{"id":"ALSA-2024:8870","summary":"Moderate: kernel-rt security update","details":"The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.  \n\nSecurity Fix(es):  \n\n  * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)\n  * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)\n  * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)\n  * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)\n  * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)\n  * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)\n  * kernel: nouveau: lock the client object tree. (CVE-2024-27062)\n  * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)\n  * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)\n  * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)\n  * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)\n  * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)\n  * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)\n  * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)\n  * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)\n  * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)\n  * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)\n  * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)\n  * kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)\n  * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)\n  * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)\n  * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)\n  * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)\n  * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)\n  * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)\n  * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)\n  * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)\n  * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)\n  * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)\n  * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)\n  * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)\n  * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)\n  * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)\n  * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)\n  * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)\n  * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)\n  * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)\n  * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)\n  * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)\n  * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)\n  * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)\n  * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-02-04T02:22:27.218959Z","published":"2024-11-05T00:00:00Z","related":["CVE-2022-48773","CVE-2022-48936","CVE-2023-52492","CVE-2024-24857","CVE-2024-26851","CVE-2024-26924","CVE-2024-26976","CVE-2024-27017","CVE-2024-27062","CVE-2024-35839","CVE-2024-35898","CVE-2024-35939","CVE-2024-38540","CVE-2024-38541","CVE-2024-38586","CVE-2024-38608","CVE-2024-39503","CVE-2024-40924","CVE-2024-40961","CVE-2024-40983","CVE-2024-40984","CVE-2024-41009","CVE-2024-41042","CVE-2024-41066","CVE-2024-41092","CVE-2024-41093","CVE-2024-42070","CVE-2024-42079","CVE-2024-42244","CVE-2024-42284","CVE-2024-42292","CVE-2024-42301","CVE-2024-43854","CVE-2024-43880","CVE-2024-43889","CVE-2024-43892","CVE-2024-44935","CVE-2024-44989","CVE-2024-44990","CVE-2024-45018","CVE-2024-46826","CVE-2024-47668"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:8870"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-48773"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-48936"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-52492"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-24857"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-26851"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-26924"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-26976"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-27017"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-27062"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-35839"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-35898"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-35939"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-38540"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-38541"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-38586"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-38608"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-39503"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-40924"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-40961"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-40983"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-40984"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-41009"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-41042"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-41066"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-41092"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-41093"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-42070"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-42079"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-42244"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-42284"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-42292"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-42301"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-43854"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-43880"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-43889"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-43892"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-44935"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-44989"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-44990"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-45018"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-46826"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-47668"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2266247"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2269183"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2275750"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2277168"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2278262"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2278350"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2278387"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2281284"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2281669"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2281817"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2293356"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2293402"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2293458"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2293459"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2297475"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2297508"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2297545"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2297567"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2297568"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2298109"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2298412"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2300412"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2300442"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2300487"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2300488"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2300508"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2300517"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2307862"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2307865"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2307892"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2309852"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2309853"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2311715"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2315178"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2317601"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2024-8870.html"}],"affected":[{"package":{"name":"kernel-rt","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.27.1.rt7.368.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8870.json"}},{"package":{"name":"kernel-rt-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.27.1.rt7.368.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8870.json"}},{"package":{"name":"kernel-rt-debug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-debug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.27.1.rt7.368.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8870.json"}},{"package":{"name":"kernel-rt-debug-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-debug-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.27.1.rt7.368.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8870.json"}},{"package":{"name":"kernel-rt-debug-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-debug-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.27.1.rt7.368.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8870.json"}},{"package":{"name":"kernel-rt-debug-modules","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-debug-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.27.1.rt7.368.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8870.json"}},{"package":{"name":"kernel-rt-debug-modules-extra","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-debug-modules-extra"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.27.1.rt7.368.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8870.json"}},{"package":{"name":"kernel-rt-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.27.1.rt7.368.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8870.json"}},{"package":{"name":"kernel-rt-modules","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.27.1.rt7.368.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8870.json"}},{"package":{"name":"kernel-rt-modules-extra","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-modules-extra"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.27.1.rt7.368.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8870.json"}}],"schema_version":"1.7.3"}