Lucene search

RedHatRHSA-2024:5256

HistoryAug 13, 2024 - 12:07 a.m.

(RHSA-2024:5256) Important: kernel-rt security update

2024-08-1300:07:18

access.redhat.com

real time linux kernel

security update

vulnerability fixes

source tree update

netfilter

nf_tables

tipc message

sysfs

dmaengine

idxd

ionic

scsi

qedi

sunrpc

virtio-net

tap

tun

cve-2024-26642

cve-2024-26808

cve-2024-36886

cve-2024-26993

cve-2024-21823

cve-2024-27397

cve-2024-27403

cve-2024-35898

cve-2024-35897

cve-2024-36971

cve-2024-39502

cve-2024-40978

cve-2021-47624

cve-2024-41090

cve-2024-41091

rhel-9.0.z batch 19

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

43.7%

JSON

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)
kernel: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (CVE-2024-26808)
kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)
kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)
kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823)
kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)
kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403)
kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)
kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion (CVE-2024-35897)
kernel: net: CVE-2024-36971 kernel: UAF in network route management (CVE-2024-36971)
kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)
kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978)
kernel: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (CVE-2021-47624)
kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)
kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)

Bug Fix(es):

kernel-rt: update RT source tree to the latest RHEL-9.0.z Batch 19 (JIRA:RHEL-45540)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9x86_64kernel-rt-debuginfo< 5.14.0-70.112.1.rt21.184.el9_0kernel-rt-debuginfo-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat9x86_64kernel-rt-kvm< 5.14.0-70.112.1.rt21.184.el9_0kernel-rt-kvm-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat9x86_64kernel-rt-debug-core< 5.14.0-70.112.1.rt21.184.el9_0kernel-rt-debug-core-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat9x86_64kernel-rt-debug-kvm< 5.14.0-70.112.1.rt21.184.el9_0kernel-rt-debug-kvm-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat9x86_64kernel-rt-debug-modules< 5.14.0-70.112.1.rt21.184.el9_0kernel-rt-debug-modules-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat9x86_64kernel-rt< 5.14.0-70.112.1.rt21.184.el9_0kernel-rt-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat9x86_64kernel-rt-debug-debuginfo< 5.14.0-70.112.1.rt21.184.el9_0kernel-rt-debug-debuginfo-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat9x86_64kernel-rt-core< 5.14.0-70.112.1.rt21.184.el9_0kernel-rt-core-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat9x86_64kernel-rt-debug-modules-extra< 5.14.0-70.112.1.rt21.184.el9_0kernel-rt-debug-modules-extra-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat9x86_64kernel-rt-debuginfo-common-x86_64< 5.14.0-70.112.1.rt21.184.el9_0kernel-rt-debuginfo-common-x86_64-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	x86_64	kernel-rt-debuginfo	< 5.14.0-70.112.1.rt21.184.el9_0	kernel-rt-debuginfo-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat	9	x86_64	kernel-rt-kvm	< 5.14.0-70.112.1.rt21.184.el9_0	kernel-rt-kvm-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat	9	x86_64	kernel-rt-debug-core	< 5.14.0-70.112.1.rt21.184.el9_0	kernel-rt-debug-core-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat	9	x86_64	kernel-rt-debug-kvm	< 5.14.0-70.112.1.rt21.184.el9_0	kernel-rt-debug-kvm-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat	9	x86_64	kernel-rt-debug-modules	< 5.14.0-70.112.1.rt21.184.el9_0	kernel-rt-debug-modules-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat	9	x86_64	kernel-rt	< 5.14.0-70.112.1.rt21.184.el9_0	kernel-rt-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat	9	x86_64	kernel-rt-debug-debuginfo	< 5.14.0-70.112.1.rt21.184.el9_0	kernel-rt-debug-debuginfo-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat	9	x86_64	kernel-rt-core	< 5.14.0-70.112.1.rt21.184.el9_0	kernel-rt-core-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat	9	x86_64	kernel-rt-debug-modules-extra	< 5.14.0-70.112.1.rt21.184.el9_0	kernel-rt-debug-modules-extra-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm
RedHat	9	x86_64	kernel-rt-debuginfo-common-x86_64	< 5.14.0-70.112.1.rt21.184.el9_0	kernel-rt-debuginfo-common-x86_64-5.14.0-70.112.1.rt21.184.el9_0.x86_64.rpm