RLBA-2022:8321
tuned bug fix and enhancement update
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux 9
1
None
An update is available for tuned.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
rocky-linux-9-x86-64-nfv-rpms
tuned-profiles-nfv-2.19.0-1.el9.noarch.rpm
3ecae7bb81855cbfde7b8bc61d7018728daa12b6f260f72a4cfbafc3c742cdb2
tuned-profiles-nfv-guest-2.19.0-1.el9.noarch.rpm
ea7e4c351656b476345596fd2e439bbd8e7a37671a8f0b28782df60b4f9fd61d
tuned-profiles-nfv-host-2.19.0-1.el9.noarch.rpm
86cf21b89db1f3afe156b2d4a9ad0cf0a4123f47748dfd320544dbe671652e6e
tuned-profiles-realtime-2.19.0-1.el9.noarch.rpm
fb0dbba6e33e15cead237638bb3ba2217f1f97dad6d226fbf28ddc5b6f256016
RLBA-2022:7934
rteval bug fix and enhancement update
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux 9
1
None
An update is available for rteval.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
rocky-linux-9-x86-64-nfv-rpms
rteval-3.4-1.el9.noarch.rpm
779ef99730b0722c8085dd7bfeb5caa7c3fc469c860fe8070cc6f73ba2ae964c
RLBA-2022:7936
realtime-setup bug fix and enhancement update
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux 9
1
None
An update is available for realtime-setup.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
rocky-linux-9-x86-64-nfv-rpms
realtime-setup-2.2-6.el9.x86_64.rpm
09d1e8c58237d226f48dcd7ea1859255908739b2bd44891cb9c2200a7737ac18
RLBA-2022:7939
rteval-loads bug fix and enhancement update
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux 9
1
None
An update is available for rteval-loads.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
rocky-linux-9-x86-64-nfv-rpms
rteval-loads-1.6-1.el9.noarch.rpm
d90521c5eadf3f090373ef007bc30c919b714cf597c400efd189542cc7de73bb
RLSA-2023:0300
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077)
* kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* DELL EMC: System is not booting into RT Kernel with perc12 [kernel-rt] (BZ#2139863)
* kernel-rt: update RT source tree to the latest Rocky Linux-9.1.z1 Batch (BZ#2141817)
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux 9
1
Important
An update is available for kernel-rt.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077)
* kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* DELL EMC: System is not booting into RT Kernel with perc12 [kernel-rt] (BZ#2139863)
* kernel-rt: update RT source tree to the latest Rocky Linux-9.1.z1 Batch (BZ#2141817)
rocky-linux-9-x86-64-nfv-rpms
kernel-rt-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm
a7e1f3a73355138f0b833a118d6b89658f74d299cfa39c77f8a259395a7330c3
kernel-rt-core-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm
5b68b98ea60d1532352676df69dd5f01bb4091a19159f80b4987be94ad3f9d5e
kernel-rt-debug-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm
b3a01fa3e91d415b63e0da93758d281b8f25a549dc982bb9cad82a17be557220
kernel-rt-debug-core-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm
46b42686c27706db3766e029fe5b849642652dd85ca7f4c7e8ccffb8ee5ad4c4
kernel-rt-debug-devel-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm
3f1d53fb45a4edb3c5a2ae633202b7d9637faa9fb0c6d6cc8f4247124264c836
kernel-rt-debug-kvm-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm
ec4beff42c43ffadd5ce03dc91887ae6f758a0544a6c19cceb92fe07792d3ec0
kernel-rt-debug-modules-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm
1090f4e8d8356909d3e656f774eb05ac4b44af0bc3e9bb37ed084eb42bd15f79
kernel-rt-debug-modules-extra-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm
9988382bde8954cac0c0b91da17ce38b528b25465fb25b642aa9a029fd577d49
kernel-rt-devel-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm
1c5864022ae27f7f2f238959bbf5eb754d939c3064c782c20e02325a514c68c5
kernel-rt-kvm-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm
54d9f42d4f2158df3bd3f8f490d8aae6da119aa2788c1df95a76558a77e0a723
kernel-rt-modules-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm
c8fcbfdcf00d9e0b594bb22083bcfea58004e2009c316e66b776657e9bd58831
kernel-rt-modules-extra-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm
faa845cb72002e6899eee20b282e5859dfb66fd9180e99f0287e3a39a914bb30
RLSA-2023:0979
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379)
* kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: update RT source tree to the latest Rocky Linux-9.1.z2 Batch (BZ#2160463)
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux 9
1
Important
An update is available for kernel-rt.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379)
* kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: update RT source tree to the latest Rocky Linux-9.1.z2 Batch (BZ#2160463)
rocky-linux-9-x86-64-nfv-rpms
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm
7b3306e40d0eb276b81736e5b4d0a090b32e7428669108e3a9b5e9e6aaad5464
kernel-rt-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm
d982083ee4ad4d679065f00f97454fe4d98fa099b0c48fe7b43f336383a843f1
kernel-rt-debug-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm
604d8762e724e8a645b855749d0e0e9356fece859c97bf6465dfb24c4bc2ef00
kernel-rt-debug-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm
2bae5de2733341e8ae12f4f0ee969fac2d108d977898196276c97acef486a544
kernel-rt-debug-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm
0659314a6f21c051ddc70aaac21c744c84bbd3ee79324d9cd8f63d68b43a90d1
kernel-rt-debug-kvm-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm
d36e8f2d118d803b571207e3354f2ecbbe1be262943615f87cab8ccfa205b1ec
kernel-rt-debug-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm
7a2333a7b531b60da3f5bccf06897798f67f859911183f627c994ca49d0d74f0
kernel-rt-debug-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm
c3011279e4e4898e4cfc91e5c0dda8b355f934a49d40275bd757e97faa2c87e8
kernel-rt-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm
2a65d0b572d8b1c5d785424854a314aa0106e65d52e57f327be144ceb1fb955c
kernel-rt-kvm-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm
eb384f7c5b48aa33121ce2715ff3993ea7f926c65cb3eb4f7ec41c362ae05e1e
kernel-rt-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm
c785118454a0725cad5b48f0163e8f67e6015d1fe8b75d4ee0000473779c8810
kernel-rt-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm
1f580e31f2eabb98c9c86eaa7afd295e34d4c2b9ae448672fb17633b7bac9cfa
RLSA-2023:1469
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: update RT source tree to the latest Rocky Linux-9.1.z3 Batch (BZ#2170460)
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux 9
1
Important
An update is available for kernel-rt.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: update RT source tree to the latest Rocky Linux-9.1.z3 Batch (BZ#2170460)
rocky-linux-9-x86-64-nfv-rpms
kernel-rt-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm
568dd09bab56394023fe0306b75bd37ea022a6d953d67a0a684d0e3c09a062eb
kernel-rt-core-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm
dfabf38ea0e692f2e9e79032718f856947f6c79322302ba7b3e71da432b89a43
kernel-rt-debug-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm
e1262ce076bfef2e64439348d0994b007be9dca1826f412e41ef1ae0ad9a65be
kernel-rt-debug-core-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm
68994eab42c1b61e40fb586c0db25b9e1e0120c20ef4cda336eed835530e3750
kernel-rt-debug-devel-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm
feeb3cbbbb86b394efd4f1c725cf5196c615e5d95da7d65ac35df62e428f9c09
kernel-rt-debug-kvm-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm
6e915ef0375935ddbb6a22d786520dc3ade628dffaefba0f69a7ad163d4dbc57
kernel-rt-debug-modules-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm
16b5584dc7bfa322f30bb2365392e97001f24356dd5550f329c994c5e13157d4
kernel-rt-debug-modules-extra-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm
7ee7488f2e287486a29fef3c09b5ee84f602f58a61cea14ced64f4c07483bb99
kernel-rt-devel-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm
557f3f925cb9019b8d559ef7d0c76d910b62d338d424a57306781e6985118e7d
kernel-rt-kvm-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm
17c5d4216b724aec4fcb1b6dd52ff60045cbfd1ad7371c67f12a676c2e6bda11
kernel-rt-modules-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm
2825674e7d7e26a5e1d90766a5094258be1f1cfb5e3ff2360f0786df2c25c919
kernel-rt-modules-extra-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm
5df494c468c21ba95a1e5d4330dfcf63dbcbb2d36f140cba6541b812c3f7ab5b
RLBA-2023:2149
rteval bug fix and enhancement update
For detailed information on changes in this release, see the Rocky Linux 9.2 Release Notes linked from the References section.
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux 9
1
None
An update is available for rteval.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
For detailed information on changes in this release, see the Rocky Linux 9.2 Release Notes linked from the References section.
rocky-linux-9-x86-64-nfv-rpms
rteval-3.5-7.el9.noarch.rpm
04313b632c9cadc83f364224fade45c1340ef4995001f1f943d2be4b1ec5819f
RLSA-2023:4378
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)
* kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)
* kernel: KVM: x86/mmu: race condition in direct_page_fault() (CVE-2022-45869)
* kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c (CVE-2023-0458)
* kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux9 rt: blktests block/024 failed (BZ#2209920)
* Backport pinned timers RT specific behavior for FIFO tasks (BZ#2210071)
* kernel-rt: update RT source tree to the Rocky Linux-9.2z2 source tree (BZ#2215122)
* kernel-rt: update RT source tree to the Rocky Linux-9.2z2b source tree (BZ#2222796)
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux 9
1
Important
An update is available for kernel-rt.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)
* kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)
* kernel: KVM: x86/mmu: race condition in direct_page_fault() (CVE-2022-45869)
* kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c (CVE-2023-0458)
* kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux9 rt: blktests block/024 failed (BZ#2209920)
* Backport pinned timers RT specific behavior for FIFO tasks (BZ#2210071)
* kernel-rt: update RT source tree to the Rocky Linux-9.2z2 source tree (BZ#2215122)
* kernel-rt: update RT source tree to the Rocky Linux-9.2z2b source tree (BZ#2222796)
rocky-linux-9-x86-64-nfv-rpms
kernel-rt-debug-modules-core-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
07e68a8d61796b63fa3a08eca1b8568a1db32ab531f5e50c9e6ab5b78371dff2
kernel-rt-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
d5d3e0ee745dfcbb9dbc6a773cfafbfd49c4e4c06db98f3b1cc381bffe7b5547
kernel-rt-core-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
5f413a505a29ea03c4792323b3c27ac9fbafdfd0b1e2669909109b64b76c8660
kernel-rt-debug-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
a0c3bb9c922ec87c324c4df02011fabb0b8eaf2b8b4a324073c27d5fe278ab36
kernel-rt-debug-core-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
8779a970a4895eac8324a6af97baa666e9d65db219632a3bc390017e03317bd0
kernel-rt-debug-devel-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
0984051db85dcd3f4d9f079cf27fcbec7c44c9058880bde94d32ada3dc352243
kernel-rt-debug-kvm-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
a137f7f47e4ddcc4d0774f13232f35ff83e8f1af63df82141f95b0abb8fd4976
kernel-rt-debug-modules-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
68e66d8eb309b91153bbbbbef50355d764a918699f3ab8d54036f1bb7558e7b8
kernel-rt-debug-modules-extra-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
1a0ca2666a8da6628db0d92f25a4a15e38c4c4550ca1fc7b1360b3c14203a4fe
kernel-rt-devel-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
29942eecd8c51d51404ef8b5da0374f4eaaa48cd7e3768aea3b3a540a1bd8e05
kernel-rt-kvm-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
bea8b249eba43de55166ae5b3966626a657ca3d6c5062ea9d3e8d72e009ceaf6
kernel-rt-modules-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
e0715d8df24665fba635bb39c814e94e065d3cabdff39ee50a1eb060cb62d028
kernel-rt-modules-core-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
34d09150036730776d065f2d8ca52183df1499d4f22388d6c638b335ec00c3d7
kernel-rt-modules-extra-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm
fc759ca2882b77c70138837d16791c0c4c023136c041173400214819488c57fa
RLSA-2023:5091
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)
* kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610)
* kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)
* kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)
* kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147)
* kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)
* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
* kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637)
* hw: amd: Cross-Process Information Leak (CVE-2023-20593)
* kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: update RT source tree to the latest Rocky Linux-9.2.z3 Batch (BZ#2228482)
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux 9
1
Important
An update is available for kernel-rt.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)
* kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610)
* kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)
* kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)
* kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147)
* kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)
* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
* kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637)
* hw: amd: Cross-Process Information Leak (CVE-2023-20593)
* kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: update RT source tree to the latest Rocky Linux-9.2.z3 Batch (BZ#2228482)
rocky-linux-9-x86-64-nfv-rpms
kernel-rt-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
6bbae94a9d3b7b50a9927f8d04442e4b3ad95af1f60ce0ca7d2f0634080c0e25
kernel-rt-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
3b36f33d29499faa4e10c53ccc5d18a9dbe56db9b75c7b053fd503766db64900
kernel-rt-debug-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
0d01c283085f35a114b9fad6c72941fba5e639bf8a41a4ec72a8bd46d54a84bd
kernel-rt-debug-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
3e7c3c19b117f12f28168bd280f3ca79634906dc6cf5c97160795e7985c4e1d0
kernel-rt-debug-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
6ee1c9e5759c9489594284e8327083dccd23f9351084cc57fe73ede3c9133b71
kernel-rt-debug-kvm-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
c6102fc82e51216ea115f6eb8490d3fac4ec79c8a36b1bf3a88abf743ecd662a
kernel-rt-debug-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
7ae835a36bf956fec17589f6cec94b4e765cf6d4d1f5cedbeccff61243c31710
kernel-rt-debug-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
1ea91fb66ee5a733a890d48fb5da533238f15a3f9c4a6142be7baada8ea7d1d1
kernel-rt-debug-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
9c944317b361a3fe0460d1102a7a2eb8114a85f690c60787ee294f1205e094ae
kernel-rt-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
2a69de78cf5788c599917bd6ea7eff236f65ebfd27de94baf4e1553f49b97ebd
kernel-rt-kvm-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
983905758cb27fe1b5cdf371848fd7bd5d5ff44246b7b69cae49525eeea8a965
kernel-rt-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
32887b9b7d12b840cd9188d5694f38e5d2cd51201e06ae01597bf3b7a16b60e9
kernel-rt-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
ea66c9ddaa5f9ce44221bdc2019eedf032b692a3cad971f2e752872d6d72c568
kernel-rt-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
e30eee6cd4b640cdd6c8907048f3ee3065bb2f96a341a2d6aa65f3b8795b539e
RLBA-2024:2111
rteval bug fix and enhancement update
For detailed information on changes in this release, see the Rocky Linux 9.4 Release Notes linked from the References section.
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux 9
1
None
An update is available for rteval.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
For detailed information on changes in this release, see the Rocky Linux 9.4 Release Notes linked from the References section.
rocky-linux-9-x86-64-nfv-rpms
rteval-3.7-7.el9.noarch.rpm
18d4e61ed3779f3bd43d908cd4e6619ee94ca8b8acd15d1e69e6f27ef97c47e5
RLSA-2024:2758
Moderate: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)
* CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-SN-3008,CVE-2024-25742,CVE-2024-25743)
Bug Fix(es):
* ffdhe* algortihms introduced in 0a2e5b909023 as .fips_allowed=1 lack pairwise consistency tests (JIRA:Rocky Linux-27009)
* mm/mglru: fix underprotected page cache (JIRA:Rocky Linux-29235)
* [EMR] [TBOOT OS] SUT could not go to S3 state with Rocky Linux 9.2 Tboot OS One CPU return -16 running BUSY (JIRA:Rocky Linux-29673)
* system hangs completely - NMI not possible (JIRA:Rocky Linux-30678)
* ice 0000:6f:00.0: PTP failed to get time (JIRA:Rocky Linux-30110)
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux 9
1
Moderate
An update is available for kernel.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)
* CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-SN-3008,CVE-2024-25742,CVE-2024-25743)
Bug Fix(es):
* ffdhe* algortihms introduced in 0a2e5b909023 as .fips_allowed=1 lack pairwise consistency tests (JIRA:Rocky Linux-27009)
* mm/mglru: fix underprotected page cache (JIRA:Rocky Linux-29235)
* [EMR] [TBOOT OS] SUT could not go to S3 state with Rocky Linux 9.2 Tboot OS One CPU return -16 running BUSY (JIRA:Rocky Linux-29673)
* system hangs completely - NMI not possible (JIRA:Rocky Linux-30678)
* ice 0000:6f:00.0: PTP failed to get time (JIRA:Rocky Linux-30110)
rocky-linux-9-x86-64-nfv-rpms
kernel-rt-5.14.0-427.16.1.el9_4.x86_64.rpm
70d80881dded2b5c0c29b2e275198e56d7d90778a29d6e8e80c3a1f9d49baa78
kernel-rt-core-5.14.0-427.16.1.el9_4.x86_64.rpm
4d3229f8d3cda4d33fdca9db011aecb1d98188cfff90c67c3033b24583476944
kernel-rt-debug-5.14.0-427.16.1.el9_4.x86_64.rpm
4e359e17e5c1504dd9b3636da82becf748bb9547a4337ed965ba34d89f2ef516
kernel-rt-debug-core-5.14.0-427.16.1.el9_4.x86_64.rpm
6f6ed98c2a4d659ecdf3828b67596bc25738554244eecaa46be4e6eb919fd335
kernel-rt-debug-devel-5.14.0-427.16.1.el9_4.x86_64.rpm
7e654bdc342f15d6b2d2010b9b7cbf4f518f7dfbdfecf676a817a1cfe9e01120
kernel-rt-debug-kvm-5.14.0-427.16.1.el9_4.x86_64.rpm
f7f1a45840605248b5b88d330bff2980efe26e099d281124a1f1c240b05d524c
kernel-rt-debug-modules-5.14.0-427.16.1.el9_4.x86_64.rpm
d3a47c7ea53e2f560bd4edff5197731dbd09f5b06044e82ccb88a7f0b8544bde
kernel-rt-debug-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm
222c5f116b1d0ffd47ca4ed99cb52d3f25627d0f65a9d795413de86ebce3cd57
kernel-rt-debug-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm
c5052c437baec8ccf49155185727ef2e31a44da27c02d685a18aa42459cdd3fb
kernel-rt-devel-5.14.0-427.16.1.el9_4.x86_64.rpm
34a2d319e68ce70e54bc4466c59604838c32ca2350ce2a5fc9afbdb0e1f6cfab
kernel-rt-kvm-5.14.0-427.16.1.el9_4.x86_64.rpm
0fba96c874efc3d651bf8979545c5229de8f93482a6078c3012eb5376abe4091
kernel-rt-modules-5.14.0-427.16.1.el9_4.x86_64.rpm
d29393987377e172a291c42585d37a322efa398bcccf6becc18a9a11a617ec3c
kernel-rt-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm
67e01bf2fbb18eccb8074dc1f56b414b9b474be3cb5a0ae9954020bfe71ced46
kernel-rt-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm
94e8a947c96bdbe305e9a2cb815e0e3b6c9ae777872a0f1c26ab4313d7115c0c