[ALSA-2024:8870] Moderate: kernel-rt security update
Type:
security
Severity:
moderate
Release date:
2024-11-06
Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857) * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492) * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851) * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924) * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017) * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976) * kernel: nouveau: lock the client object tree. (CVE-2024-27062) * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898) * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939) * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608) * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586) * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541) * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540) * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503) * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924) * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961) * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983) * kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984) * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773) * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009) * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042) * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066) * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092) * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093) * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070) * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079) * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244) * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292) * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301) * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854) * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880) * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936) * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889) * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892) * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935) * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989) * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990) * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018) * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826) * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
x86_64 kernel-rt-modules-extra-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 11545bebdb910b78b79adbe281e4e0c48c92cd08e728244c0097d41f3a1e9744
x86_64 kernel-rt-debug-modules-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 2233a453f5c1596f1a8f375d7e0f70f5e217cacf14814bd7c4b1cc2a47842768
x86_64 kernel-rt-devel-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 36ee6ea2adfe7546707eeafe5a214a5bb5964e9bf7b5b4eea370144718f61343
x86_64 kernel-rt-debug-modules-extra-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 4282d3b8c6e7dc189f874c4fcd5c7619aa00021514add2d077fcf6773d7be00f
x86_64 kernel-rt-debug-core-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 8e79664c1484534463a2acc628f905cbb0c0f33182c71a9e8cc97ae7f9da2e1b
x86_64 kernel-rt-debug-devel-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm c4da6f0bc257cbe81f90fe5c75df854ec72eeb9e8646868651bf66d4a03e6f96
x86_64 kernel-rt-core-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm d8eb5e3eaa81c07da0d3c5c6b65b5040aa2b1a6a8c6f85c2864a468f07248c5b
x86_64 kernel-rt-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm d97c92829fb039219a8bb7598f7730e5f5fe696a785039226fdcf57725deb06a
x86_64 kernel-rt-modules-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm e2ad5520714bd73a2e838fb7052b40097f47c4fd5e847741e96c1d02d63288cc
x86_64 kernel-rt-debug-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm e321e52a3294501d8d06aeec6da30de83e09ab5942de65baae4ccda45bb59633
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.