rhsa-2024_8158
Vulnerability from csaf_redhat
Published
2024-10-16 00:12
Modified
2024-12-04 07:30
Summary
Red Hat Security Advisory: kernel-rt security update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746)
* kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47385)
* kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244)
* kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472)
* kernel: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (CVE-2024-41056)
* kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)
* kernel: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (CVE-2024-42090)
* kernel: sched: act_ct: take care of padding in struct zones_ht_key (CVE-2024-42272)
* kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746)\n\n* kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47385)\n\n* kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244)\n\n* kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472)\n\n* kernel: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (CVE-2024-41056)\n\n* kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)\n\n* kernel: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (CVE-2024-42090)\n\n* kernel: sched: act_ct: take care of padding in struct zones_ht_key (CVE-2024-42272)\n\n* kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:8158", "url": "https://access.redhat.com/errata/RHSA-2024:8158" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2270700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270700" }, { "category": "external", "summary": "2282355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282355" }, { "category": "external", "summary": "2293654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293654" }, { "category": "external", "summary": "2296067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296067" }, { "category": "external", "summary": "2300430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300430" }, { "category": "external", "summary": "2300442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300442" }, { "category": "external", "summary": "2300552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300552" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8158.json" } ], "title": "Red Hat Security Advisory: kernel-rt security update", "tracking": { "current_release_date": "2024-12-04T07:30:25+00:00", "generator": { "date": "2024-12-04T07:30:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:8158", "initial_release_date": "2024-10-16T00:12:12+00:00", "revision_history": [ { "date": "2024-10-16T00:12:12+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-10-16T00:12:12+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-04T07:30:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product": { "name": "Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:9.2::realtime" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product": { "name": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "product": { "name": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "product_id": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.88.1.rt14.373.el9_2?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-core@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-core@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-core@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-core@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@5.14.0-284.88.1.rt14.373.el9_2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src" }, "product_reference": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src" }, "product_reference": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-47385", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2024-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2282355" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field\n\nIf driver read val value sufficient for\n(val \u0026 0x08) \u0026\u0026 (!(val \u0026 0x80)) \u0026\u0026 ((val \u0026 0x7) == ((val \u003e\u003e 4) \u0026 0x7))\nfrom device then Null pointer dereference occurs.\n(It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers)\nAlso lm75[] does not serve a purpose anymore after switching to\ndevm_i2c_new_dummy_device() in w83791d_detect_subclients().\n\nThe patch fixes possible NULL pointer dereference by removing lm75[].\n\nFound by Linux Driver Verification project (linuxtesting.org).\n\n[groeck: Dropped unnecessary continuation lines, fixed multipline alignment]", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated as a moderate severity because it can cause crashes and operational disruptions, it does not expose sensitive information or allow unauthorized access.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-47385" }, { "category": "external", "summary": "RHBZ#2282355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282355" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-47385", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47385" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-47385", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47385" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2021-47385-a7e7@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2021-47385-a7e7@gregkh/T" } ], "release_date": "2024-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-16T00:12:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8158" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field" }, { "cve": "CVE-2023-28746", "cwe": { "id": "CWE-1342", "name": "Information Exposure through Microarchitectural State after Transient Execution" }, "discovery_date": "2024-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270700" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in some Intel Atom Processor\u0027s microcode. This issue may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Local information disclosure on Intel(R) Atom(R) processors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-28746" }, { "category": "external", "summary": "RHBZ#2270700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270700" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28746", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28746", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28746" }, { "category": "external", "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html" } ], "release_date": "2024-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-16T00:12:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8158" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Local information disclosure on Intel(R) Atom(R) processors" }, { "cve": "CVE-2024-36244", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2293654" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: extend minimum interval restriction to entire cycle too\n\nIt is possible for syzbot to side-step the restriction imposed by the\nblamed commit in the Fixes: tag, because the taprio UAPI permits a\ncycle-time different from (and potentially shorter than) the sum of\nentry intervals.\n\nWe need one more restriction, which is that the cycle time itself must\nbe larger than N * ETH_ZLEN bit times, where N is the number of schedule\nentries. This restriction needs to apply regardless of whether the cycle\ntime came from the user or was the implicit, auto-calculated value, so\nwe move the existing \"cycle == 0\" check outside the \"if \"(!new-\u003ecycle_time)\"\nbranch. This way covers both conditions and scenarios.\n\nAdd a selftest which illustrates the issue triggered by syzbot.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-36244" }, { "category": "external", "summary": "RHBZ#2293654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293654" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-36244", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36244" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-36244", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36244" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024062134-CVE-2024-36244-f88f@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024062134-CVE-2024-36244-f88f@gregkh/T" } ], "release_date": "2024-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-16T00:12:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8158" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too" }, { "cve": "CVE-2024-39472", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2024-07-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2296067" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa (\"xfs: detect and handle invalid iclog size set by\nmkfs\") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions. Later commit 0c771b99d6c9\n(\"xfs: clean up calculation of LR header blocks\") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-39472" }, { "category": "external", "summary": "RHBZ#2296067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-39472", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39472" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39472", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39472" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T" } ], "release_date": "2024-07-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-16T00:12:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8158" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup" }, { "cve": "CVE-2024-41056", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2024-07-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2300430" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files\n\nUse strnlen() instead of strlen() on the algorithm and coefficient name\nstring arrays in V1 wmfw files.\n\nIn V1 wmfw files the name is a NUL-terminated string in a fixed-size\narray. cs_dsp should protect against overrunning the array if the NUL\nterminator is missing.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-41056" }, { "category": "external", "summary": "RHBZ#2300430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300430" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-41056", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41056" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-41056", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41056" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024072930-CVE-2024-41056-c324@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024072930-CVE-2024-41056-c324@gregkh/T" } ], "release_date": "2024-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-16T00:12:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8158" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files" }, { "cve": "CVE-2024-41066", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-07-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2300442" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Add tx check to prevent skb leak\n\nBelow is a summary of how the driver stores a reference to an skb during\ntransmit:\n tx_buff[free_map[consumer_index]]-\u003eskb = new_skb;\n free_map[consumer_index] = IBMVNIC_INVALID_MAP;\n consumer_index ++;\nWhere variable data looks like this:\n free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]\n \tconsumer_index^\n tx_buff == [skb=null, skb=\u003cptr\u003e, skb=\u003cptr\u003e, skb=null, skb=null]\n\nThe driver has checks to ensure that free_map[consumer_index] pointed to\na valid index but there was no check to ensure that this index pointed\nto an unused/null skb address. So, if, by some chance, our free_map and\ntx_buff lists become out of sync then we were previously risking an\nskb memory leak. This could then cause tcp congestion control to stop\nsending packets, eventually leading to ETIMEDOUT.\n\nTherefore, add a conditional to ensure that the skb address is null. If\nnot then warn the user (because this is still a bug that should be\npatched) and free the old pointer to prevent memleak/tcp problems.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: ibmvnic: Add tx check to prevent skb leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-41066" }, { "category": "external", "summary": "RHBZ#2300442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300442" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-41066", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41066" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-41066", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41066" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024072907-CVE-2024-41066-0a52@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024072907-CVE-2024-41066-0a52@gregkh/T" } ], "release_date": "2024-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-16T00:12:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8158" }, { "category": "workaround", "details": "To mitigate this issue, prevent module ibmvnic from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: ibmvnic: Add tx check to prevent skb leak" }, { "cve": "CVE-2024-42090", "cwe": { "id": "CWE-833", "name": "Deadlock" }, "discovery_date": "2024-07-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2300552" } ], "notes": [ { "category": "description", "text": "A deadlock flaw was found in the Linux kernel\u2019s pinctrl subsystem. This flaw allows a local user to crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER", "title": "Vulnerability summary" }, { "category": "other", "text": "No known reproducer for this issue. It can happen due to some complex preconditions and in-error path handling.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-42090" }, { "category": "external", "summary": "RHBZ#2300552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300552" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-42090", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42090" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42090", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42090" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024072946-CVE-2024-42090-5687@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024072946-CVE-2024-42090-5687@gregkh/T" } ], "release_date": "2024-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-16T00:12:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8158" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER" }, { "cve": "CVE-2024-42272", "discovery_date": "2024-08-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2305417" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n tcf_action_add net/sched/act_api.c:2061 [inline]\n tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n __sys_sendmsg net/socket.c:2680 [inline]\n __do_sys_sendmsg net/socket.c:2689 [inline]\n __se_sys_sendmsg net/socket.c:2687 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: sched: act_ct: take care of padding in struct zones_ht_key", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 7 and 8 are not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-42272" }, { "category": "external", "summary": "RHBZ#2305417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305417" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-42272", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42272" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42272", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42272" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T" } ], "release_date": "2024-08-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-16T00:12:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8158" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: sched: act_ct: take care of padding in struct zones_ht_key" }, { "cve": "CVE-2024-42284", "cwe": { "id": "CWE-393", "name": "Return of Wrong Status Code" }, "discovery_date": "2024-08-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2305429" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-42284" }, { "category": "external", "summary": "RHBZ#2305429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305429" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-42284", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42284" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42284", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42284" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42284-bbfa@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42284-bbfa@gregkh/T" } ], "release_date": "2024-08-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-16T00:12:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8158" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.88.1.rt14.373.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.