c90865cc0bc7be74090f3c10e54896bc16c31d335172e962f
kernel-rt-modules-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: 18622ed43363159e988edc47c5fca81ae4795c4a307ae1114617fad59a0d1248
kernel-rt-modules-core-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: e221415399377ab4f370cbe2869ad1944345d3a3a756a8fc552a84aa9953f59b
kernel-rt-modules-extra-5.14.0-284.79.1.rt14.364.el9_2.x86_64.rpm SHA-256: c037936422a624b94f275150c909e9a7e8c01abd9ced333ea0eed7b75328ac93

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.