(RHSA-2024:0881) Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

• kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

• kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

• kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

• kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

• kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

• kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

• kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

• kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073)

• kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838)

• kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

• kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

• kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child’s sibling_list (CVE-2023-5717)

• kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)

• kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)

• kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)

• kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

• kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)

• kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

• kernel: SEV-ES local priv escalation (CVE-2023-46813)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.