RHBA-2024:0611
Vulnerability from csaf_redhat - Published: 2024-01-30 14:48 - Updated: 2026-03-22 03:08Summary
Red Hat Bug Fix Advisory: updated Red Hat Enterprise Linux 9 container images
Severity
Low
Notes
Topic: Updated Red Hat Enterprise Linux 9 container images are now available
Details: The Red Hat Enterprise Linux 9 container images have been updated to address the following security advisory: RHSA-2024:0461 (see References)
Users of Red Hat Enterprise Linux 9 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
In the Linux kernel, the following vulnerability has been resolved: mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() After the commit in Fixes:, if a module that created a slab cache does not release all of its allocated objects before destroying the cache (at rmmod time), we might end up releasing the kmem_cache object without removing it from the slab_caches list thus corrupting the list as kmem_cache_destroy() ignores the return value from shutdown_cache(), which in turn never removes the kmem_cache object from slabs_list in case __kmem_cache_shutdown() fails to release all of the cache's slabs. This is easily observable on a kernel built with CONFIG_DEBUG_LIST=y as after that ill release the system will immediately trip on list_add, or list_del, assertions similar to the one shown below as soon as another kmem_cache gets created, or destroyed: [ 1041.213632] list_del corruption. next->prev should be ffff89f596fb5768, but was 52f1e5016aeee75d. (next=ffff89f595a1b268) [ 1041.219165] ------------[ cut here ]------------ [ 1041.221517] kernel BUG at lib/list_debug.c:62! [ 1041.223452] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 1041.225408] CPU: 2 PID: 1852 Comm: rmmod Kdump: loaded Tainted: G B W OE 6.5.0 #15 [ 1041.228244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230524-3.fc37 05/24/2023 [ 1041.231212] RIP: 0010:__list_del_entry_valid+0xae/0xb0 Another quick way to trigger this issue, in a kernel with CONFIG_SLUB=y, is to set slub_debug to poison the released objects and then just run cat /proc/slabinfo after removing the module that leaks slab objects, in which case the kernel will panic: [ 50.954843] general protection fault, probably for non-canonical address 0xa56b6b6b6b6b6b8b: 0000 [#1] PREEMPT SMP PTI [ 50.961545] CPU: 2 PID: 1495 Comm: cat Kdump: loaded Tainted: G B W OE 6.5.0 #15 [ 50.966808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230524-3.fc37 05/24/2023 [ 50.972663] RIP: 0010:get_slabinfo+0x42/0xf0 This patch fixes this issue by properly checking shutdown_cache()'s return value before taking the kmem_cache_release() branch.
5.5 (Medium)
Vendor Fix
The Red Hat Enterprise Linux 9 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
https://access.redhat.com/errata/RHBA-2024:0611
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat Enterprise Linux 9 container images are now available",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Enterprise Linux 9 container images have been updated to address the following security advisory: RHSA-2024:0461 (see References)\n\nUsers of Red Hat Enterprise Linux 9 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2024:0611",
"url": "https://access.redhat.com/errata/RHBA-2024:0611"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2024:0461",
"url": "https://access.redhat.com/errata/RHSA-2024:0461"
},
{
"category": "external",
"summary": "https://access.redhat.com/containers",
"url": "https://access.redhat.com/containers"
},
{
"category": "external",
"summary": "2133451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133451"
},
{
"category": "external",
"summary": "2144379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144379"
},
{
"category": "external",
"summary": "2161310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161310"
},
{
"category": "external",
"summary": "2187813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187813"
},
{
"category": "external",
"summary": "2187931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187931"
},
{
"category": "external",
"summary": "2224048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224048"
},
{
"category": "external",
"summary": "2230042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230042"
},
{
"category": "external",
"summary": "2231800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231800"
},
{
"category": "external",
"summary": "2237750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237750"
},
{
"category": "external",
"summary": "2237752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237752"
},
{
"category": "external",
"summary": "2237757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237757"
},
{
"category": "external",
"summary": "2237760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237760"
},
{
"category": "external",
"summary": "2239843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239843"
},
{
"category": "external",
"summary": "2241924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241924"
},
{
"category": "external",
"summary": "2245663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245663"
},
{
"category": "external",
"summary": "2246944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246944"
},
{
"category": "external",
"summary": "2253986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253986"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_0611.json"
}
],
"title": "Red Hat Bug Fix Advisory: updated Red Hat Enterprise Linux 9 container images",
"tracking": {
"current_release_date": "2026-03-22T03:08:09+00:00",
"generator": {
"date": "2026-03-22T03:08:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHBA-2024:0611",
"initial_release_date": "2024-01-30T14:48:37+00:00",
"revision_history": [
{
"date": "2024-01-30T14:48:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-30T14:48:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-22T03:08:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhel9/flatpak-runtime@sha256:919d9484d95a7a7040429b95dedd434a324f936919f9201cdbc05988e39ec8b6_amd64",
"product": {
"name": "rhel9/flatpak-runtime@sha256:919d9484d95a7a7040429b95dedd434a324f936919f9201cdbc05988e39ec8b6_amd64",
"product_id": "rhel9/flatpak-runtime@sha256:919d9484d95a7a7040429b95dedd434a324f936919f9201cdbc05988e39ec8b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/flatpak-runtime@sha256:919d9484d95a7a7040429b95dedd434a324f936919f9201cdbc05988e39ec8b6?arch=amd64\u0026repository_url=registry.redhat.io/rhel9/flatpak-runtime\u0026tag=el9-9030020230825103938.1706180714"
}
}
},
{
"category": "product_version",
"name": "rhel9/flatpak-sdk@sha256:a15f72867b33d40c240440a42a6509a28a9f6d1cfe80e99df19f5e01d1fdb593_amd64",
"product": {
"name": "rhel9/flatpak-sdk@sha256:a15f72867b33d40c240440a42a6509a28a9f6d1cfe80e99df19f5e01d1fdb593_amd64",
"product_id": "rhel9/flatpak-sdk@sha256:a15f72867b33d40c240440a42a6509a28a9f6d1cfe80e99df19f5e01d1fdb593_amd64",
"product_identification_helper": {
"purl": "pkg:oci/flatpak-sdk@sha256:a15f72867b33d40c240440a42a6509a28a9f6d1cfe80e99df19f5e01d1fdb593?arch=amd64\u0026repository_url=registry.redhat.io/rhel9/flatpak-sdk\u0026tag=el9-9030020230825103938.1706180712"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhel9/flatpak-runtime@sha256:919d9484d95a7a7040429b95dedd434a324f936919f9201cdbc05988e39ec8b6_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:rhel9/flatpak-runtime@sha256:919d9484d95a7a7040429b95dedd434a324f936919f9201cdbc05988e39ec8b6_amd64"
},
"product_reference": "rhel9/flatpak-runtime@sha256:919d9484d95a7a7040429b95dedd434a324f936919f9201cdbc05988e39ec8b6_amd64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhel9/flatpak-sdk@sha256:a15f72867b33d40c240440a42a6509a28a9f6d1cfe80e99df19f5e01d1fdb593_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:rhel9/flatpak-sdk@sha256:a15f72867b33d40c240440a42a6509a28a9f6d1cfe80e99df19f5e01d1fdb593_amd64"
},
"product_reference": "rhel9/flatpak-sdk@sha256:a15f72867b33d40c240440a42a6509a28a9f6d1cfe80e99df19f5e01d1fdb593_amd64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52562",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2024-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2267737"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slab_common: fix slab_caches list corruption after kmem_cache_destroy()\n\nAfter the commit in Fixes:, if a module that created a slab cache does not\nrelease all of its allocated objects before destroying the cache (at rmmod\ntime), we might end up releasing the kmem_cache object without removing it\nfrom the slab_caches list thus corrupting the list as kmem_cache_destroy()\nignores the return value from shutdown_cache(), which in turn never removes\nthe kmem_cache object from slabs_list in case __kmem_cache_shutdown() fails\nto release all of the cache\u0027s slabs.\n\nThis is easily observable on a kernel built with CONFIG_DEBUG_LIST=y\nas after that ill release the system will immediately trip on list_add,\nor list_del, assertions similar to the one shown below as soon as another\nkmem_cache gets created, or destroyed:\n\n [ 1041.213632] list_del corruption. next-\u003eprev should be ffff89f596fb5768, but was 52f1e5016aeee75d. (next=ffff89f595a1b268)\n [ 1041.219165] ------------[ cut here ]------------\n [ 1041.221517] kernel BUG at lib/list_debug.c:62!\n [ 1041.223452] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n [ 1041.225408] CPU: 2 PID: 1852 Comm: rmmod Kdump: loaded Tainted: G B W OE 6.5.0 #15\n [ 1041.228244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230524-3.fc37 05/24/2023\n [ 1041.231212] RIP: 0010:__list_del_entry_valid+0xae/0xb0\n\nAnother quick way to trigger this issue, in a kernel with CONFIG_SLUB=y,\nis to set slub_debug to poison the released objects and then just run\ncat /proc/slabinfo after removing the module that leaks slab objects,\nin which case the kernel will panic:\n\n [ 50.954843] general protection fault, probably for non-canonical address 0xa56b6b6b6b6b6b8b: 0000 [#1] PREEMPT SMP PTI\n [ 50.961545] CPU: 2 PID: 1495 Comm: cat Kdump: loaded Tainted: G B W OE 6.5.0 #15\n [ 50.966808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230524-3.fc37 05/24/2023\n [ 50.972663] RIP: 0010:get_slabinfo+0x42/0xf0\n\nThis patch fixes this issue by properly checking shutdown_cache()\u0027s\nreturn value before taking the kmem_cache_release() branch.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: mm/slab_common: slab_caches list corruption after kmem_cache_destroy()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:rhel9/flatpak-runtime@sha256:919d9484d95a7a7040429b95dedd434a324f936919f9201cdbc05988e39ec8b6_amd64",
"AppStream-9.3.0.GA:rhel9/flatpak-sdk@sha256:a15f72867b33d40c240440a42a6509a28a9f6d1cfe80e99df19f5e01d1fdb593_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-52562"
},
{
"category": "external",
"summary": "RHBZ#2267737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-52562",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52562"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-52562",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52562"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024030253-CVE-2023-52562-da24@gregkh/T/#u",
"url": "https://lore.kernel.org/linux-cve-announce/2024030253-CVE-2023-52562-da24@gregkh/T/#u"
}
],
"release_date": "2024-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-30T14:48:37+00:00",
"details": "The Red Hat Enterprise Linux 9 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"AppStream-9.3.0.GA:rhel9/flatpak-runtime@sha256:919d9484d95a7a7040429b95dedd434a324f936919f9201cdbc05988e39ec8b6_amd64",
"AppStream-9.3.0.GA:rhel9/flatpak-sdk@sha256:a15f72867b33d40c240440a42a6509a28a9f6d1cfe80e99df19f5e01d1fdb593_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:0611"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:rhel9/flatpak-runtime@sha256:919d9484d95a7a7040429b95dedd434a324f936919f9201cdbc05988e39ec8b6_amd64",
"AppStream-9.3.0.GA:rhel9/flatpak-sdk@sha256:a15f72867b33d40c240440a42a6509a28a9f6d1cfe80e99df19f5e01d1fdb593_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: mm/slab_common: slab_caches list corruption after kmem_cache_destroy()"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…