Red Hat Product Errata RHSA-2024:6990 - Security Advisory
Issued:
2024-09-24
Updated:
2024-09-24

RHSA-2024:6990 - Security Advisory

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489)
  • kernel: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (CVE-2021-47393)
  • kernel: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() (CVE-2021-47559)
  • kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)
  • kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995)
  • kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)
  • kernel: vsock: remove vsock from connected table when connect is interrupted by a signal (CVE-2022-48786)
  • kernel: perf: Fix list corruption in perf_cgroup_switch() (CVE-2022-48799)
  • kernel: SUNRPC: lock against ->sock changing during sysfs read (CVE-2022-48816)
  • kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)
  • kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0 x86_64

Fixes

  • BZ - 2269189 - CVE-2023-52489 kernel: mm/sparsemem: fix race in accessing memory_section->usage
  • BZ - 2282345 - CVE-2021-47393 kernel: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
  • BZ - 2283390 - CVE-2021-47559 kernel: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()
  • BZ - 2297568 - CVE-2024-40984 kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
  • BZ - 2297579 - CVE-2024-40995 kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
  • BZ - 2298109 - CVE-2022-48773 kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
  • BZ - 2298122 - CVE-2022-48786 kernel: vsock: remove vsock from connected table when connect is interrupted by a signal
  • BZ - 2298135 - CVE-2022-48799 kernel: perf: Fix list corruption in perf_cgroup_switch()
  • BZ - 2298155 - CVE-2022-48816 kernel: SUNRPC: lock against ->sock changing during sysfs read
  • BZ - 2300429 - CVE-2024-41055 kernel: mm: prevent derefencing NULL ptr in pfn_section_valid()
  • BZ - 2300448 - CVE-2024-41071 kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing

Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0

SRPM
kernel-rt-5.14.0-70.117.1.rt21.189.el9_0.src.rpm SHA-256: 61b4189558b0c1c33e55f7cd9628dcb7a2e02d2385925d76058066bf103be927
x86_64
kernel-rt-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 07fe4dc0861c3e8ed6a8fff451fe67d28bf35121fb3caab901181eae507a6004
kernel-rt-core-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 56513acd76132819dfdac93f1bf82b9168a04eb930dd2c3de2e2a220ca9fe7b7
kernel-rt-debug-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 6f7ca477342f56d74608fbc4103cd7307636829cdd48d6a1cc79b4392b8dd793
kernel-rt-debug-core-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: c35abfa29361550d195b390e91fab46b06f740a949b7d04139774d86937384e8
kernel-rt-debug-debuginfo-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 1c851062e48a0d0ef035a91ec54d9d1cce0824c0e66922a997e8807dcf16a143
kernel-rt-debug-devel-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: bd6b7e715f509938b0f6545aab9004f6121acafaacc1fe179c4c935bdf33555d
kernel-rt-debug-modules-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: b5da2c96746bdd56775367cdf0ffccf316302c9a189fac0f98f7f0c93704188e
kernel-rt-debug-modules-extra-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: a01428f3441047302dc4a44bba65c4f79ff10c805fbed0e72665c7745b6985a6
kernel-rt-debuginfo-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 45aa1b31e5668d74c4d2c50c51a99a3239f42510f613eeca0dd31a2f82e41623
kernel-rt-debuginfo-common-x86_64-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 8e053b4e8bf1bc2620ef311b47ebfbcd2729b4ee0e89254eca458613a7082d83
kernel-rt-devel-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 64024bdf5c674b6742f2810c93985bf146a204d38688c00e740d5b8684d83e55
kernel-rt-modules-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 26c7dc7939e23a939235ee2d618120aeff45de26856a790f9dfc02a6d900e1a8
kernel-rt-modules-extra-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: dc27bfb2b8facd1c10119aa8368cc8009cde71de2853da00a1d779318d453c33

Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0

SRPM
kernel-rt-5.14.0-70.117.1.rt21.189.el9_0.src.rpm SHA-256: 61b4189558b0c1c33e55f7cd9628dcb7a2e02d2385925d76058066bf103be927
x86_64
kernel-rt-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 07fe4dc0861c3e8ed6a8fff451fe67d28bf35121fb3caab901181eae507a6004
kernel-rt-core-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 56513acd76132819dfdac93f1bf82b9168a04eb930dd2c3de2e2a220ca9fe7b7
kernel-rt-debug-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 6f7ca477342f56d74608fbc4103cd7307636829cdd48d6a1cc79b4392b8dd793
kernel-rt-debug-core-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: c35abfa29361550d195b390e91fab46b06f740a949b7d04139774d86937384e8
kernel-rt-debug-debuginfo-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 1c851062e48a0d0ef035a91ec54d9d1cce0824c0e66922a997e8807dcf16a143
kernel-rt-debug-devel-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: bd6b7e715f509938b0f6545aab9004f6121acafaacc1fe179c4c935bdf33555d
kernel-rt-debug-kvm-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 36cb28f167db376b635fd17eac8359f385cf546d3eae16e57f94c067b1756d70
kernel-rt-debug-modules-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: b5da2c96746bdd56775367cdf0ffccf316302c9a189fac0f98f7f0c93704188e
kernel-rt-debug-modules-extra-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: a01428f3441047302dc4a44bba65c4f79ff10c805fbed0e72665c7745b6985a6
kernel-rt-debuginfo-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 45aa1b31e5668d74c4d2c50c51a99a3239f42510f613eeca0dd31a2f82e41623
kernel-rt-debuginfo-common-x86_64-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 8e053b4e8bf1bc2620ef311b47ebfbcd2729b4ee0e89254eca458613a7082d83
kernel-rt-devel-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 64024bdf5c674b6742f2810c93985bf146a204d38688c00e740d5b8684d83e55
kernel-rt-kvm-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 63cbbac1527668a71da0d2a910bba09bd54ac99924e4c149c0c49eeb02a78a8c
kernel-rt-modules-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: 26c7dc7939e23a939235ee2d618120aeff45de26856a790f9dfc02a6d900e1a8
kernel-rt-modules-extra-5.14.0-70.117.1.rt21.189.el9_0.x86_64.rpm SHA-256: dc27bfb2b8facd1c10119aa8368cc8009cde71de2853da00a1d779318d453c33

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.