Red Hat alert RHSA-2024:8158-01 (kernel-rt)
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746) * kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47385) * kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244) * kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472) * kernel: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (CVE-2024-41056) * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066) * kernel: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (CVE-2024-42090) * kernel: sched: act_ct: take care of padding in struct zones_ht_key (CVE-2024-42272) * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.Original: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_8158.json