Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in kernel-rt
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in kernel-rt
ID: RHSA-2024:6745
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2), Red Hat Enterprise Linux Real Time EUS (v.9.2)
Datum: Mi, 18. September 2024, 10:42
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=2293348
https://bugzilla.redhat.com/show_bug.cgi?id=2283468
https://access.redhat.com/errata/RHSA-2024:6745
https://bugzilla.redhat.com/show_bug.cgi?id=2275678
https://bugzilla.redhat.com/show_bug.cgi?id=2293420
https://access.redhat.com/security/cve/CVE-2024-41023
https://access.redhat.com/security/cve/CVE-2024-38615
https://access.redhat.com/security/cve/CVE-2024-38559
https://bugzilla.redhat.com/show_bug.cgi?id=2293440
https://access.redhat.com/security/cve/CVE-2024-40984
https://access.redhat.com/security/cve/CVE-2024-41031
https://access.redhat.com/security/cve/CVE-2024-42241
https://access.redhat.com/security/cve/CVE-2024-38573
https://access.redhat.com/security/cve/CVE-2024-42243
https://access.redhat.com/security/cve/CVE-2023-52880
https://bugzilla.redhat.com/show_bug.cgi?id=2300381
https://access.redhat.com/security/cve/CVE-2024-42246
https://access.redhat.com/security/cve/CVE-2024-26886
https://access.redhat.com/security/cve/CVE-2024-26974
https://bugzilla.redhat.com/show_bug.cgi?id=2300395
https://bugzilla.redhat.com/show_bug.cgi?id=2278354
https://bugzilla.redhat.com/show_bug.cgi?id=2297568
Applikationen: RT-Preempt-Realtime-Patch

Originalnachricht

 
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2
 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
 Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which enables
 fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886)

* kernel: crypto: qat - resolve race condition during AER recovery
 (CVE-2024-26974)

* kernel: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
 (CVE-2023-52880)

* kernel: cpufreq: exit() callback is optional (CVE-2024-38615)

* kernel: cppc_cpufreq: Fix possible null pointer dereference (CVE-2024-38573)

* kernel: scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559)

* kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs.
 Your kernel is fine." (CVE-2024-40984)

* kernel: sched/deadline: Fix task_struct reference leak (CVE-2024-41023)

* kernel: mm/filemap: skip to create PMD-sized page cache if needed
 (CVE-2024-41031)

* kernel: mm/shmem: disable PMD-sized page cache if needed (CVE-2024-42241)

* kernel: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray
 (CVE-2024-42243)

* kernel: net, sunrpc: Remap EPERM in case of connection failure in
 xs_tcp_setup_socket (CVE-2024-42246)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-52880: Improper Control of Resource Identifiers ('Resource
 Injection') (CWE-99)
CVE-2024-26886: Deadlock (CWE-833)
CVE-2024-26974
CVE-2024-38559: Out-of-bounds Read (CWE-125)
CVE-2024-38573
CVE-2024-38615: Incomplete Cleanup (CWE-459)
CVE-2024-40984: NULL Pointer Dereference (CWE-476)
CVE-2024-41023: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2024-41031: Improper Control of Resource Identifiers ('Resource
 Injection') (CWE-99)
CVE-2024-42241: Improper Control of Resource Identifiers ('Resource
 Injection') (CWE-99)
CVE-2024-42243: Improper Input Validation (CWE-20)
CVE-2024-42246
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung