{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2024:1614","synopsis":"Important: kernel-rt security and bug fix update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for kernel-rt.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)\n\n* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)\n\n* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527)\n\n* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)\n\n* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers\/gpu\/drm\/amd\/amdgpu\/amdgpu_cs.c (CVE-2023-51042)\n\n* kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631)\n\n* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)\n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the latest Rocky Linux-8.9.z3 Batch (JIRA:Rocky Linux-23853)\n\n* kernel-rt: kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux-24015)\n\n* kernel-rt: kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux-22758)\n\n* kernel-rt: kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux-22080)\n\n* kernel-rt: kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux-22933)\n\n* kernel-rt: kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers\/gpu\/drm\/amd\/amdgpu\/amdgpu_cs.c (JIRA:Rocky Linux-24498)\n\n* kernel-rt: kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux-19966)\n\n* kernel-rt: kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux-26334)","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2133452","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2133452","description":""},{"ticket":"2252731","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2252731","description":""},{"ticket":"2255498","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2255498","description":""},{"ticket":"2258518","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2258518","description":""},{"ticket":"2259866","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2259866","description":""},{"ticket":"2261976","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2261976","description":""},{"ticket":"2262126","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2262126","description":""}],"cves":[{"name":"CVE-2021-33631","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-33631","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2022-38096","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-38096","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-51042","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-51042","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-6546","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-6546","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-6931","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-6931","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-0565","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-0565","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-1086","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-1086","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"}],"references":[],"publishedAt":"2024-04-05T14:56:14.116713Z","rpms":{"Rocky Linux 8":{"nvras":["kernel-rt-0:4.18.0-513.24.1.rt7.326.el8_9.src.rpm","kernel-rt-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-core-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-core-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-debuginfo-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-devel-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debuginfo-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-kvm-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-modules-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-debug-modules-extra-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-devel-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-kvm-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-modules-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm","kernel-rt-modules-extra-0:4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}