(RHSA-2024:6268) Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

• kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)

• kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)

• kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem (CVE-2024-35895)

• kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875)

• kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)

• kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

• kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)

• kernel: mm/huge_memory: don't unpoison huge_zero_folio (CVE-2024-40914)

• kernel: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (CVE-2024-40956)

• kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978)

• kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

• kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)

• kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)

• kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.