RLSA-2024:4352

Source
https://errata.rockylinux.org/RLSA-2024:4352
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2024:4352.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2024:4352
Related
Published
2024-07-15T12:17:54.611301Z
Modified
2024-07-15T12:19:59.812393Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Important: kernel-rt security and bug fix update
Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: tls (CVE-2024-26585,CVE-2024-26584, CVE-2024-26583

  • kernel-rt: kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909)

  • kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069)

  • kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615)

  • kernel-rt: kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)

  • kernel: Bluetooth: Avoid potential use-after-free in hcierrorreset CVE-2024-26801)

  • kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)

  • kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

  • kernel: wifi: mac80211: (CVE-2024-35789, CVE-2024-35838, CVE-2024-35845)

  • kernel: wifi: nl80211: reject iftype change with mesh ID change (CVE-2024-27410)

  • kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835)

  • kernel:TCP-spoofed ghost ACKs and leak initial sequence number (CVE-2023-52881)

  • kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)

  • kernel: ovl: fix leaked dentry (CVE-2021-46972)

  • kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073)

  • kernel: mm/damon/vaddr-test: memory leak in damondotestapplythree_regions() (CVE-2023-52560)

  • kernel: ppp_async: limit MRU to 64K (CVE-2024-26675)

  • kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759)

  • kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907)

  • kernel: x86/mm: Disallow vsyscall page read for copyfromkernel_nofault() (CVE-2024-26906)

  • kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

  • kernel: net/usb: kalmia: avoid printing uninitialized value on error path (CVE-2023-52703)

  • kernel: KVM: SVM: improper check in svmsetx2apicmsrinterception allows direct access to host x2apic msrs (CVE-2023-5090)

  • kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464)

  • kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

  • kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

  • kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859)

  • kernel: crypto: (CVE-2024-26974, CVE-2023-52813)

  • kernel: can: (CVE-2023-52878, CVE-2021-47456)

  • kernel: usb: (CVE-2023-52781, CVE-2023-52877)

  • kernel: net/mlx5e: fix a potential double-free in fsanycreate_groups (CVE-2023-52667)

  • kernel: usbnet: sanity check for maxpacket (CVE-2021-47495)

  • kernel: gro: fix ownership transfer (CVE-2024-35890)

  • kernel: erspan: make sure erspanbasehdr is present in skb->head (CVE-2024-35888)

  • kernel: tipc: fix kernel warning when sending SYN message (CVE-2023-52700)

  • kernel: net/mlx5/mlxsw: (CVE-2024-35960, CVE-2024-36007, CVE-2024-35855)

  • kernel: net/mlx5e: (CVE-2024-35959, CVE-2023-52626, CVE-2024-35835)

  • kernel: mlxsw: (CVE-2024-35854, CVE-2024-35853, CVE-2024-35852)

  • kernel: net: (CVE-2024-35958, CVE-2021-47311, CVE-2021-47236, CVE-2021-47310)

  • kernel: i40e: Do not use WQMEMRECLAIM flag for workqueue (CVE-2024-36004)

  • kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356)

  • kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353)

Bug Fix(es):

  • kernel-rt: update RT source tree to the latest Rocky Linux-8.10.z kernel (JIRA:Rocky Linux-40882)

  • [rhel8.9][cxgb4]BUG: using smpprocessorid() in preemptible [00000000] code: ethtool/54735 (JIRA:Rocky Linux-8779)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/rocky-linux/kernel-rt?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.18.0-553.8.1.rt7.349.el8_10