RHSA-2024_6268
Vulnerability from csaf_redhat - Published: 2024-09-04 00:15 - Updated: 2024-12-04 23:15Summary
Red Hat Security Advisory: kernel-rt security update
Severity
Moderate
Notes
Topic: An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)
* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)
* kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem (CVE-2024-35895)
* kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875)
* kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)
* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)
* kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)
* kernel: mm/huge_memory: don't unpoison huge_zero_folio (CVE-2024-40914)
* kernel: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (CVE-2024-40956)
* kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978)
* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)
* kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)
* kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)
* kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An unsafe read function was found in arch/x86/kernel/kprobes/core.c in the Linux kernel .
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
CVE-2024-35839 is a flaw in the Linux kernel's Netfilter bridge functionality. It occurs when bridging certain packets, such as those involving destination NAT between virtual Ethernet interfaces. A mismatch between the network device associated with a packet and the neighbor's device can lead to incorrect handling, including references to freed memory. This issue could cause system crashes. The problem has been fixed by using safer methods to retrieve the network device during packet processing. Users should update their kernels to a patched version to avoid this vulnerability.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
CVE-2024-35875 addresses a security concern in the Linux kernel's handling of confidential computing (CoCo) environments. In these setups, the virtual machine (VM) host is untrusted and may attempt to compromise guest VMs. A critical component for maintaining security in such environments is a reliable random number generator (RNG), which depends on the CPU's RDRAND instruction to generate entropy. The vulnerability arises when the RDRAND instruction fails—due to hardware faults or other issues—leaving the RNG without sufficient entropy sources. This deficiency is particularly problematic during the system's initial boot phase, potentially compromising cryptographic operations and overall system security. In CoCo environments, the untrusted VM host can manipulate or observe most inputs to guest VMs. The primary entropy source for these guests is the CPU's RDRAND instruction. If RDRAND fails, the RNG lacks alternative entropy sources, leading to potential security vulnerabilities. A malfunctioning RDRAND during boot can result in insufficient entropy for cryptographic functions, undermining the security of the CoCo environment.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
CVE-2024-35895 addresses a vulnerability in the Linux kernel's Berkeley Packet Filter (BPF) subsystem, specifically within the sockmap feature. The issue arises when BPF tracing programs, which can execute in various interrupt contexts, attempt to delete elements from sockmap or sockhash maps. This operation involves acquiring locks that are not safe for use in hard interrupt contexts, leading to potential deadlocks due to lock inversion. BPF tracing programs may delete elements from sockmap/sockhash maps while running in interrupt contexts where the required locks are not hardirq-safe, causing possible deadlocks. System hangs or crashes due to deadlocks when deleting elements from sockmap/sockhash maps in inappropriate contexts.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
In the Linux kernel, the following vulnerability has been resolved: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Undefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called with hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0. In that case, "roundup_pow_of_two(hwq_attr->aux_stride)" gets called. roundup_pow_of_two is documented as undefined for 0. Fix it in the one caller that had this combination. The undefined behavior was detected by UBSAN: UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4 Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023 Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 ubsan_epilogue+0x5/0x30 __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec __roundup_pow_of_two+0x25/0x35 [bnxt_re] bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re] bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re] bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re] ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? __kmalloc+0x1b6/0x4f0 ? create_qp.part.0+0x128/0x1c0 [ib_core] ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re] create_qp.part.0+0x128/0x1c0 [ib_core] ib_create_qp_kernel+0x50/0xd0 [ib_core] create_mad_qp+0x8e/0xe0 [ib_core] ? __pfx_qp_event_handler+0x10/0x10 [ib_core] ib_mad_init_device+0x2be/0x680 [ib_core] add_client_context+0x10d/0x1a0 [ib_core] enable_device_and_get+0xe0/0x1d0 [ib_core] ib_register_device+0x53c/0x630 [ib_core] ? srso_alias_return_thunk+0x5/0xfbef5 bnxt_re_probe+0xbd8/0xe50 [bnxt_re] ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re] auxiliary_bus_probe+0x49/0x80 ? driver_sysfs_add+0x57/0xc0 really_probe+0xde/0x340 ? pm_runtime_barrier+0x54/0x90 ? __pfx___driver_attach+0x10/0x10 __driver_probe_device+0x78/0x110 driver_probe_device+0x1f/0xa0 __driver_attach+0xba/0x1c0 bus_for_each_dev+0x8f/0xe0 bus_add_driver+0x146/0x220 driver_register+0x72/0xd0 __auxiliary_driver_register+0x6e/0xd0 ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re] bnxt_re_mod_init+0x3e/0xff0 [bnxt_re] ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re] do_one_initcall+0x5b/0x310 do_init_module+0x90/0x250 init_module_from_file+0x86/0xc0 idempotent_init_module+0x121/0x2b0 __x64_sys_finit_module+0x5e/0xb0 do_syscall_64+0x82/0x160 ? srso_alias_return_thunk+0x5/0xfbef5 ? syscall_exit_to_user_mode_prepare+0x149/0x170 ? srso_alias_return_thunk+0x5/0xfbef5 ? syscall_exit_to_user_mode+0x75/0x230 ? srso_alias_return_thunk+0x5/0xfbef5 ? do_syscall_64+0x8e/0x160 ? srso_alias_return_thunk+0x5/0xfbef5 ? __count_memcg_events+0x69/0x100 ? srso_alias_return_thunk+0x5/0xfbef5 ? count_memcg_events.constprop.0+0x1a/0x30 ? srso_alias_return_thunk+0x5/0xfbef5 ? handle_mm_fault+0x1f0/0x300 ? srso_alias_return_thunk+0x5/0xfbef5 ? do_user_addr_fault+0x34e/0x640 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f4e5132821d Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0 R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60 </TASK> ---[ end trace ]---
4.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Commit fb6791d100d1b started exploiting this behavior to speed up filesystem unmount: gfs2 would simply free glocks it didn't want to unlock and then release the lockspace. This didn't take the bast callbacks for asynchronous lock contention notifications into account, which remain active until until a lock is unlocked or its lockspace is released. To prevent those callbacks from accessing deallocated objects, put the glocks that should not be unlocked on the sd_dead_glocks list, release the lockspace, and only then free those glocks. As an additional measure, ignore unexpected ast and bast callbacks if the receiving glock is dead.
5.8 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
In the Linux kernel, the following vulnerability has been resolved: ionic: fix use after netif_napi_del() When queues are started, netif_napi_add() and napi_enable() are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues' napi should be registered and enabled. The ionic_qcq_enable() checks whether the .poll pointer is not NULL for enabling only the using queue' napi. Unused queues' napi will not be registered by netif_napi_add(), so the .poll pointer indicates NULL. But it couldn't distinguish whether the napi was unregistered or not because netif_napi_del() doesn't reset the .poll pointer to NULL. So, ionic_qcq_enable() calls napi_enable() for the queue, which was unregistered by netif_napi_del(). Reproducer: ethtool -L <interface name> rx 1 tx 1 combined 0 ethtool -L <interface name> rx 0 tx 0 combined 1 ethtool -L <interface name> rx 0 tx 0 combined 4 Splat looks like: kernel BUG at net/core/dev.c:6666! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1057 Comm: kworker/3:3 Not tainted 6.10.0-rc2+ #16 Workqueue: events ionic_lif_deferred_work [ionic] RIP: 0010:napi_enable+0x3b/0x40 Code: 48 89 c2 48 83 e2 f6 80 b9 61 09 00 00 00 74 0d 48 83 bf 60 01 00 00 00 74 03 80 ce 01 f0 4f RSP: 0018:ffffb6ed83227d48 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff97560cda0828 RCX: 0000000000000029 RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff97560cda0a28 RBP: ffffb6ed83227d50 R08: 0000000000000400 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 R13: ffff97560ce3c1a0 R14: 0000000000000000 R15: ffff975613ba0a20 FS: 0000000000000000(0000) GS:ffff975d5f780000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8f734ee200 CR3: 0000000103e50000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <TASK> ? die+0x33/0x90 ? do_trap+0xd9/0x100 ? napi_enable+0x3b/0x40 ? do_error_trap+0x83/0xb0 ? napi_enable+0x3b/0x40 ? napi_enable+0x3b/0x40 ? exc_invalid_op+0x4e/0x70 ? napi_enable+0x3b/0x40 ? asm_exc_invalid_op+0x16/0x20 ? napi_enable+0x3b/0x40 ionic_qcq_enable+0xb7/0x180 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8] ionic_start_queues+0xc4/0x290 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8] ionic_link_status_check+0x11c/0x170 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8] ionic_lif_deferred_work+0x129/0x280 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8] process_one_work+0x145/0x360 worker_thread+0x2bb/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0xcc/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30
6.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: don't unpoison huge_zero_folio When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_folio without increasing the folio refcnt. But then unpoison_memory() will decrease the folio refcnt unexpectedly as it appears like a successfully hwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_folio. Skip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. We're not prepared to unpoison huge_zero_folio yet.
4.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A vulnerability was found in the Linux kernel's DMA engine component in the irq_process_work_list() function. A possible use-after-free condition can occur during list iteration, which is because a descriptor may be freed while another thread is reusing it, potentially leading to access to freed memory.
7.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf() and then call simple_read_from_buffer(), which in turns make the copy_to_user() call. BUG: unable to handle page fault for address: 00007f4801111000 PGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0 Oops: 0002 [#1] PREEMPT SMP PTI Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023 RIP: 0010:memcpy_orig+0xcd/0x130 RSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202 RAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f RDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000 RBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572 R10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff R13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af FS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x183/0x510 ? exc_page_fault+0x69/0x150 ? asm_exc_page_fault+0x22/0x30 ? memcpy_orig+0xcd/0x130 vsnprintf+0x102/0x4c0 sprintf+0x51/0x80 qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324] full_proxy_read+0x50/0x80 vfs_read+0xa5/0x2e0 ? folio_add_new_anon_rmap+0x44/0xa0 ? set_pte_at+0x15/0x30 ? do_pte_missing+0x426/0x7f0 ksys_read+0xa5/0xe0 do_syscall_64+0x58/0x80 ? __count_memcg_events+0x46/0x90 ? count_memcg_event_mm+0x3d/0x60 ? handle_mm_fault+0x196/0x2f0 ? do_user_addr_fault+0x267/0x890 ? exc_page_fault+0x69/0x150 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f4800f20b4d
4.1 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before entering the xfrm type handlers"): "Crypto requests might return asynchronous. In this case we leave the rcu protected region, so force a refcount on the skb's destination entry before we enter the xfrm type input/output handlers." On TIPC decryption path it has the same problem, and skb_dst_force() should be called before doing decryption to avoid a possible crash. Shuang reported this issue when this warning is triggered: [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc] [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug [] Workqueue: crypto cryptd_queue_worker [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc] [] Call Trace: [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc] [] tipc_rcv+0xcf5/0x1060 [tipc] [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc] [] cryptd_aead_crypt+0xdb/0x190 [] cryptd_queue_worker+0xed/0x190 [] process_one_work+0x93d/0x17e0
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual body beyond PPP_LCP header bytes, and reject claimed-as-LCP but actually malformed data otherwise.
4.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
A vulnerability was found in the wb_dirty_limits() function in the Linux kernel, where a removed (u64) cast in the dtc->wb_thresh * dtc->bg_thresh operation can result in multiplication overflow on 32-bit architectures. This issue could lead to memory corruption or performance issues.
4.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A vulnerability was found in the Linux kernel's memory management subsystem where a lack of proper size checks on dirty limits can lead to situations where large dirty limits end up being larger than 32-bits, resulting in potential overflows and divisions by 0. This can cause memory corruption, system instability, or crashes.
