(RHSA-2024:0563) Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

• kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)

• kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

• kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

• kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

• kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

• kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

• kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

• hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)

• kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)

• kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)

• kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.