Red Hat Product Errata RHSA-2024:9498 - Security Advisory
Issued:
2024-11-13
Updated:
2024-11-13

RHSA-2024:9498 - Security Advisory

Synopsis

Moderate: kernel-rt security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: net: fix possible store tearing in neigh_periodic_work() (CVE-2023-52522)
  • kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)
  • kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)
  • kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (CVE-2024-26772)
  • kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)
  • kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (CVE-2024-26870)
  • kernel: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (CVE-2024-31076)
  • kernel: mptcp: ensure snd_una is properly initialized on connect (CVE-2024-40931)
  • kernel: firmware: cs_dsp: Fix overflow checking of wmfw header (CVE-2024-41039)
  • kernel: net/iucv: fix use after free in iucv_sock_close() (CVE-2024-42271)
  • kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64

Fixes

  • BZ - 2267795 - CVE-2023-52522 kernel: net: fix possible store tearing in neigh_periodic_work()
  • BZ - 2270100 - CVE-2024-26640 kernel: tcp: add sanity checks to rx zerocopy
  • BZ - 2272692 - CVE-2024-26656 kernel: drm/amdgpu: use-after-free vulnerability
  • BZ - 2273242 - CVE-2024-26772 kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
  • BZ - 2275635 - CVE-2024-26906 kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
  • BZ - 2275711 - CVE-2024-26870 kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
  • BZ - 2293684 - CVE-2024-31076 kernel: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
  • BZ - 2297515 - CVE-2024-40931 kernel: mptcp: ensure snd_una is properly initialized on connect
  • BZ - 2300408 - CVE-2024-41039 kernel: firmware: cs_dsp: Fix overflow checking of wmfw header
  • BZ - 2315210 - CVE-2024-46858 kernel: mptcp: pm: Fix uaf in __timer_delete_sync

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
kernel-rt-5.14.0-284.92.1.rt14.377.el9_2.src.rpm SHA-256: 7258c99ba9f561b16c169d6f9a6384bf5bdc8b6c34abdf9dd99ce3143b0cca30
x86_64
kernel-rt-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: fb46cd179607438a060453d1fe6cce7cefeb9435412b15e9a5d52ba5342d245d
kernel-rt-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: fb46cd179607438a060453d1fe6cce7cefeb9435412b15e9a5d52ba5342d245d
kernel-rt-core-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 9c31f2ed223bfa895786ba26759665f4e174f0830fadd1d4fe99c82d2235a29c
kernel-rt-core-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 9c31f2ed223bfa895786ba26759665f4e174f0830fadd1d4fe99c82d2235a29c
kernel-rt-debug-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 1cb50e49a657b814a266302b92c9cd40cb261388128794ae5ac5e0ef7b954d84
kernel-rt-debug-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 1cb50e49a657b814a266302b92c9cd40cb261388128794ae5ac5e0ef7b954d84
kernel-rt-debug-core-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 2ef91ecfe11fb067c34e05f9287f8a5f0f67309ef3bf65fbe4f6e0f356771d9e
kernel-rt-debug-core-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 2ef91ecfe11fb067c34e05f9287f8a5f0f67309ef3bf65fbe4f6e0f356771d9e
kernel-rt-debug-debuginfo-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 353cb024dc2346f0c8012e5991cecaa227301749646f1f5cd5ec67df9636a690
kernel-rt-debug-debuginfo-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 353cb024dc2346f0c8012e5991cecaa227301749646f1f5cd5ec67df9636a690
kernel-rt-debug-devel-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 39948c90d557f146acd095807b967a95892eba6148657dc1efc811232f607145
kernel-rt-debug-devel-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 39948c90d557f146acd095807b967a95892eba6148657dc1efc811232f607145
kernel-rt-debug-kvm-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 0b267066a9f9d6d2f5e57b611173e4934b87e2f5436c7538a219263401cd085e
kernel-rt-debug-modules-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 437e6f3560dd401dc4773dcf9ba62a794b1467b1197ad6d3e48cbd6efaa9b609
kernel-rt-debug-modules-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 437e6f3560dd401dc4773dcf9ba62a794b1467b1197ad6d3e48cbd6efaa9b609
kernel-rt-debug-modules-core-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 4defe65c64f33eb87b5724453b3cbb88cbe47b20a8b50350fc40589c8a79822a
kernel-rt-debug-modules-core-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 4defe65c64f33eb87b5724453b3cbb88cbe47b20a8b50350fc40589c8a79822a
kernel-rt-debug-modules-extra-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: deb463a6f7943e1b8e563b9a5f5859e8608494ffb1a1d301125c3d64c69194db
kernel-rt-debug-modules-extra-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: deb463a6f7943e1b8e563b9a5f5859e8608494ffb1a1d301125c3d64c69194db
kernel-rt-debuginfo-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 7e61a2a8ad84928c1ab47946d448354bed0dda06483616130707e5e9d7a88e70
kernel-rt-debuginfo-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 7e61a2a8ad84928c1ab47946d448354bed0dda06483616130707e5e9d7a88e70
kernel-rt-debuginfo-common-x86_64-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 5de448f7d306070c75cba82e8dc1fb23b8c9bd34886f22911298a465fd6f065c
kernel-rt-debuginfo-common-x86_64-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 5de448f7d306070c75cba82e8dc1fb23b8c9bd34886f22911298a465fd6f065c
kernel-rt-devel-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: f602d65ee82f80827b97c617fa7e6bdaf72f684d94424c7bee62540d6db7f019
kernel-rt-devel-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: f602d65ee82f80827b97c617fa7e6bdaf72f684d94424c7bee62540d6db7f019
kernel-rt-kvm-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 914d99ef92c7819223b6a578ce60fd3f29db4dc9c06d1c0447c9af331b29f6ed
kernel-rt-modules-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 291c4466de4604c57ea81c4ee3608c88a6c4479b6f15838a9d17a093fcafecff
kernel-rt-modules-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 291c4466de4604c57ea81c4ee3608c88a6c4479b6f15838a9d17a093fcafecff
kernel-rt-modules-core-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 3f4dadd70b9e207e20df710ff76de58f366461c4a8b37f3ab5df384f481e815d
kernel-rt-modules-core-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 3f4dadd70b9e207e20df710ff76de58f366461c4a8b37f3ab5df384f481e815d
kernel-rt-modules-extra-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 7662b71e21a4e2197c75fa82fff249ebe25a712861b0dfe4bb0de6e87d752322
kernel-rt-modules-extra-5.14.0-284.92.1.rt14.377.el9_2.x86_64.rpm SHA-256: 7662b71e21a4e2197c75fa82fff249ebe25a712861b0dfe4bb0de6e87d752322

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.