Issued:: 2024-07-08
Updated:: 2024-07-08

RHSA-2024:4352 - Important: kernel-rt security and bug fix update

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory Important

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

[Updated 03 July 2024]

The text of this advisory has been updated with the correct product name (Red Hat Enterprise Linux 8) in the Topics section. In the Problem Description section, CVEs of the same sub-components have been grouped together. The packages included in this revised update have not been changed in any way from the packages included in the original advisory.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

kernel: tls (CVE-2024-26585,CVE-2024-26584, CVE-2024-26583
kernel-rt: kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909)
kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069)
kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615)
kernel-rt: kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)
kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset CVE-2024-26801)
kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)
kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)
kernel: wifi: mac80211: (CVE-2024-35789, CVE-2024-35838, CVE-2024-35845)
kernel: wifi: nl80211: reject iftype change with mesh ID change (CVE-2024-27410)
kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835)
kernel:TCP-spoofed ghost ACKs and leak initial sequence number (CVE-2023-52881)
kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)
kernel: ovl: fix leaked dentry (CVE-2021-46972)
kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073)
kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560)
kernel: ppp_async: limit MRU to 64K (CVE-2024-26675)
kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759)
kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907)
kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)
kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)
kernel: net/usb: kalmia: avoid printing uninitialized value on error path (CVE-2023-52703)
kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090)
kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464)
kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)
kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)
kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859)
kernel: crypto: (CVE-2024-26974, CVE-2023-52813)
kernel: can: (CVE-2023-52878, CVE-2021-47456)
kernel: usb: (CVE-2023-52781, CVE-2023-52877)
kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)
kernel: usbnet: sanity check for maxpacket (CVE-2021-47495)
kernel: gro: fix ownership transfer (CVE-2024-35890)
kernel: erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888)
kernel: tipc: fix kernel warning when sending SYN message (CVE-2023-52700)
kernel: net/mlx5/mlxsw: (CVE-2024-35960, CVE-2024-36007, CVE-2024-35855)
kernel: net/mlx5e: (CVE-2024-35959, CVE-2023-52626, CVE-2024-35835)
kernel: mlxsw: (CVE-2024-35854, CVE-2024-35853, CVE-2024-35852)
kernel: net: (CVE-2024-35958, CVE-2021-47311, CVE-2021-47236, CVE-2021-47310)
kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004)
kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356)
kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353)

Bug Fix(es):

kernel-rt: update RT source tree to the latest RHEL-8.10.z kernel (JIRA:RHEL-40882)
[rhel8.9][cxgb4]BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/54735 (JIRA:RHEL-8779)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

Product	Version	Arch
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle	8.10	x86_64
Red Hat Enterprise Linux for Real Time	8	x86_64
Red Hat Enterprise Linux for Real Time for NFV	8	x86_64

Updated Packages

kernel-rt-devel-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-debug-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-debug-modules-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-kvm-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-debug-devel-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-core-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-modules-extra-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-debuginfo-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-debug-core-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm
kernel-rt-4.18.0-553.8.1.rt7.349.el8_10.src.rpm
kernel-rt-modules-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm

Fixes

CVEs

CVE-2020-26555
CVE-2021-46909
CVE-2021-46972
CVE-2021-47069
CVE-2021-47073
CVE-2021-47236
CVE-2021-47310
CVE-2021-47311
CVE-2021-47353
CVE-2021-47356
CVE-2021-47456
CVE-2021-47495
CVE-2023-5090
CVE-2023-52464
CVE-2023-52560
CVE-2023-52615
CVE-2023-52626
CVE-2023-52667
CVE-2023-52700
CVE-2023-52703
CVE-2023-52781
CVE-2023-52813
CVE-2023-52835
CVE-2023-52877
CVE-2023-52878
CVE-2023-52881
CVE-2024-26583
CVE-2024-26584
CVE-2024-26585
CVE-2024-26656
CVE-2024-26675
CVE-2024-26735
CVE-2024-26759
CVE-2024-26801
CVE-2024-26804
CVE-2024-26826
CVE-2024-26859
CVE-2024-26906
CVE-2024-26907
CVE-2024-26974
CVE-2024-26982
CVE-2024-27397
CVE-2024-27410
CVE-2024-35789
CVE-2024-35835
CVE-2024-35838
CVE-2024-35845
CVE-2024-35852
CVE-2024-35853
CVE-2024-35854
CVE-2024-35855
CVE-2024-35888
CVE-2024-35890
CVE-2024-35958
CVE-2024-35959
CVE-2024-35960
CVE-2024-36004
CVE-2024-36007

References

https://access.redhat.com/security/updates/classification/#important

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.