Issued:
2024-11-26
Updated:
2024-11-26

RHSA-2024:10262 - Moderate: kernel security update

Synopsis

Moderate: kernel security update

Type/Severity

Security Advisory Moderate

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: improper input validation may lead to privilege escalation (CVE-2021-4204)

  • kernel: local privileges escalation in kernel/bpf/verifier.c (CVE-2022-23222)

  • kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges (CVE-2022-0500)

  • kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)

  • kernel: mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489)

  • kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671)

  • kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)

  • kernel: nvme-tcp: fix UAF when detecting digest errors (CVE-2022-48686)

  • kernel: vt: fix unicode buffer corruption when deleting characters (CVE-2024-35823)

  • kernel: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (CVE-2021-47393)

  • kernel: userfaultfd: fix a race between writeprotect and exit_mmap() (CVE-2021-47461)

  • kernel: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (CVE-2024-36920)

  • kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889)

  • kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CVE-2024-38564)

  • kernel: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (CVE-2024-31076)

  • kernel: drm/radeon: fix UBSAN warning in kv_dpm.c (CVE-2024-40988)

  • kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)

  • kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

  • kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)

  • kernel: sched/deadline: Fix task_struct reference leak (CVE-2024-41023)

  • kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids. (CVE-2022-48929)

  • kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions8.8x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support8.8x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension8.8x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support8.8ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support8.8s390x
Red Hat Enterprise Linux for ARM 64 - Extended Update Support8.8aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions8.8ppc64le
Red Hat Enterprise Linux Server - TUS8.8x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support8.8x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support8.8ppc64le
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support8.8aarch64

Updated Packages

  • kernel-tools-4.18.0-477.81.1.el8_8.aarch64.rpm
  • bpftool-debuginfo-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-tools-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-debug-devel-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-core-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-debug-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-devel-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-debuginfo-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-modules-extra-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-tools-libs-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-zfcpdump-core-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-headers-4.18.0-477.81.1.el8_8.x86_64.rpm
  • perf-debuginfo-4.18.0-477.81.1.el8_8.x86_64.rpm
  • python3-perf-debuginfo-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-debug-modules-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-debuginfo-common-aarch64-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-zfcpdump-devel-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-debug-devel-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-debuginfo-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-debuginfo-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-modules-extra-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-debuginfo-common-ppc64le-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-tools-debuginfo-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-tools-libs-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-tools-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-debug-debuginfo-4.18.0-477.81.1.el8_8.s390x.rpm
  • bpftool-debuginfo-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-doc-4.18.0-477.81.1.el8_8.noarch.rpm
  • kernel-debug-core-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • bpftool-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-debug-modules-extra-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-tools-debuginfo-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-devel-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-debug-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-tools-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-tools-libs-devel-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-core-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-4.18.0-477.81.1.el8_8.x86_64.rpm
  • python3-perf-debuginfo-4.18.0-477.81.1.el8_8.s390x.rpm
  • perf-debuginfo-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-modules-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-modules-extra-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • bpftool-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-zfcpdump-modules-extra-4.18.0-477.81.1.el8_8.s390x.rpm
  • bpftool-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-debug-modules-extra-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-cross-headers-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-debug-core-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-debug-modules-extra-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-cross-headers-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • perf-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-core-4.18.0-477.81.1.el8_8.aarch64.rpm
  • python3-perf-debuginfo-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-debug-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-4.18.0-477.81.1.el8_8.src.rpm
  • kernel-debug-modules-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-debug-debuginfo-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-headers-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-modules-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-tools-debuginfo-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-devel-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-tools-libs-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-tools-libs-devel-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-zfcpdump-4.18.0-477.81.1.el8_8.s390x.rpm
  • perf-debuginfo-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-cross-headers-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-debug-core-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-abi-stablelists-4.18.0-477.81.1.el8_8.noarch.rpm
  • kernel-debug-debuginfo-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-debug-debuginfo-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-debuginfo-common-x86_64-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-tools-debuginfo-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-debug-modules-4.18.0-477.81.1.el8_8.aarch64.rpm
  • bpftool-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-debuginfo-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-modules-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-core-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-cross-headers-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-debuginfo-common-s390x-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-zfcpdump-debuginfo-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-debug-devel-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-devel-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-debug-modules-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-modules-extra-4.18.0-477.81.1.el8_8.aarch64.rpm
  • perf-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • perf-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-debug-modules-extra-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-headers-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-modules-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-tools-libs-devel-4.18.0-477.81.1.el8_8.aarch64.rpm
  • perf-4.18.0-477.81.1.el8_8.x86_64.rpm
  • perf-debuginfo-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • python3-perf-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-debug-devel-4.18.0-477.81.1.el8_8.x86_64.rpm
  • python3-perf-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • kernel-debug-4.18.0-477.81.1.el8_8.aarch64.rpm
  • python3-perf-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-4.18.0-477.81.1.el8_8.ppc64le.rpm
  • bpftool-debuginfo-4.18.0-477.81.1.el8_8.x86_64.rpm
  • kernel-headers-4.18.0-477.81.1.el8_8.aarch64.rpm
  • python3-perf-4.18.0-477.81.1.el8_8.x86_64.rpm
  • python3-perf-debuginfo-4.18.0-477.81.1.el8_8.aarch64.rpm
  • bpftool-debuginfo-4.18.0-477.81.1.el8_8.aarch64.rpm
  • kernel-zfcpdump-modules-4.18.0-477.81.1.el8_8.s390x.rpm
  • kernel-debug-core-4.18.0-477.81.1.el8_8.aarch64.rpm

Fixes

CVEs

References

Additional information