RLSA-2024:8870

Source
https://errata.rockylinux.org/RLSA-2024:8870
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2024:8870.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2024:8870
Related
Published
2024-11-08T15:56:55.343367Z
Modified
2024-11-08T15:59:32.647618Z
Summary
Moderate: kernel-rt security update
Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: net/bluetooth: race condition in conninfo{min,max}ageset() (CVE-2024-24857)

  • kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)

  • kernel: netfilter: nfconntrackh323: Add protection for bmp length out of range (CVE-2024-26851)

  • kernel: netfilter: nftsetpipapo: do not free live element (CVE-2024-26924)

  • kernel: netfilter: nftsetpipapo: walk over current view on netlink dump (CVE-2024-27017)

  • kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)

  • kernel: nouveau: lock the client object tree. (CVE-2024-27062)

  • kernel: netfilter: bridge: replace physindev with physinif in nfbridgeinfo (CVE-2024-35839)

  • kernel: netfilter: nftables: Fix potential data-race in _nftflowtabletype_get() (CVE-2024-35898)

  • kernel: dma-direct: Leak pages on dmasetdecrypted() failure (CVE-2024-35939)

  • kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)

  • kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

  • kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)

  • kernel: bnxtre: avoid shift undefined behavior in bnxtqpliballocinit_hwq (CVE-2024-38540)

  • kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)

  • kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)

  • kernel: ipv6: prevent possible NULL deref in fib6nhinit() (CVE-2024-40961)

  • kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

  • kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)

  • kernel: xprtrdma: fix pointer derefs in error cases of rpcrdmaepcreate (CVE-2022-48773)

  • kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

  • kernel: netfilter: nftables: prefer nftchain_validate (CVE-2024-41042)

  • kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)

  • kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)

  • kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)

  • kernel: netfilter: nftables: fully validate NFTDATA_VALUE on store to data registers (CVE-2024-42070)

  • kernel: gfs2: Fix NULL pointer dereference in gfs2logflush (CVE-2024-42079)

  • kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)

  • kernel: tipc: Return non-zero value from tipcudpaddr2str() on error (CVE-2024-42284)

  • kernel: kobjectuevent: Fix OOB access within zapmodalias_env() (CVE-2024-42292)

  • kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)

  • kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

  • kernel: mlxsw: spectrumaclerp: Fix object nesting warning (CVE-2024-43880)

  • kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)

  • kernel: padata: Fix possible divide-by-0 panic in padatamthelper() (CVE-2024-43889)

  • kernel: memcg: protect concurrent access to memcgroupidr (CVE-2024-43892)

  • kernel: sctp: Fix null-ptr-deref in reuseportaddsock(). (CVE-2024-44935)

  • kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)

  • kernel: bonding: fix null pointer deref in bondipsecoffload_ok (CVE-2024-44990)

  • kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

  • kernel: ELF: fix kernel.randomizevaspace double read (CVE-2024-46826)

  • kernel: lib/generic-radix-tree.c: Fix rare race in _genradixptr_alloc() (CVE-2024-47668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/rocky-linux/kernel-rt?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.18.0-553.27.1.rt7.368.el8_10