rhsa-2024_4106
Vulnerability from csaf_redhat
Published
2024-06-26 00:09
Modified
2024-11-06 06:15
Summary
Red Hat Security Advisory: kernel-rt security update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)
* kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393)
* kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403)
* kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)
* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)
* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)
* kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400)
* kernel: octeontx2-af: avoid off-by-one read from userspace (CVE-2024-36957)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)\n\n* kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393)\n\n* kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403)\n\n* kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)\n\n* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)\n\n* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)\n\n* kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400)\n\n* kernel: octeontx2-af: avoid off-by-one read from userspace (CVE-2024-36957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4106", "url": "https://access.redhat.com/errata/RHSA-2024:4106" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2280434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280434" }, { "category": "external", "summary": "2280745", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280745" }, { "category": "external", "summary": "2281127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281127" }, { "category": "external", "summary": "2281740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281740" }, { "category": "external", "summary": "2281920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281920" }, { "category": "external", "summary": "2281925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281925" }, { "category": "external", "summary": "2282336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282336" }, { "category": "external", "summary": "2284581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284581" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4106.json" } ], "title": "Red Hat Security Advisory: kernel-rt security update", "tracking": { "current_release_date": "2024-11-06T06:15:16+00:00", "generator": { "date": "2024-11-06T06:15:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:4106", "initial_release_date": "2024-06-26T00:09:42+00:00", "revision_history": [ { "date": "2024-06-26T00:09:42+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-26T00:09:42+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T06:15:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product": { "name": "Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:9.2::realtime" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product": { "name": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "product": { "name": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "product_id": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.71.1.rt14.356.el9_2?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-core@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-core@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-core@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-core@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@5.14.0-284.71.1.rt14.356.el9_2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src" }, "product_reference": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)", "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "NFV-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src" }, "product_reference": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)", "product_id": "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "relates_to_product_reference": "RT-9.2.0.Z.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-47400", "cwe": { "id": "CWE-664", "name": "Improper Control of a Resource Through its Lifetime" }, "discovery_date": "2024-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2282336" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: do not allow call hns3_nic_net_open repeatedly\n\nhns3_nic_net_open() is not allowed to called repeatly, but there\nis no checking for this. When doing device reset and setup tc\nconcurrently, there is a small oppotunity to call hns3_nic_net_open\nrepeatedly, and cause kernel bug by calling napi_enable twice.\n\nThe calltrace information is like below:\n[ 3078.222780] ------------[ cut here ]------------\n[ 3078.230255] kernel BUG at net/core/dev.c:6991!\n[ 3078.236224] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n[ 3078.243431] Modules linked in: hns3 hclgevf hclge hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O)\n[ 3078.258880] CPU: 0 PID: 295 Comm: kworker/u8:5 Tainted: G O 5.14.0-rc4+ #1\n[ 3078.269102] Hardware name: , BIOS KpxxxFPGA 1P B600 V181 08/12/2021\n[ 3078.276801] Workqueue: hclge hclge_service_task [hclge]\n[ 3078.288774] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)\n[ 3078.296168] pc : napi_enable+0x80/0x84\ntc qdisc sho[w 3d0e7v8 .e3t0h218 79] lr : hns3_nic_net_open+0x138/0x510 [hns3]\n\n[ 3078.314771] sp : ffff8000108abb20\n[ 3078.319099] x29: ffff8000108abb20 x28: 0000000000000000 x27: ffff0820a8490300\n[ 3078.329121] x26: 0000000000000001 x25: ffff08209cfc6200 x24: 0000000000000000\n[ 3078.339044] x23: ffff0820a8490300 x22: ffff08209cd76000 x21: ffff0820abfe3880\n[ 3078.349018] x20: 0000000000000000 x19: ffff08209cd76900 x18: 0000000000000000\n[ 3078.358620] x17: 0000000000000000 x16: ffffc816e1727a50 x15: 0000ffff8f4ff930\n[ 3078.368895] x14: 0000000000000000 x13: 0000000000000000 x12: 0000259e9dbeb6b4\n[ 3078.377987] x11: 0096a8f7e764eb40 x10: 634615ad28d3eab5 x9 : ffffc816ad8885b8\n[ 3078.387091] x8 : ffff08209cfc6fb8 x7 : ffff0820ac0da058 x6 : ffff0820a8490344\n[ 3078.396356] x5 : 0000000000000140 x4 : 0000000000000003 x3 : ffff08209cd76938\n[ 3078.405365] x2 : 0000000000000000 x1 : 0000000000000010 x0 : ffff0820abfe38a0\n[ 3078.414657] Call trace:\n[ 3078.418517] napi_enable+0x80/0x84\n[ 3078.424626] hns3_reset_notify_up_enet+0x78/0xd0 [hns3]\n[ 3078.433469] hns3_reset_notify+0x64/0x80 [hns3]\n[ 3078.441430] hclge_notify_client+0x68/0xb0 [hclge]\n[ 3078.450511] hclge_reset_rebuild+0x524/0x884 [hclge]\n[ 3078.458879] hclge_reset_service_task+0x3c4/0x680 [hclge]\n[ 3078.467470] hclge_service_task+0xb0/0xb54 [hclge]\n[ 3078.475675] process_one_work+0x1dc/0x48c\n[ 3078.481888] worker_thread+0x15c/0x464\n[ 3078.487104] kthread+0x160/0x170\n[ 3078.492479] ret_from_fork+0x10/0x18\n[ 3078.498785] Code: c8027c81 35ffffa2 d50323bf d65f03c0 (d4210000)\n[ 3078.506889] ---[ end trace 8ebe0340a1b0fb44 ]---\n\nOnce hns3_nic_net_open() is excute success, the flag\nHNS3_NIC_STATE_DOWN will be cleared. So add checking for this\nflag, directly return when HNS3_NIC_STATE_DOWN is no set.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated as moderate because its impact is limited by specific conditions that need to be met for exploitation.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-47400" }, { "category": "external", "summary": "RHBZ#2282336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282336" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-47400", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47400" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-47400", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47400" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024052149-CVE-2021-47400-394b@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024052149-CVE-2021-47400-394b@gregkh/T" } ], "release_date": "2024-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-26T00:09:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4106" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly" }, { "cve": "CVE-2024-27393", "discovery_date": "2024-05-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2280745" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: Add missing skb_mark_for_recycle\n\nNotice that skb_mark_for_recycle() is introduced later than fixes tag in\ncommit 6a5bcd84e886 (\"page_pool: Allow drivers to hint on SKB recycling\").\n\nIt is believed that fixes tag were missing a call to page_pool_release_page()\nbetween v5.9 to v5.14, after which is should have used skb_mark_for_recycle().\nSince v6.6 the call page_pool_release_page() were removed (in\ncommit 535b9c61bdef (\"net: page_pool: hide page_pool_release_page()\")\nand remaining callers converted (in commit 6bfef2ec0172 (\"Merge branch\n\u0027net-page_pool-remove-page_pool_release_page\u0027\")).\n\nThis leak became visible in v6.8 via commit dba1b8a7ab68 (\"mm/page_pool: catch\npage_pool memory leaks\").", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: xen-netfront: Add missing skb_mark_for_recycle", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-27393" }, { "category": "external", "summary": "RHBZ#2280745", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280745" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27393", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27393" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27393", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27393" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024050835-CVE-2024-27393-b804@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024050835-CVE-2024-27393-b804@gregkh/T" } ], "release_date": "2024-05-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-26T00:09:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4106" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: xen-netfront: Add missing skb_mark_for_recycle" }, { "cve": "CVE-2024-27397", "discovery_date": "2024-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2280434" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Linux kernel\u2019s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: netfilter: nf_tables: use timestamp to check for set element timeout", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability impact level between Moderate and High, and chosen Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-27397" }, { "category": "external", "summary": "RHBZ#2280434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280434" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27397", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27397" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27397", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27397" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024050837-CVE-2024-27397-fd1e@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024050837-CVE-2024-27397-fd1e@gregkh/T" } ], "release_date": "2024-05-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-26T00:09:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4106" }, { "category": "workaround", "details": "In order to trigger the issue, it requires the ability to create user/net namespaces.\n\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: netfilter: nf_tables: use timestamp to check for set element timeout" }, { "cve": "CVE-2024-27403", "discovery_date": "2024-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2281127" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_flow_offload: reset dst in route object after setting up flow\n\ndst is transferred to the flow object, route object does not own it\nanymore. Reset dst in route object, otherwise if flow_offload_add()\nfails, error path releases dst twice, leading to a refcount underflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-27403" }, { "category": "external", "summary": "RHBZ#2281127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281127" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27403", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27403" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27403", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27403" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-27403-c4ba@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-27403-c4ba@gregkh/T" } ], "release_date": "2024-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-26T00:09:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4106" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow" }, { "cve": "CVE-2024-35870", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2024-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2281740" } ], "notes": [ { "category": "description", "text": "A flaw was found in the smb client in the Linux kernel. A potential use-after-free error was seen in the smb2_reconnect_server() function. This issue can lead to the crash of a client user session.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: smb: client: fix UAF in smb2_reconnect_server()", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability considered being Moderate impact because of limitations for attack scenario.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-35870" }, { "category": "external", "summary": "RHBZ#2281740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281740" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-35870", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35870" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-35870", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35870" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024051940-CVE-2024-35870-3c02@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024051940-CVE-2024-35870-3c02@gregkh/T" } ], "release_date": "2024-05-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-26T00:09:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4106" }, { "category": "workaround", "details": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: smb: client: fix UAF in smb2_reconnect_server()" }, { "cve": "CVE-2024-35958", "discovery_date": "2024-05-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2281925" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Fix incorrect descriptor free behavior\n\nENA has two types of TX queues:\n- queues which only process TX packets arriving from the network stack\n- queues which only process TX packets forwarded to it by XDP_REDIRECT\n or XDP_TX instructions\n\nThe ena_free_tx_bufs() cycles through all descriptors in a TX queue\nand unmaps + frees every descriptor that hasn\u0027t been acknowledged yet\nby the device (uncompleted TX transactions).\nThe function assumes that the processed TX queue is necessarily from\nthe first category listed above and ends up using napi_consume_skb()\nfor descriptors belonging to an XDP specific queue.\n\nThis patch solves a bug in which, in case of a VF reset, the\ndescriptors aren\u0027t freed correctly, leading to crashes.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net: ena: Fix incorrect descriptor free behavior", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-35958" }, { "category": "external", "summary": "RHBZ#2281925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281925" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-35958", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35958" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-35958", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35958" } ], "release_date": "2024-05-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-26T00:09:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4106" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net: ena: Fix incorrect descriptor free behavior" }, { "cve": "CVE-2024-35960", "discovery_date": "2024-05-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2281920" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Properly link new fs rules into the tree\n\nPreviously, add_rule_fg would only add newly created rules from the\nhandle into the tree when they had a refcount of 1. On the other hand,\ncreate_flow_handle tries hard to find and reference already existing\nidentical rules instead of creating new ones.\n\nThese two behaviors can result in a situation where create_flow_handle\n1) creates a new rule and references it, then\n2) in a subsequent step during the same handle creation references it\n again,\nresulting in a rule with a refcount of 2 that is not linked into the\ntree, will have a NULL parent and root and will result in a crash when\nthe flow group is deleted because del_sw_hw_rule, invoked on rule\ndeletion, assumes node-\u003eparent is != NULL.\n\nThis happened in the wild, due to another bug related to incorrect\nhandling of duplicate pkt_reformat ids, which lead to the code in\ncreate_flow_handle incorrectly referencing a just-added rule in the same\nflow handle, resulting in the problem described above. Full details are\nat [1].\n\nThis patch changes add_rule_fg to add new rules without parents into\nthe tree, properly initializing them and avoiding the crash. This makes\nit more consistent with how rules are added to an FTE in\ncreate_flow_handle.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net/mlx5: Properly link new fs rules into the tree", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-35960" }, { "category": "external", "summary": "RHBZ#2281920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281920" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-35960", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35960" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-35960", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35960" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024052020-CVE-2024-35960-2eaa@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024052020-CVE-2024-35960-2eaa@gregkh/T" } ], "release_date": "2024-05-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-26T00:09:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4106" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net/mlx5: Properly link new fs rules into the tree" }, { "cve": "CVE-2024-36957", "cwe": { "id": "CWE-193", "name": "Off-by-one Error" }, "discovery_date": "2024-05-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2284581" } ], "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: avoid off-by-one read from userspace\n\nWe try to access count + 1 byte from userspace with memdup_user(buffer,\ncount + 1). However, the userspace only provides buffer of count bytes and\nonly these count bytes are verified to be okay to access. To ensure the\ncopied buffer is NUL terminated, we use memdup_user_nul instead.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: octeontx2-af: avoid off-by-one read from userspace", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-36957" }, { "category": "external", "summary": "RHBZ#2284581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284581" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-36957", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36957" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-36957", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36957" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024053041-CVE-2024-36957-5919@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024053041-CVE-2024-36957-5919@gregkh/T" } ], "release_date": "2024-05-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-26T00:09:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4106" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.src", "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64", "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.71.1.rt14.356.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: octeontx2-af: avoid off-by-one read from userspace" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.