4.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2024:6268
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)\n\n* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)\n\n* kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem (CVE-2024-35895)\n\n* kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875)\n\n* kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)\n\n* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)\n\n* kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)\n\n* kernel: mm/huge_memory: don\u0026#39;t unpoison huge_zero_folio (CVE-2024-40914)\n\n* kernel: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (CVE-2024-40956)\n\n* kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978)\n\n* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)\n\n* kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)\n\n* kernel: Revert \u0026#34;mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\u0026#34; (CVE-2024-42102)\n\n* kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:6268",
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2278206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278206"
},
{
"category": "external",
"summary": "2281284",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281284"
},
{
"category": "external",
"summary": "2281677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281677"
},
{
"category": "external",
"summary": "2281727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281727"
},
{
"category": "external",
"summary": "2293423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293423"
},
{
"category": "external",
"summary": "2293459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293459"
},
{
"category": "external",
"summary": "2297474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297474"
},
{
"category": "external",
"summary": "2297498",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297498"
},
{
"category": "external",
"summary": "2297540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297540"
},
{
"category": "external",
"summary": "2297562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297562"
},
{
"category": "external",
"summary": "2297567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297567"
},
{
"category": "external",
"summary": "2300414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300414"
},
{
"category": "external",
"summary": "2301465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301465"
},
{
"category": "external",
"summary": "2301496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301496"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6268.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security update",
"tracking": {
"current_release_date": "2024-12-04T23:15:57+00:00",
"generator": {
"date": "2024-12-04T23:15:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.2"
}
},
"id": "RHSA-2024:6268",
"initial_release_date": "2024-09-04T00:15:00+00:00",
"revision_history": [
{
"date": "2024-09-04T00:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-04T00:15:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-04T23:15:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::realtime"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"product": {
"name": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"product_id": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.82.1.rt14.367.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-core@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-core@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-core@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-extra@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@5.14.0-284.82.1.rt14.367.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src"
},
"product_reference": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
"product_id": "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src"
},
"product_reference": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
"product_id": "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-26946",
"discovery_date": "2024-05-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2278206"
}
],
"notes": [
{
"category": "description",
"text": "An unsafe read function was found in arch/x86/kernel/kprobes/core.c in the Linux kernel .",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-26946"
},
{
"category": "external",
"summary": "RHBZ#2278206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278206"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-26946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26946"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26946",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26946"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024050126-CVE-2024-26946-ad5d@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024050126-CVE-2024-26946-ad5d@gregkh/T"
}
],
"release_date": "2024-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address"
},
{
"cve": "CVE-2024-35839",
"discovery_date": "2024-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2281284"
}
],
"notes": [
{
"category": "description",
"text": "CVE-2024-35839 is a flaw in the Linux kernel\u0027s Netfilter bridge functionality. It occurs when bridging certain packets, such as those involving destination NAT between virtual Ethernet interfaces. A mismatch between the network device associated with a packet and the neighbor\u0027s device can lead to incorrect handling, including references to freed memory. This issue could cause system crashes. The problem has been fixed by using safer methods to retrieve the network device during packet processing. Users should update their kernels to a patched version to avoid this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-35839"
},
{
"category": "external",
"summary": "RHBZ#2281284",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281284"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-35839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35839"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-35839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35839"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024051756-CVE-2024-35839-4194@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024051756-CVE-2024-35839-4194@gregkh/T"
}
],
"release_date": "2024-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info"
},
{
"cve": "CVE-2024-35875",
"discovery_date": "2024-05-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2281727"
}
],
"notes": [
{
"category": "description",
"text": "CVE-2024-35875 addresses a security concern in the Linux kernel\u0027s handling of confidential computing (CoCo) environments. In these setups, the virtual machine (VM) host is untrusted and may attempt to compromise guest VMs. A critical component for maintaining security in such environments is a reliable random number generator (RNG), which depends on the CPU\u0027s RDRAND instruction to generate entropy.\n\nThe vulnerability arises when the RDRAND instruction fails\u2014due to hardware faults or other issues\u2014leaving the RNG without sufficient entropy sources. This deficiency is particularly problematic during the system\u0027s initial boot phase, potentially compromising cryptographic operations and overall system security.\n\nIn CoCo environments, the untrusted VM host can manipulate or observe most inputs to guest VMs. The primary entropy source for these guests is the CPU\u0027s RDRAND instruction. If RDRAND fails, the RNG lacks alternative entropy sources, leading to potential security vulnerabilities.\n\nA malfunctioning RDRAND during boot can result in insufficient entropy for cryptographic functions, undermining the security of the CoCo environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-35875"
},
{
"category": "external",
"summary": "RHBZ#2281727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281727"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-35875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-35875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35875"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024051942-CVE-2024-35875-e23d@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024051942-CVE-2024-35875-e23d@gregkh/T"
}
],
"release_date": "2024-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems"
},
{
"cve": "CVE-2024-35895",
"discovery_date": "2024-05-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2281677"
}
],
"notes": [
{
"category": "description",
"text": "CVE-2024-35895 addresses a vulnerability in the Linux kernel\u0027s Berkeley Packet Filter (BPF) subsystem, specifically within the sockmap feature. The issue arises when BPF tracing programs, which can execute in various interrupt contexts, attempt to delete elements from sockmap or sockhash maps. This operation involves acquiring locks that are not safe for use in hard interrupt contexts, leading to potential deadlocks due to lock inversion.\n\nBPF tracing programs may delete elements from sockmap/sockhash maps while running in interrupt contexts where the required locks are not hardirq-safe, causing possible deadlocks.\n\nSystem hangs or crashes due to deadlocks when deleting elements from sockmap/sockhash maps in inappropriate contexts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-35895"
},
{
"category": "external",
"summary": "RHBZ#2281677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281677"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-35895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-35895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35895"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024051950-CVE-2024-35895-cb33@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024051950-CVE-2024-35895-cb33@gregkh/T"
}
],
"release_date": "2024-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem"
},
{
"cve": "CVE-2024-38540",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2293459"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq\n\nUndefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called\nwith hwq_attr-\u003eaux_depth != 0 and hwq_attr-\u003eaux_stride == 0.\nIn that case, \"roundup_pow_of_two(hwq_attr-\u003eaux_stride)\" gets called.\nroundup_pow_of_two is documented as undefined for 0.\n\nFix it in the one caller that had this combination.\n\nThe undefined behavior was detected by UBSAN:\n UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13\n shift exponent 64 is too large for 64-bit type \u0027long unsigned int\u0027\n CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4\n Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ubsan_epilogue+0x5/0x30\n __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec\n __roundup_pow_of_two+0x25/0x35 [bnxt_re]\n bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]\n bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]\n bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? __kmalloc+0x1b6/0x4f0\n ? create_qp.part.0+0x128/0x1c0 [ib_core]\n ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]\n create_qp.part.0+0x128/0x1c0 [ib_core]\n ib_create_qp_kernel+0x50/0xd0 [ib_core]\n create_mad_qp+0x8e/0xe0 [ib_core]\n ? __pfx_qp_event_handler+0x10/0x10 [ib_core]\n ib_mad_init_device+0x2be/0x680 [ib_core]\n add_client_context+0x10d/0x1a0 [ib_core]\n enable_device_and_get+0xe0/0x1d0 [ib_core]\n ib_register_device+0x53c/0x630 [ib_core]\n ? srso_alias_return_thunk+0x5/0xfbef5\n bnxt_re_probe+0xbd8/0xe50 [bnxt_re]\n ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]\n auxiliary_bus_probe+0x49/0x80\n ? driver_sysfs_add+0x57/0xc0\n really_probe+0xde/0x340\n ? pm_runtime_barrier+0x54/0x90\n ? __pfx___driver_attach+0x10/0x10\n __driver_probe_device+0x78/0x110\n driver_probe_device+0x1f/0xa0\n __driver_attach+0xba/0x1c0\n bus_for_each_dev+0x8f/0xe0\n bus_add_driver+0x146/0x220\n driver_register+0x72/0xd0\n __auxiliary_driver_register+0x6e/0xd0\n ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]\n ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n do_one_initcall+0x5b/0x310\n do_init_module+0x90/0x250\n init_module_from_file+0x86/0xc0\n idempotent_init_module+0x121/0x2b0\n __x64_sys_finit_module+0x5e/0xb0\n do_syscall_64+0x82/0x160\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? syscall_exit_to_user_mode_prepare+0x149/0x170\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? syscall_exit_to_user_mode+0x75/0x230\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? do_syscall_64+0x8e/0x160\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? __count_memcg_events+0x69/0x100\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? count_memcg_events.constprop.0+0x1a/0x30\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? handle_mm_fault+0x1f0/0x300\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? do_user_addr_fault+0x34e/0x640\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f4e5132821d\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d\n RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b\n RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0\n R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d\n R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60\n \u003c/TASK\u003e\n ---[ end trace ]---",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-38540"
},
{
"category": "external",
"summary": "RHBZ#2293459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293459"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-38540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38540"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024061947-CVE-2024-38540-1d0a@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024061947-CVE-2024-38540-1d0a@gregkh/T"
}
],
"release_date": "2024-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq"
},
{
"cve": "CVE-2024-38570",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2293423"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix potential glock use-after-free on unmount\n\nWhen a DLM lockspace is released and there ares still locks in that\nlockspace, DLM will unlock those locks automatically. Commit\nfb6791d100d1b started exploiting this behavior to speed up filesystem\nunmount: gfs2 would simply free glocks it didn\u0027t want to unlock and then\nrelease the lockspace. This didn\u0027t take the bast callbacks for\nasynchronous lock contention notifications into account, which remain\nactive until until a lock is unlocked or its lockspace is released.\n\nTo prevent those callbacks from accessing deallocated objects, put the\nglocks that should not be unlocked on the sd_dead_glocks list, release\nthe lockspace, and only then free those glocks.\n\nAs an additional measure, ignore unexpected ast and bast callbacks if\nthe receiving glock is dead.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: gfs2: Fix potential glock use-after-free on unmount",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as a moderate severity due to its localized impact. Exploitation requires specific conditions during unmount, affecting stability without extensive security risks, as it impacts only the file system\u2019s lock management on unmount.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-38570"
},
{
"category": "external",
"summary": "RHBZ#2293423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-38570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38570"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-38570",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38570"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024061956-CVE-2024-38570-a8ef@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024061956-CVE-2024-38570-a8ef@gregkh/T"
}
],
"release_date": "2024-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: gfs2: Fix potential glock use-after-free on unmount"
},
{
"cve": "CVE-2024-39502",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2297474"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: fix use after netif_napi_del()\n\nWhen queues are started, netif_napi_add() and napi_enable() are called.\nIf there are 4 queues and only 3 queues are used for the current\nconfiguration, only 3 queues\u0027 napi should be registered and enabled.\nThe ionic_qcq_enable() checks whether the .poll pointer is not NULL for\nenabling only the using queue\u0027 napi. Unused queues\u0027 napi will not be\nregistered by netif_napi_add(), so the .poll pointer indicates NULL.\nBut it couldn\u0027t distinguish whether the napi was unregistered or not\nbecause netif_napi_del() doesn\u0027t reset the .poll pointer to NULL.\nSo, ionic_qcq_enable() calls napi_enable() for the queue, which was\nunregistered by netif_napi_del().\n\nReproducer:\n ethtool -L \u003cinterface name\u003e rx 1 tx 1 combined 0\n ethtool -L \u003cinterface name\u003e rx 0 tx 0 combined 1\n ethtool -L \u003cinterface name\u003e rx 0 tx 0 combined 4\n\nSplat looks like:\nkernel BUG at net/core/dev.c:6666!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 1057 Comm: kworker/3:3 Not tainted 6.10.0-rc2+ #16\nWorkqueue: events ionic_lif_deferred_work [ionic]\nRIP: 0010:napi_enable+0x3b/0x40\nCode: 48 89 c2 48 83 e2 f6 80 b9 61 09 00 00 00 74 0d 48 83 bf 60 01 00 00 00 74 03 80 ce 01 f0 4f\nRSP: 0018:ffffb6ed83227d48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff97560cda0828 RCX: 0000000000000029\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff97560cda0a28\nRBP: ffffb6ed83227d50 R08: 0000000000000400 R09: 0000000000000001\nR10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000\nR13: ffff97560ce3c1a0 R14: 0000000000000000 R15: ffff975613ba0a20\nFS: 0000000000000000(0000) GS:ffff975d5f780000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8f734ee200 CR3: 0000000103e50000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? die+0x33/0x90\n ? do_trap+0xd9/0x100\n ? napi_enable+0x3b/0x40\n ? do_error_trap+0x83/0xb0\n ? napi_enable+0x3b/0x40\n ? napi_enable+0x3b/0x40\n ? exc_invalid_op+0x4e/0x70\n ? napi_enable+0x3b/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? napi_enable+0x3b/0x40\n ionic_qcq_enable+0xb7/0x180 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n ionic_start_queues+0xc4/0x290 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n ionic_link_status_check+0x11c/0x170 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n ionic_lif_deferred_work+0x129/0x280 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8]\n process_one_work+0x145/0x360\n worker_thread+0x2bb/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xcc/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ionic: fix use after netif_napi_del()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39502"
},
{
"category": "external",
"summary": "RHBZ#2297474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39502",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39502"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024071204-CVE-2024-39502-afe9@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024071204-CVE-2024-39502-afe9@gregkh/T"
}
],
"release_date": "2024-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ionic: fix use after netif_napi_del()"
},
{
"cve": "CVE-2024-40914",
"cwe": {
"id": "CWE-911",
"name": "Improper Update of Reference Count"
},
"discovery_date": "2024-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2297498"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: don\u0027t unpoison huge_zero_folio\n\nWhen I did memory failure tests recently, below panic occurs:\n\n kernel BUG at include/linux/mm.h:1135!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14\n RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0\n RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246\n RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8\n RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0\n RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492\n R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00\n FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n do_shrink_slab+0x14f/0x6a0\n shrink_slab+0xca/0x8c0\n shrink_node+0x2d0/0x7d0\n balance_pgdat+0x33a/0x720\n kswapd+0x1f3/0x410\n kthread+0xd5/0x100\n ret_from_fork+0x2f/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n Modules linked in: mce_inject hwpoison_inject\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0\n RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246\n RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8\n RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0\n RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492\n R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00\n FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0\n\nThe root cause is that HWPoison flag will be set for huge_zero_folio\nwithout increasing the folio refcnt. But then unpoison_memory() will\ndecrease the folio refcnt unexpectedly as it appears like a successfully\nhwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when\nreleasing huge_zero_folio.\n\nSkip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. \nWe\u0027re not prepared to unpoison huge_zero_folio yet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: mm/huge_memory: don\u0026#39;t unpoison huge_zero_folio",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40914"
},
{
"category": "external",
"summary": "RHBZ#2297498",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297498"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40914"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024071210-CVE-2024-40914-0e04@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024071210-CVE-2024-40914-0e04@gregkh/T"
}
],
"release_date": "2024-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: mm/huge_memory: don\u0026#39;t unpoison huge_zero_folio"
},
{
"cve": "CVE-2024-40956",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2297540"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Linux kernel\u0027s DMA engine component in the irq_process_work_list() function. A possible use-after-free condition can occur during list iteration, which is because a descriptor may be freed while another thread is reusing it, potentially leading to access to freed memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as a Moderate severity because, although it allows use-after-free during list processing with a low attack complexity and local access, exploitation remains limited to localized impact. The risk of descriptor reuse could affect stability but does not broadly compromise system security.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40956"
},
{
"category": "external",
"summary": "RHBZ#2297540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297540"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40956"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024071224-CVE-2024-40956-b65d@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024071224-CVE-2024-40956-b65d@gregkh/T"
}
],
"release_date": "2024-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list"
},
{
"cve": "CVE-2024-40978",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"discovery_date": "2024-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2297562"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix crash while reading debugfs attribute\n\nThe qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly\non a __user pointer, which results into the crash.\n\nTo fix this issue, use a small local stack buffer for sprintf() and then\ncall simple_read_from_buffer(), which in turns make the copy_to_user()\ncall.\n\nBUG: unable to handle page fault for address: 00007f4801111000\nPGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0\nOops: 0002 [#1] PREEMPT SMP PTI\nHardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023\nRIP: 0010:memcpy_orig+0xcd/0x130\nRSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202\nRAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f\nRDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000\nRBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572\nR10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff\nR13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af\nFS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x183/0x510\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? memcpy_orig+0xcd/0x130\n vsnprintf+0x102/0x4c0\n sprintf+0x51/0x80\n qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]\n full_proxy_read+0x50/0x80\n vfs_read+0xa5/0x2e0\n ? folio_add_new_anon_rmap+0x44/0xa0\n ? set_pte_at+0x15/0x30\n ? do_pte_missing+0x426/0x7f0\n ksys_read+0xa5/0xe0\n do_syscall_64+0x58/0x80\n ? __count_memcg_events+0x46/0x90\n ? count_memcg_event_mm+0x3d/0x60\n ? handle_mm_fault+0x196/0x2f0\n ? do_user_addr_fault+0x267/0x890\n ? exc_page_fault+0x69/0x150\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4800f20b4d",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: scsi: qedi: Fix crash while reading debugfs attribute",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40978"
},
{
"category": "external",
"summary": "RHBZ#2297562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297562"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40978"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024071231-CVE-2024-40978-d135@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024071231-CVE-2024-40978-d135@gregkh/T"
}
],
"release_date": "2024-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: scsi: qedi: Fix crash while reading debugfs attribute"
},
{
"cve": "CVE-2024-40983",
"cwe": {
"id": "CWE-911",
"name": "Improper Update of Reference Count"
},
"discovery_date": "2024-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2297567"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb\u0027s destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n [] Workqueue: crypto cryptd_queue_worker\n [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Call Trace:\n [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n [] tipc_rcv+0xcf5/0x1060 [tipc]\n [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n [] cryptd_aead_crypt+0xdb/0x190\n [] cryptd_queue_worker+0xed/0x190\n [] process_one_work+0x93d/0x17e0",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: tipc: force a dst refcount before doing decryption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40983"
},
{
"category": "external",
"summary": "RHBZ#2297567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297567"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40983"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40983",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40983"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024071201-CVE-2024-40983-e1b1@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024071201-CVE-2024-40983-e1b1@gregkh/T"
}
],
"release_date": "2024-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: tipc: force a dst refcount before doing decryption"
},
{
"cve": "CVE-2024-41044",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-07-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2300414"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: reject claimed-as-LCP but actually malformed packets\n\nSince \u0027ppp_async_encode()\u0027 assumes valid LCP packets (with code\nfrom 1 to 7 inclusive), add \u0027ppp_check_packet()\u0027 to ensure that\nLCP packet has an actual body beyond PPP_LCP header bytes, and\nreject claimed-as-LCP but actually malformed data otherwise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ppp: reject claimed-as-LCP but actually malformed packets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-41044"
},
{
"category": "external",
"summary": "RHBZ#2300414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300414"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-41044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41044"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024072925-CVE-2024-41044-5b26@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024072925-CVE-2024-41044-5b26@gregkh/T"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ppp: reject claimed-as-LCP but actually malformed packets"
},
{
"cve": "CVE-2024-42102",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"discovery_date": "2024-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301465"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the wb_dirty_limits() function in the Linux kernel, where a removed (u64) cast in the dtc-\u003ewb_thresh * dtc-\u003ebg_thresh operation can result in multiplication overflow on 32-bit architectures. This issue could lead to memory corruption or performance issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Revert \u0026#34;mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\u0026#34;",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as Moderate severity with an Attack Complexity rating of High, given that an attacker needs to be able to create enough dirty data (data not yet written to disk) in memory to cause the multiplication overflow, something which is more likely to be effective on systems with just 4GB of RAM, and would require the attacker to have this information about a given system when targeting their attack for a higher likelihood of success.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-42102"
},
{
"category": "external",
"summary": "RHBZ#2301465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-42102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42102"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42102",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42102"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024073019-CVE-2024-42102-bcee@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024073019-CVE-2024-42102-bcee@gregkh/T"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Revert \u0026#34;mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\u0026#34;"
},
{
"cve": "CVE-2024-42131",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2024-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301496"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Linux kernel\u0027s memory management subsystem where a lack of proper size checks on dirty limits can lead to situations where large dirty limits end up being larger than 32-bits, resulting in potential overflows and divisions by 0. This can cause memory corruption, system instability, or crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: mm: avoid overflows in dirty throttling logic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat believes this flaw is moderate severity because the privileges necessary to exploit this vulnerability are high, as it requires a user to have elevated permissions to set the dirty page limits.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-42131"
},
{
"category": "external",
"summary": "RHBZ#2301496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301496"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42131"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024073027-CVE-2024-42131-2f7f@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024073027-CVE-2024-42131-2f7f@gregkh/T"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-04T00:15:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6268"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.src",
"RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64",
"RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.82.1.rt14.367.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: mm: avoid overflows in dirty throttling logic"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…