Issued:: 2024-08-21
Updated:: 2024-08-21

RHSA-2024:5673 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)
kernel: igc: avoid returning frame twice in XDP_REDIRECT (CVE-2024-26853)
kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000)
kernel: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (CVE-2023-52735)
kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883)
kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)
kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995)
kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)
kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)
kernel: NFSv4: Fix memory leak in nfs4_set_security_label (CVE-2024-41076)
kernel: ice: Don't process extts if PTP is disabled (CVE-2024-42107)

Bug Fix(es):

kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-54222)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64

Fixes

BZ - 2265797 - CVE-2023-52463 kernel: efivarfs: force RO when remounting if SetVariable is not supported
BZ - 2275748 - CVE-2024-26853 kernel: igc: avoid returning frame twice in XDP_REDIRECT
BZ - 2281968 - CVE-2024-36000 kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge
BZ - 2282618 - CVE-2023-52735 kernel: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself
BZ - 2284271 - CVE-2024-36883 kernel: net: fix out-of-bounds access in ops_init
BZ - 2293356 - CVE-2024-38608 kernel: net/mlx5e: Fix netif state handling
BZ - 2297579 - CVE-2024-40995 kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
BZ - 2299240 - CVE-2024-41090 kernel: virtio-net: tap: mlx5_core short frame denial of service
BZ - 2299336 - CVE-2024-41091 kernel: virtio-net: tun: mlx5_core short frame denial of service
BZ - 2300453 - CVE-2024-41076 kernel: NFSv4: Fix memory leak in nfs4_set_security_label
BZ - 2301766 - CVE-2024-42107 kernel: ice: Don't process extts if PTP is disabled

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2

SRPM
kernel-rt-5.14.0-284.80.1.rt14.365.el9_2.src.rpm	SHA-256: f12dd664a96020f7b8c158ecc5f9549bca0d79bf0ae4ed1658ac1bfa3f6fa95d
x86_64
kernel-rt-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: ee097c5cfdccdcdd39335a5b42216fd75b32a1f8ec0bb0e990996096495b69a5
kernel-rt-core-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 47054760f987b73403483d1c9a710da328df937be79272a928ead09238c95b65
kernel-rt-debug-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: dc33171553024b9e2217cf756ab76d1260efc49fb72e1212a188c77f2b0bf282
kernel-rt-debug-core-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 64cde8c8e4844bb7b445056ac540fd6ff01932d07a570f19d9f5d5c7ceedad52
kernel-rt-debug-debuginfo-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 59413d06972f73fe8bdaefc4285db96e690aba18c6c54b135ac82a6537f567ff
kernel-rt-debug-devel-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 65925fe3acf91ece5f365bb992466749066d5a3896541561d89824e4a5ad5c6c
kernel-rt-debug-modules-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 90d96f46de89cddcc194ecb1632714a2b5beecbe62aa600ac6440c47e824cabe
kernel-rt-debug-modules-core-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 2738a0b444fd7ee4c39f7216794a73fe7d59c567dcbaaf87ce0e7728ff372816
kernel-rt-debug-modules-extra-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: d5b07dcd1f5deb8fbee86f6144854ba454cda3ab94a18f8b053aee29c1617364
kernel-rt-debuginfo-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 996fcc11ba30b3421d97593357ebfbcbd26d46ffafa6fb663f13726a71711f7b
kernel-rt-debuginfo-common-x86_64-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 589ab48a4b4430e76674e06f64f1e5305fcc3813aa23cb60261906ea727d3a33
kernel-rt-devel-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 9a2eac96c6310f06bed72c58a66991cd4085b7b4d3feae99fd67ed85447d7898
kernel-rt-modules-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 5067045c5796c19f96905f33e07a309b1aa3647a956d4a94bed8a4b84128a8ab
kernel-rt-modules-core-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 4e91415858dda4e990abacb60d2c90eff4ca5d7410875cfd2e793fef16efc7f6
kernel-rt-modules-extra-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 2fd9617badb23cf1638658251f5e32e883bdb1ea4f7444f6d2a669ba811e1b6a

Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2

SRPM
kernel-rt-5.14.0-284.80.1.rt14.365.el9_2.src.rpm	SHA-256: f12dd664a96020f7b8c158ecc5f9549bca0d79bf0ae4ed1658ac1bfa3f6fa95d
x86_64
kernel-rt-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: ee097c5cfdccdcdd39335a5b42216fd75b32a1f8ec0bb0e990996096495b69a5
kernel-rt-core-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 47054760f987b73403483d1c9a710da328df937be79272a928ead09238c95b65
kernel-rt-debug-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: dc33171553024b9e2217cf756ab76d1260efc49fb72e1212a188c77f2b0bf282
kernel-rt-debug-core-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 64cde8c8e4844bb7b445056ac540fd6ff01932d07a570f19d9f5d5c7ceedad52
kernel-rt-debug-debuginfo-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 59413d06972f73fe8bdaefc4285db96e690aba18c6c54b135ac82a6537f567ff
kernel-rt-debug-devel-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 65925fe3acf91ece5f365bb992466749066d5a3896541561d89824e4a5ad5c6c
kernel-rt-debug-kvm-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: bca11ef1c30735f8a370028c710c5e904ec51a157254f61a1096146a9b7a8755
kernel-rt-debug-modules-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 90d96f46de89cddcc194ecb1632714a2b5beecbe62aa600ac6440c47e824cabe
kernel-rt-debug-modules-core-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 2738a0b444fd7ee4c39f7216794a73fe7d59c567dcbaaf87ce0e7728ff372816
kernel-rt-debug-modules-extra-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: d5b07dcd1f5deb8fbee86f6144854ba454cda3ab94a18f8b053aee29c1617364
kernel-rt-debuginfo-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 996fcc11ba30b3421d97593357ebfbcbd26d46ffafa6fb663f13726a71711f7b
kernel-rt-debuginfo-common-x86_64-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 589ab48a4b4430e76674e06f64f1e5305fcc3813aa23cb60261906ea727d3a33
kernel-rt-devel-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 9a2eac96c6310f06bed72c58a66991cd4085b7b4d3feae99fd67ed85447d7898
kernel-rt-kvm-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: b69c009d808f94b5ed0ed22a4cee3b3da2bbe2dc3c25e2f6bd8ce2a0b9773a18
kernel-rt-modules-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 5067045c5796c19f96905f33e07a309b1aa3647a956d4a94bed8a4b84128a8ab
kernel-rt-modules-core-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 4e91415858dda4e990abacb60d2c90eff4ca5d7410875cfd2e793fef16efc7f6
kernel-rt-modules-extra-5.14.0-284.80.1.rt14.365.el9_2.x86_64.rpm	SHA-256: 2fd9617badb23cf1638658251f5e32e883bdb1ea4f7444f6d2a669ba811e1b6a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation