Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: tls (CVE-2024-26585,CVE-2024-26584, CVE-2024-26583
* kernel-rt: kernel: PCI interrupt mapping cause oops [almalinux-8] (CVE-2021-46909)
* kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069)
* kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615)
* kernel-rt: kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)
* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset CVE-2024-26801)
* kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)
* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)
* kernel: wifi: mac80211: (CVE-2024-35789, CVE-2024-35838, CVE-2024-35845)
* kernel: wifi: nl80211: reject iftype change with mesh ID change (CVE-2024-27410)
* kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835)
* kernel:TCP-spoofed ghost ACKs and leak initial sequence number (CVE-2023-52881)
* kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)
* kernel: ovl: fix leaked dentry (CVE-2021-46972)
* kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073)
* kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560)
* kernel: ppp_async: limit MRU to 64K (CVE-2024-26675)
* kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759)
* kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907)
* kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)
* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)
* kernel: net/usb: kalmia: avoid printing uninitialized value on error path (CVE-2023-52703)
* kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090)
* kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464)
* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)
* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)
* kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859)
* kernel: crypto: (CVE-2024-26974, CVE-2023-52813)
* kernel: can: (CVE-2023-52878, CVE-2021-47456)
* kernel: usb: (CVE-2023-52781, CVE-2023-52877)
* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)
* kernel: usbnet: sanity check for maxpacket (CVE-2021-47495)
* kernel: gro: fix ownership transfer (CVE-2024-35890)
* kernel: erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888)
* kernel: tipc: fix kernel warning when sending SYN message (CVE-2023-52700)
* kernel: net/mlx5/mlxsw: (CVE-2024-35960, CVE-2024-36007, CVE-2024-35855)
* kernel: net/mlx5e: (CVE-2024-35959, CVE-2023-52626, CVE-2024-35835)
* kernel: mlxsw: (CVE-2024-35854, CVE-2024-35853, CVE-2024-35852)
* kernel: net: (CVE-2024-35958, CVE-2021-47311, CVE-2021-47236, CVE-2021-47310)
* kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004)
* kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356)
* kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353)
Bug Fix(es):
* kernel-rt: update RT source tree to the latest AlmaLinux-8.10.z kernel (JIRA:AlmaLinux-40882)
* [almalinux8.9][cxgb4]BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/54735 (JIRA:AlmaLinux-8779)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture |
Package |
Checksum |
x86_64 |
kernel-rt-core-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm |
3e89354a705e09a0464098d810ccc88e94e19644fdd742c18328a2d482ae269a |
x86_64 |
kernel-rt-modules-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm |
4c32bd93002788c3319911849010d07527adf3d84740dd651160ed4a40ffdea4 |
x86_64 |
kernel-rt-modules-extra-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm |
51564ae74af283da18f000ec6a6253fcf2ca36d37e4c8655770450cfcf713a95 |
x86_64 |
kernel-rt-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm |
6b57ea3213ef9d6d577ec0d0e44233ba1c891410a2ff0fc81c2c147ac8738a05 |
x86_64 |
kernel-rt-debug-core-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm |
87b71a2a95f5cfd9d941b18f859c8a6862aaa1954c6729a6e059f330a6dceace |
x86_64 |
kernel-rt-devel-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm |
8fa65848e12cc5887a079d022f04359c52fce2e77f139ec8240e3d5a738005c7 |
x86_64 |
kernel-rt-kvm-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm |
ac235a7d288d7cecc9f30ce34c5a4382da3646c8b2d904e16affe5a562e9111b |
x86_64 |
kernel-rt-debug-devel-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm |
af16df1c46aa2b805df2971471cdd25ad955f7a581917db13ffab3490434454b |
x86_64 |
kernel-rt-debug-kvm-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm |
c4f3f999e348335e949000eb5971710dfaeda551dfa4f431779fc8a809ee06b8 |
x86_64 |
kernel-rt-debug-modules-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm |
d3ad9563ec8a9dae36127fe7b0800d41f9d06b4dd433d3f1d8e2a0f42ca8a969 |
x86_64 |
kernel-rt-debug-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm |
decfdf3c2a140a5bf92ab1d754ac0531bffea30ff54e998baea1795392bc3e6f |
x86_64 |
kernel-rt-debug-modules-extra-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm |
f7d6708f2e1c111616f13b85eb0541fc5c78f4be3dc5c8e1bc2f36447812a824 |