{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2024:1614","synopsis":"Important: kernel-rt security and bug fix update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for kernel-rt.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)\n\n* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)\n\n* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527)\n\n* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)\n\n* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers\/gpu\/drm\/amd\/amdgpu\/amdgpu_cs.c (CVE-2023-51042)\n\n* kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631)\n\n* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)\n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the latest Rocky Linux-8.9.z3 Batch (JIRA:Rocky Linux-23853)\n\n* kernel-rt: kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux-24015)\n\n* kernel-rt: kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux-22758)\n\n* kernel-rt: kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux-22080)\n\n* kernel-rt: kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux-22933)\n\n* kernel-rt: kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers\/gpu\/drm\/amd\/amdgpu\/amdgpu_cs.c (JIRA:Rocky Linux-24498)\n\n* kernel-rt: kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux-19966)\n\n* kernel-rt: kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux-26334)","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2133452","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2133452","description":""},{"ticket":"2252731","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2252731","description":""},{"ticket":"2255498","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2255498","description":""},{"ticket":"2258518","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2258518","description":""},{"ticket":"2259866","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2259866","description":""},{"ticket":"2261976","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2261976","description":""},{"ticket":"2262126","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2262126","description":""}],"cves":[{"name":"CVE-2021-33631","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-33631","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2022-38096","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-38096","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-51042","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-51042","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-6546","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-6546","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-6931","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-6931","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-0565","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-0565","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-1086","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-1086","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"}],"references":[],"publishedAt":"2024-04-05T14:56:14.116713Z","rpms":{"Rocky Linux 8":{"nvras":["kernel-rt-0:4.18.0-513.24.1.rt7.326.el8_9.src.rpm","kernel-rt-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-core-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-core-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-debuginfo-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-devel-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debuginfo-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-kvm-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-modules-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-modules-extra-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-devel-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-kvm-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-modules-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-modules-extra-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}

Rocky Linux: RLSA-2024:1614 kernel-rt security and bug fix update

April 5, 2024
An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Summary

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list


The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931) * kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-8.9.z3 Batch (JIRA:Rocky Linux-23853) * kernel-rt: kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux-24015) * kernel-rt: kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux-22758) * kernel-rt: kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux-22080) * kernel-rt: kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux-22933) * kernel-rt: kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:Rocky Linux-24498) * kernel-rt: kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux-19966) * kernel-rt: kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux-26334)

RPMs

kernel-rt-0:4.18.0-513.24.1.rt7.326.el8_9.src.rpm

kernel-rt-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-core-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-debug-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-debug-core-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-debug-debuginfo-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-debug-devel-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-debuginfo-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-debug-kvm-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-debug-modules-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-debug-modules-extra-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-devel-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-kvm-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-modules-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

kernel-rt-modules-extra-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm

References

No References

CVEs

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33631

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38096

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51042

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6546

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6931

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0565

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1086

Severity
Name: RLSA-2024:1614
Affected Products: Rocky Linux 8

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2133452

https://bugzilla.redhat.com/show_bug.cgi?id=2252731

https://bugzilla.redhat.com/show_bug.cgi?id=2255498

https://bugzilla.redhat.com/show_bug.cgi?id=2258518

https://bugzilla.redhat.com/show_bug.cgi?id=2259866

https://bugzilla.redhat.com/show_bug.cgi?id=2261976

https://bugzilla.redhat.com/show_bug.cgi?id=2262126


Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved