tuned bug fix and enhancement update

RLBA-2022:7747 tuned bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for tuned. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms tuned-profiles-nfv-2.19.0-1.el8.noarch.rpm 86ca34a82e732f2ef50e28549a9759a26a57fcec4da513121a75b5c56b1528ea tuned-profiles-nfv-guest-2.19.0-1.el8.noarch.rpm 36ad8702f7acdda780adde631e9ddf195cfa7d4e216beb9e8d1558e40af5e9e3 tuned-profiles-nfv-host-2.19.0-1.el8.noarch.rpm 7cf4000a586465fd298c2b8dd0d4be887221ff97ffd8ff78d7328cb679b6d661 tuned-profiles-realtime-2.19.0-1.el8.noarch.rpm efdca8c4da0e585989b713b26d1fe20cefcd4f576e5f42dacf6b50bf55674609 RLSA-2022:7444 Moderate: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) * Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558) * use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640) * Memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002) * smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168) * NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617) * swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854) * Uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016) * Race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055) * use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184) * NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852) * buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078) * nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586) * openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639) * use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938) * net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368) * possible to use the debugger to write zero into a location of choice (CVE-2022-21499) * Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * Memory leak in drivers/hid/hid-elo.c (CVE-2022-27950) * Double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390) * Use after free in SUNRPC subsystem (CVE-2022-28893) * use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581) * DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946) * nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) * Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558) * use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640) * Memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002) * smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168) * NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617) * swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854) * Uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016) * Race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055) * use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184) * NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852) * buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078) * nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586) * openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639) * use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938) * net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368) * possible to use the debugger to write zero into a location of choice (CVE-2022-21499) * Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * Memory leak in drivers/hid/hid-elo.c (CVE-2022-27950) * Double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390) * Use after free in SUNRPC subsystem (CVE-2022-28893) * use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581) * DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946) * nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm ac47b7b84a125e963c6eee8553303b58c12decafe9af2ace64a8db6a03f2d598 kernel-rt-core-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 5a50d0b2efae91f9161d4b74ad82acf22f82a51f8f6a1ba55c76e08f8981dada kernel-rt-debug-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 82f79eb68df1b991991d43d82076845c07a4f3dc5c89e1b2afc85707a2202b8b kernel-rt-debug-core-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm cb1bdce926b21d79cb17ec390fb3fc6cf985184effa06b804efbf6c52b05cd01 kernel-rt-debug-devel-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 54752dc97e8b9a6464688730cf3b964a143b2276ce378648c07e288eccc5cccf kernel-rt-debuginfo-common-x86_64-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm a6042a61e450115260c0136f300d7ad0372f7dfa4928ef2df2d233c79cdf5b48 kernel-rt-debug-kvm-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm a42f755741f9f40ea5d314ada223602a3a3fd9fb8b34ca56bbb92d18ca45d614 kernel-rt-debug-modules-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm f8bdfcc81e1660a90415fa3bfa6ab580f7bf2414f0bcfeef36f4696d1cc86ec1 kernel-rt-debug-modules-extra-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm db78b923643a96642b20b51994234175bffe2fc24f528edfee3cd825012ffda9 kernel-rt-devel-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 840d8b2c07bfd25ed9d0c6620eb11387fc606e04aa4097b293c74b94bc148cfa kernel-rt-kvm-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 268179f85d0f67cfc7d0e0d3fca536e3a15d7cfb1f4a180e6aaa97fdd0d74f33 kernel-rt-modules-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 52ee49b34ec4de2a5b3c9943d6bd95a5a58787f104ee8c9e12bed53c3324b957 kernel-rt-modules-extra-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 47790e8e3fbc64355aca26f537c0e8c5e34bf462d4cc7f29d158fb671773f562 RLBA-2022:7446 rt-setup bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for rt-setup. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms rt-setup-2.1-4.el8.x86_64.rpm 1a7e073aaba75a6adf07c8a7ea2b3b31e09ee6cd57f56a687e3ea08ae7cceac3 RLBA-2022:7451 rteval-loads bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for rteval-loads. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms rteval-loads-1.6-2.el8.noarch.rpm fd6a359b49d57b464d5d601ce9b70b700c39336cb00346b391866c318c6527dc RLBA-2022:7452 rteval bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for rteval. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms rteval-3.4-2.el8.noarch.rpm e555d4c62468eb8667f11fd720aeb5b38c527449ebe16ba27c4e23c2e8734924 RLSA-2023:0114 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The latest Rocky Linux 8.7.z1 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2137411) * [DELL EMC 8.6-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139867) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The latest Rocky Linux 8.7.z1 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2137411) * [DELL EMC 8.6-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139867) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 98837004fbf61990c3c258ca76621765340b070fb1bd7ac37fbddd49744d93bd kernel-rt-core-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 224da004e6aaf7dc7bd6cf5f2402bbddae5dda809f16df38930fb8c94f78fd29 kernel-rt-debug-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 009f0969a4f571b8944fbcfc0d8934f7c7660b2bb5d51ffb2c31d771db76eada kernel-rt-debug-core-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm a5e3c763edd5d21e3e50802a55125a3aa5e2263d0448a45bc19c4053206874f7 kernel-rt-debug-devel-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 29a5ca819c20ab5a9a73ef8ce13ffef39149c43bb8bfaf30724b85d426e9f11a kernel-rt-debuginfo-common-x86_64-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm fe4a8abeeb99a3bca57be9fbbda5a2c8763b27c82e00f8a7a10f4011f33edad6 kernel-rt-debug-kvm-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 86061e95640d926c5b07dacf7d683b7816fe5d84af428df0106f4814485ef907 kernel-rt-debug-modules-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm ed274022c1b74d6398b1c29f4b8319786750c160194699360e27dc53dc5e3707 kernel-rt-debug-modules-extra-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 0b4fa7b23831278421f4786ca058e45796e50f3c0dac645b22b1968117691cf9 kernel-rt-devel-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm c7cc44181eb945a901256dd628ce8920dbdfcc0c6b28299a0b1c86389c1e00a2 kernel-rt-kvm-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm a138af746550b98f37ff2d961ecb148fa17646e25deb0450ae950244d91c247d kernel-rt-modules-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm a0ede768e0052c07cb523dfaaeaae6c2e986c5f6370f557882cda900417f1747 kernel-rt-modules-extra-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 3a2442fb615e30a862cf7f234fb9eccb1027d3b89fdfc7f9d2802823e5e235ad RLSA-2023:0854 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rocky Linux8-RT: Backport use of a dedicate thread for timer wakeups (BZ#2127204) * SNO Crashed twice - kernel BUG at lib/list_debug.c:28 (BZ#2132062) * Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel [RT-8] (BZ#2139851) * scheduling while atomic in fpu_clone() -> fpu_inherit_perms() (BZ#2154469) * The latest Rocky Linux 8.7.z2 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2159806) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rocky Linux8-RT: Backport use of a dedicate thread for timer wakeups (BZ#2127204) * SNO Crashed twice - kernel BUG at lib/list_debug.c:28 (BZ#2132062) * Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel [RT-8] (BZ#2139851) * scheduling while atomic in fpu_clone() -> fpu_inherit_perms() (BZ#2154469) * The latest Rocky Linux 8.7.z2 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2159806) rocky-linux-8-x86-64-nfv-rpms kernel-rt-debug-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 55d2a52a1b9053b65f2887dddefc050bdd47a094ef0d45b4b52d76c75c926441 kernel-rt-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 66beae40fdd3d6eeb1ac78c9dfbd82c0c0662c95dc24e7cc040e65e85082020b kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 8deee5253fd69d6bba5b9dae8ad04b067ba8448c676aa7f662a423945180ecdf kernel-rt-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 2d9357435ac92d399bd7e45fd84a6fdac410a10eed12719eac21911820e0af02 kernel-rt-debug-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm e95ab30ddb98c3a067f4eb95f3ef47b87c5eb19c52b36665d0931705b63d3072 kernel-rt-debug-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 3a835595e101239b195de8dee8e3e3705d1c7c81114100942156d876b0575a46 kernel-rt-debug-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 4952b7809aac5cb08b1384faa98323765b4de5cd98bdc2064485557e380fd524 kernel-rt-debuginfo-common-x86_64-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 4bf16fd0892c83afe0916ba53d442705612f957f084210c9301e24c29fd55bcb kernel-rt-debug-kvm-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm ffaa40a00d274b396d86ea38a51ccde60274447c57175de78902082572596b14 kernel-rt-debug-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm a89780ec403bc35d02245126d9f1401250d1d031d0658a21da67842a96d5a8fb kernel-rt-kvm-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 15dcae4095d1ec7757c346b72639217a15dc9f8d68712cf19d9b14a55f6f460a kernel-rt-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm b5b5d680e48da72ac6d3b6880c6b8c4281fdd31ae984b4eb28c6d5b4ea950ff2 kernel-rt-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 43c89c09b51f0ebb311f3f11ed722bd4cbce453263e3c798d0f28f786655a899 RLSA-2023:1584 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) * kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386) * kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Lazy irq_work does not raise softirq on PREEMPT_RT [rhel-8] (BZ#2172163) * The latest Rocky Linux 8.7.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2172278) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) * kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386) * kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Lazy irq_work does not raise softirq on PREEMPT_RT [rhel-8] (BZ#2172163) * The latest Rocky Linux 8.7.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2172278) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 7e964af3b334e7871de46b265616fceae25ef4d05c0dc476a190fc6dda3c549e kernel-rt-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 16d16895a6cfec9c58d2acc60cb3a3f3d76ac146a1f44f9fd3a34d9664f668c3 kernel-rt-debug-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 26fca3a909b586ffccfad0072d9c09fc98ce2643cfb50bd4fba6224acc4f6cb2 kernel-rt-debug-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 41e93ad64385756dd514f9d40d3fe5344b10708cf15f835bf9ed1078a3dfc4d8 kernel-rt-debug-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 729df8c4a17459d7e195fb7d098c8bd75f6ba5356d32b4088fdea023d3e71274 kernel-rt-debuginfo-common-x86_64-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm b1bff356f7b4cd88ff00ab88e511c338c6de13180a52e633903667e3d5666b26 kernel-rt-debug-kvm-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm cd705a46d4b640260822b3e97caa1c335863ba63bf23c5ecddaad4ff97434208 kernel-rt-debug-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 38a0b8d18a1a2619d3fc5394ca810c1b8ab03cbd73c6ffd9069c3521a39ffff6 kernel-rt-debug-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm a7078a38162abe34d88e60aefdacfaf5e394fa1a21af124db6e563a1fd82bcd8 kernel-rt-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 6e586e11e590985563dc555b4e19649fc82e09e03f62cbb4e59dd08ef34c9b5e kernel-rt-kvm-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 332f46f24394803cd09f3b821fc7ef2017238bd297efebf76113673e0bd52665 kernel-rt-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 6ff2d97ff03d015f08f4bd9b56e43a7a2d7247b3712f2929df4c8c5bd16dd27a kernel-rt-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm e1d6967409817f9f608afe9c1a27221fca489db4f9e0a4f670844f3d42a8d23d RLBA-2023:2737 rteval bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms rteval-3.5-4.el8.noarch.rpm 43c5eb5d7b03af48421271da71487de2933198fcf819ac34ccbf0c10d8a78e90 RLSA-2023:3350 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * smpboot: Scheduler frequency invariance went wobbly, disabling! (BZ#2188316) * Crash: kernel BUG at kernel/locking/rtmutex.c:1338! (BZ#2188722) * kernel-rt: update RT source tree to the Rocky Linux-8.8.z0 source tree. (BZ#2196667) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * smpboot: Scheduler frequency invariance went wobbly, disabling! (BZ#2188316) * Crash: kernel BUG at kernel/locking/rtmutex.c:1338! (BZ#2188722) * kernel-rt: update RT source tree to the Rocky Linux-8.8.z0 source tree. (BZ#2196667) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 2d44a0f05a2c1a559a044443dae2c838a739376e55dec109801d27fb4e8afcad kernel-rt-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 23857a3b1afe803bba7353650a56a348c0735162876d82bc4bfc20322238ae13 kernel-rt-debug-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm b42c757bcd61e1af663a6bb9544477aa4a58582f17a447cd8c8a009cddd983df kernel-rt-debug-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 74fe95880861c25a4ab7700838f4cd945917bd7fb98ffeefcf618ce78e3d9021 kernel-rt-debug-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm bac46a90a97c28aae36caec7a42e4e8b4828422c76b9f2426f5530fc7a595d55 kernel-rt-debuginfo-common-x86_64-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 84135da094ee70e4aedc54c2fe1e9313dfc71b480cbe00a06c0abe061f8a4949 kernel-rt-debug-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 18bf49f180cc1798610a6db203ccd5821674139e5ca3bcd48f189be48e20361a kernel-rt-debug-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 325ca335098d840eab695f800772a88de2f07b5d4233ab76ea1ba659f7d34a95 kernel-rt-debug-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 29ee95a669b0f4b5e1f6ef197454dcfec78f07be64200b25f3625030be41f0d2 kernel-rt-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 03790343af8b3b3509fa613a4de922c1f9b92c4d9bb5153f0656d30acd34326b kernel-rt-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm bd0a517dc2dfdce2eb129836b777985cee8dae5a3dd4cf4dad8418f4b7ee0f0e kernel-rt-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm a21baf5e3655503afa097c501a9d1192743aa72cebd6a5d8dde75e851039077f kernel-rt-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm e3588eda0958c08663fdc2b2b70c98d646bea869a530690750c690d74af6f9d4 RLSA-2023:3819 Moderate: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the Rocky Linux-8.8.z1 source tree. (BZ#2210299) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the Rocky Linux-8.8.z1 source tree. (BZ#2210299) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm d24fc773437547a64dfd3d36db425eeb175b0489c6d7f88e3051ab82235afa5d kernel-rt-core-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm c1ac0eca67a90af2da6f4005c11e0bdbe2e5faa43eacce83cdcabc4e26a665af kernel-rt-debug-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 67423ebbb480d8603c784cc67c4d27b5803e28d9f13dd98d2d49bdb428edc1c6 kernel-rt-debug-core-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm d1ec8217ce82d8080633d8776837fb6fe19cee6e48221a57d41352fed844fae4 kernel-rt-debug-devel-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 9e636971a242782198130b71d12240c8fcfb50bc55e7bfd5caa9f8d0c6816202 kernel-rt-debuginfo-common-x86_64-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm acc482e3ebb05f16b3e61ac85cd2ec0e162da4b16d7af2e7a151d2a44ba76cbe kernel-rt-debug-kvm-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 2a297326cc41502f04ee049df73ca0379968178ddd31397a12ad5f559bbf5a54 kernel-rt-debug-modules-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 4743bec3da0524d6757bfa641b76f95c6d8a5aed11272349f040084330f6a80e kernel-rt-debug-modules-extra-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 60c2920288f89fbdc8631ae475b44498f6f82e9899eb79fabcc012416938df0c kernel-rt-devel-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 4448a067af1ce7ed90954a00da74546a99a59acda696d30a2d141029081f6817 kernel-rt-kvm-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm a281aa10f9e73a08f3796bc3ffd79ac49ab6c14280b9455e8595b8f9114d3c91 kernel-rt-modules-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm f0d363491715bfa792e0263f27a26f5f94a83e158f0a762ca78f4b0bbab71748 kernel-rt-modules-extra-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 55773582e5cd7a056cdd8cee503a9bdc7591b6a361dea695b4ba89fd95da4183 RLSA-2023:4541 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896) * kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281) * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829) * kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235) * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124) * kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Addding the building of i915 driver to 8.8 (BZ#2208276) * kernel-rt: update RT source tree to the Rocky Linux-8.8.z2 source tree (BZ#2215026) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896) * kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281) * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829) * kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235) * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124) * kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Addding the building of i915 driver to 8.8 (BZ#2208276) * kernel-rt: update RT source tree to the Rocky Linux-8.8.z2 source tree (BZ#2215026) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm b78833168c9dc6bd30806094cf8ca50b297e35a6b06776939792cf79e93a743c kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 33af774ca40fe5dd838ba0e0446f52d1f51c36585f1c5bb679f3a5da10e4abc2 kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 48d0cc9c2dadb2f4d7abeb3389dfce1ae3a179203cd572b0085ef550589b141d kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm ba8c040837bd475430ddc7c504061537ad1ccb5e16daf97a34daf25ae9878705 kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 25367a3b62df9760649b88dd6ad75122c2d17fb46ca3ba91a029ba15280b4525 kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 370c86a878367b48d8b36e7b135f79b771109353dcfa64d14aee28f620044bc1 kernel-rt-debug-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 2da539b476fa34bd1569e01fb2ad3677ada5ec85ccb9ca16fe98df2930291b67 kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 55797a7004b8c5dec8786d20ee784df66067e27a23a6f55716afef9e596a5777 kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm fb8682c84d10dccc7329849ce5eb26cf575b3b4cd54d30912ce96216cc273709 kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm a2c54243a3be2ef32460177afa685e01180c3f1e1ab6e36cb502b3f0bb18206a kernel-rt-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 34327d84cc21239954dfbd52ee667775967ef567bc37ccfaf2126250708661a5 kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm d2b3e1d2773e1c4b762e58db28a3e2acba6bc2c5cb5fa773f0fadc8af5459ed3 kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 0e3d1913711124eb45c459eb863a458a6dcdc7c30c78d7a337328c4233e1e570 RLBA-2023:7182 tuned bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms tuned-profiles-nfv-2.21.0-1.el8_9.noarch.rpm ad21e4d53dd001d26ed1423b5031623c2ac01a4fa3dc90eeed3b42774c319cbd tuned-profiles-nfv-guest-2.21.0-1.el8_9.noarch.rpm 678f59c6dc23b13a9a503da1079f1699d690e48fedea5ec3c7dd57715d298b22 tuned-profiles-nfv-host-2.21.0-1.el8_9.noarch.rpm aad0405021e2739c352a78bb4a92f34c9c88dbc41a8e25dbee2e9a1a93f8e82f tuned-profiles-realtime-2.21.0-1.el8_9.noarch.rpm a5f7e7f0a38942418d58d3187c5e416f9fc8b9a1ddc72134afa055e0c5d03779 RLSA-2023:7548 Important: kernel-rt security update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163) * kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812) * kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178) * kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884) * kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886) * kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919) * kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163) * kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812) * kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178) * kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884) * kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886) * kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919) * kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm e135b78cc5d5b1951441bf0da72bb9ddfa5049b2056e67ddaf45a5d105053d34 kernel-rt-core-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 6248b2e7f7efdde134d59320f2b98c6aea884739b4a34e3eaa9c7f4b308ba1a9 kernel-rt-debug-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 7f79f10e9714918974cdbdf0a1f994998d6fb9f4cc75c7c3bc3c46818069fe01 kernel-rt-debug-core-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm fa4aaca964c04a4c1903d8f597684f9dbe72e2e1babe6b5b23bff2dfbd95623e kernel-rt-debug-devel-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm a7fe83a2de5545023a10ff0fbd0b571b389fc2090dae50027d976646b9b42f8c kernel-rt-debuginfo-common-x86_64-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm ffc551782cf5548bd7188a92741c306e35dfb72a4e4d6626b9d7cfeb6b6dd3ff kernel-rt-debug-kvm-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm baa07d609c281f7b7c71fb26d25d0267eb9a78b370f5d19bc3c50a9623990078 kernel-rt-debug-modules-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 140e0c56c2594723d38e3909b4beb112cc46795a50f42e9906987d93021b12e1 kernel-rt-debug-modules-extra-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 9b463fb7e6f36d497f89ab3269c7fb6112857432eec1774fb233091d942523e8 kernel-rt-devel-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 50bbc409e41eebb0c29565ca7f3e9dc791f01b9e8dc50f06137c1b5cf3b3ea7a kernel-rt-kvm-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 272756e8b3bc6953603869e6b6ea39f8d77c1a1426d49857305e61c5cfec1b4b kernel-rt-modules-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 0692a90c35f0cdccf32586bf835151b42be3ebcb5d6953a139eedfa4a56ad024 kernel-rt-modules-extra-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 06aa39a027d0d7b0fe5ec8e8b5529eda35880fce49480012fb2c10642997e125 RLSA-2024:0134 Important: kernel-rt security update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use after free in unix_stream_sendpage (CVE-2023-4622) * kernel: vmwgfx: reference count issue leads to use-after-free in surface handling (CVE-2023-5633) * kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753) * Kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162) * hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-8.9.z1 Batch (JIRA:Rocky Linux-17347) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use after free in unix_stream_sendpage (CVE-2023-4622) * kernel: vmwgfx: reference count issue leads to use-after-free in surface handling (CVE-2023-5633) * kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753) * Kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162) * hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-8.9.z1 Batch (JIRA:Rocky Linux-17347) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm 985ee9d5d8ba3b7c01dd8a7440dba5bac6b89be1aae9678a1d7120850453c51c kernel-rt-core-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm 8a6d862549a3f9652150d7a7423c5acf039b210d55bb8d02dbdfb0a2643001e3 kernel-rt-debug-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm 17f34325fdf9d725e50a0ab8afc709e3b8263f1348459bc9ea38238e39a4880a kernel-rt-debug-core-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm f2659d3bd521f7d3e7f8dbb05d952d931cc71d6b462a02ff17ae17e27bc30f0f kernel-rt-debug-devel-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm 7613323de71b2eca056ed5e1ba109d896b0539b6d9615a1edfc82dc4a515e722 kernel-rt-debuginfo-common-x86_64-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm 4e0cce4ef6e29c45355e0da918d85612f321b911e221cf0ea79c605edb8997c2 kernel-rt-debug-kvm-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm 5e3a9974d3b57d7d368ab88b070308eddf4062f45ae78488b83bdd7e58af1411 kernel-rt-debug-modules-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm 9e63b552145b8af0c556cb4cbc5ff79bd10552065af13293de7957fae3ef3257 kernel-rt-debug-modules-extra-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm d9be1e661aee0e17a7a7d0bc93f7b6c692f856d271e95547794b04cd9ec6b81a kernel-rt-devel-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm 84f9cc93d4e52c8e14fb5b3266379a024251554cd48a8be01da80474fb5f6008 kernel-rt-kvm-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm 3914acb53ef7b6581541cee722f6acc90c66219ba2b3014e0faf9cd2f9eac50d kernel-rt-modules-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm a5ad4a61cfdb625acf86591d44ad1204846e2e7e54588c35e409e0d808bf3a5e kernel-rt-modules-extra-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm 540e8e538b246156e2d916a6247d7d60350d75e4dbd4ee1b837ce9bc406a7b04 RLSA-2024:1614 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931) * kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-8.9.z3 Batch (JIRA:Rocky Linux-23853) * kernel-rt: kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux-24015) * kernel-rt: kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux-22758) * kernel-rt: kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux-22080) * kernel-rt: kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux-22933) * kernel-rt: kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:Rocky Linux-24498) * kernel-rt: kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux-19966) * kernel-rt: kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux-26334) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931) * kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565) * kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042) * kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631) * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-8.9.z3 Batch (JIRA:Rocky Linux-23853) * kernel-rt: kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux-24015) * kernel-rt: kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux-22758) * kernel-rt: kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux-22080) * kernel-rt: kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux-22933) * kernel-rt: kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:Rocky Linux-24498) * kernel-rt: kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux-19966) * kernel-rt: kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux-26334) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm 17ad25c80ef2a7acdb5d6de8bbe8ae63ec6a8ea31f48b12ecfa945b06d40c5e0 kernel-rt-core-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm 8beab3c2aed5ea26344cc9a1da497eb3cbf5158a252cdd92f6a8c4cc7e0bd0c0 kernel-rt-debug-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm 45e4455f561fef0efd015e72024467d7ca63c1ad0cb96dc2fb5477701985b0e0 kernel-rt-debug-core-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm 2c239c47703cdee21a109ccdb5a58f3d3313b964fca24b0b9fefe423f3b3f970 kernel-rt-debug-devel-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm ea30f591375fa59ec203b04e225e511eb04c7412df6c8571ef5d22389cab6efc kernel-rt-debuginfo-common-x86_64-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm fe60014956b2c91db49fff1196f946009c191a51c253213a305ec97ff2d8b0fb kernel-rt-debug-kvm-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm 9cb307ec08b6c3c05e766cf303fdb158d4708ea0a3f59c21d3f14b583f148323 kernel-rt-debug-modules-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm 579d3f659744d3e8ba155604563aa164d6e224647ec2c4acb5df41e6150b0813 kernel-rt-debug-modules-extra-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm 2bf3aa7adbf65ac4297efc1bea126d334416b0d68b81e579695a7e7f701a3811 kernel-rt-devel-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm 3bf353d6dbe647535bea672363934e995aa51f39bffa5e1afca3b8bb30406d20 kernel-rt-kvm-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm f9866581ae38c161b3a1f5320d6763f80ffe4ae6707f15cd4064011dfab4bc76 kernel-rt-modules-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm 2a66fc62bacaa96515d3b025ff70980466c2ce81228a5e8da594eb56b075c44d kernel-rt-modules-extra-4.18.0-513.24.1.rt7.326.el8_9.x86_64.rpm ec86751b198229f2ebfd1ee2eac86ddc37372b69fe4c5da2d1df46a157f558d4 RLBA-2024:3221 tuned bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms tuned-profiles-nfv-2.22.1-4.el8_10.noarch.rpm d71970a98add8b58d9bfb61990e6bf813b44fe29b1cffe5134337831423f8bcc tuned-profiles-nfv-guest-2.22.1-4.el8_10.noarch.rpm ed1f30566f607bd81854b7427e50ab31d2ef964645d536895bb62ae7ff8bf452 tuned-profiles-nfv-host-2.22.1-4.el8_10.noarch.rpm ca44b9f4f7f83425af3da3ee75c47d4f692cb859c1e664e7c29395f0004846ba tuned-profiles-realtime-2.22.1-4.el8_10.noarch.rpm 87a082d7befe600da4ccda93d71c5735c671a0eb4d491fde954ef1601f8aeea8 RLBA-2024:3381 tuned bug fix update The tuned packages provide a service that tunes system settings according to a selected profile. Bug Fix(es): * tuned-profiles-sap needs an update for vm.max_map_count [Rocky Linux 8] (JIRA:Rocky Linux-32124) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

The tuned packages provide a service that tunes system settings according to a selected profile. Bug Fix(es): * tuned-profiles-sap needs an update for vm.max_map_count [Rocky Linux 8] (JIRA:Rocky Linux-32124) rocky-linux-8-x86-64-nfv-rpms tuned-profiles-nfv-2.22.1-4.el8_10.1.noarch.rpm 16d7942523b3fc4e1ac9840b4709097ee6729c87ab2eac75160153c3f17da588 tuned-profiles-nfv-guest-2.22.1-4.el8_10.1.noarch.rpm 54b3aa77fd0e84c7cf2d0b85e22db39cd8e3afba4a4a12488c5818fe9f7bfd26 tuned-profiles-nfv-host-2.22.1-4.el8_10.1.noarch.rpm 26bd8d4b0dd39b115d816747edff48bdc74bb78ddca49ccdedc0daaed965ec7d tuned-profiles-realtime-2.22.1-4.el8_10.1.noarch.rpm b67153e0f9b4eb9cd1f91d575bbe1ae51178ecda9ae099221b0351d7176f620b RLSA-2024:2950 Moderate: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-553.rt7.342.el8_10.x86_64.rpm 3305d34f9e9580d5c8d2ef45e439db3bc231b6af249fd4ddfd874ace6126451a kernel-rt-core-4.18.0-553.rt7.342.el8_10.x86_64.rpm 8bd0c6e3b4326605503ce4f42d4762f78983019cf72167b505a963f0402981bd kernel-rt-debug-4.18.0-553.rt7.342.el8_10.x86_64.rpm b8844fdf1a6be0f76992e6c7c8e7b305f24006a7fbdd62b4a77accabe7e86efc kernel-rt-debug-core-4.18.0-553.rt7.342.el8_10.x86_64.rpm 9263a9ccc7500d117bbda2a11c66c8b664e4bc664062efbca2a511d71009fc58 kernel-rt-debug-devel-4.18.0-553.rt7.342.el8_10.x86_64.rpm 3fb6d56df0a8eb80fd051f2a8074331c1c8d3235cdfd9b38b1cbd530b7302cd0 kernel-rt-debuginfo-common-x86_64-4.18.0-553.rt7.342.el8_10.x86_64.rpm be12a676eae7fe5d313890f43b9a68570f7d99b644f9b5205519388f54b0f324 kernel-rt-debug-kvm-4.18.0-553.rt7.342.el8_10.x86_64.rpm 50b9a36355b95b34401a7338a5ffe3dab277cfac6bfb02c751942042ca2fbae5 kernel-rt-debug-modules-4.18.0-553.rt7.342.el8_10.x86_64.rpm 87ce743dc78253377dfe51ae4a99ac7d0cd15bc35a9c98b9f8c1159d65ca1ba5 kernel-rt-debug-modules-extra-4.18.0-553.rt7.342.el8_10.x86_64.rpm 68b486944d709dfc97d7c3b4a1b8565697ff135f3aa01fa97ede8352986d8e5c kernel-rt-devel-4.18.0-553.rt7.342.el8_10.x86_64.rpm 0a3b54e506f9a791351d2ded72c3a10da1df2f551f9a104c7e4beb146172a392 kernel-rt-kvm-4.18.0-553.rt7.342.el8_10.x86_64.rpm 2afa182354ad2dbf83b65fba311e8052ebc2570934be83ea3a3efd639ecbd3ba kernel-rt-modules-4.18.0-553.rt7.342.el8_10.x86_64.rpm 978424a079bb5e95fccbf1885ce314421a7a358f1f4e71f1b3951dde92095e3f kernel-rt-modules-extra-4.18.0-553.rt7.342.el8_10.x86_64.rpm 596921d1d1474386a469d008b31ac04e5d729227ff48c70bd94358c753fd273f RLBA-2024:2951 rteval bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms rteval-3.7-4.el8.noarch.rpm 85605d352f637e0d23f26f34fea35556eccbcca4bff827195b74897f5570f577 RLSA-2024:3627 Moderate: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) * kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744) * kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593) * kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445) * kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever (CVE-2024-26603) * kernel: use after free in i2c (CVE-2019-25162) * kernel: i2c: validate user data in compat ioctl (CVE-2021-46934) * kernel: media: dvbdev: Fix memory leak in dvb_media_device_free() (CVE-2020-36777) * kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors (CVE-2023-52477) * kernel: mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055) * kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump (CVE-2024-26615) * kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627) * kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307) * kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu() (CVE-2023-52565) * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578) * kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (CVE-2023-52528) * kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520) * kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513) * kernel: pid: take a reference when initializing `cad_pid` (CVE-2021-47118) * kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610) * kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643) * kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642) * kernel: i2c: i801: Don't generate an interrupt on bus reset (CVE-2021-47153) * kernel: xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659) * kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664) * kernel: wifi: mac80211: fix race condition on enabling fast-xmit (CVE-2024-26779) * kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter (CVE-2024-26744) * kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743) * kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (CVE-2021-47185) * kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901) * kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872) * kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919) * kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964) * kernel: USB: core: Fix deadlock in usb_deauthorize_interface() (CVE-2024-26934) * kernel: USB: core: Fix deadlock in port "disable" sysfs attribute (CVE-2024-26933) * kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) * kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973) * kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (CVE-2024-27059) Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-8.10.z kernel (JIRA:Rocky Linux-34640) * kernel-rt: epoll_wait not reporting catching all events to application (JIRA:Rocky Linux-23022) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) * kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744) * kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593) * kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445) * kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever (CVE-2024-26603) * kernel: use after free in i2c (CVE-2019-25162) * kernel: i2c: validate user data in compat ioctl (CVE-2021-46934) * kernel: media: dvbdev: Fix memory leak in dvb_media_device_free() (CVE-2020-36777) * kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors (CVE-2023-52477) * kernel: mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055) * kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump (CVE-2024-26615) * kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627) * kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307) * kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu() (CVE-2023-52565) * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578) * kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (CVE-2023-52528) * kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520) * kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513) * kernel: pid: take a reference when initializing `cad_pid` (CVE-2021-47118) * kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610) * kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643) * kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642) * kernel: i2c: i801: Don't generate an interrupt on bus reset (CVE-2021-47153) * kernel: xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659) * kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664) * kernel: wifi: mac80211: fix race condition on enabling fast-xmit (CVE-2024-26779) * kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter (CVE-2024-26744) * kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743) * kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (CVE-2021-47185) * kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901) * kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872) * kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919) * kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964) * kernel: USB: core: Fix deadlock in usb_deauthorize_interface() (CVE-2024-26934) * kernel: USB: core: Fix deadlock in port "disable" sysfs attribute (CVE-2024-26933) * kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) * kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973) * kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (CVE-2024-27059) Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-8.10.z kernel (JIRA:Rocky Linux-34640) * kernel-rt: epoll_wait not reporting catching all events to application (JIRA:Rocky Linux-23022) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm b14af969bbede06dd2a83cb4ab49fc2bd3979ee3f1900e3b2f2be4be89058bb1 kernel-rt-core-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm 32f82e705947290f3618c04a9c86f9c42d29b8a7276cd71fe8eadfd5d00fe372 kernel-rt-debug-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm 6e8f5fec6b537dc2f40b7b016ded8cc3857985612a3fea979f25198b1b79ff9d kernel-rt-debug-core-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm e79429345ccd988247f4cb012c50a1fa502731f33fa166a270b9eb78045c5282 kernel-rt-debug-devel-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm 281600e28deb85f4c950639bc4b81c9b59560e73422d3a991701d1ac105296eb kernel-rt-debuginfo-common-x86_64-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm b19f5f53f8066dfb96e6969c002182d86ff5d6a66c2a12d7a66d4b19e2a3270b kernel-rt-debug-kvm-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm 1182866c06eb81a3aa1e1ce789f512f0fb2b1048637a064be8a8297a96d7a029 kernel-rt-debug-modules-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm a9dcaffbc7b33d13a7e17c4c4ea6464446b31005a6e41bd3039af3df305cdb1a kernel-rt-debug-modules-extra-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm 595efcd5fc89abcb68fbb1b7b4e5187d10638a3d74982c30dfe36ca408daff6d kernel-rt-devel-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm 03127f84fef09e0cc1a3d9681cf03b30bc28df4631754d5fb9e9f57ad726b3f2 kernel-rt-kvm-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm 9bd77f69016b7296fc22879aadf19f30a19530a2fc3a8031e1e3429596c87f6b kernel-rt-modules-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm dee9a50ec18ba52f3925266a1bdf7b0c6d2770d2048fae77ff64155a1c5c6003 kernel-rt-modules-extra-4.18.0-553.5.1.rt7.346.el8_10.x86_64.rpm 723eb2f55e0a66945c8557c45c26b43575f84dbad1683d00fb18c2dc58d2f373 RLSA-2024:4352 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: tls (CVE-2024-26585,CVE-2024-26584, CVE-2024-26583 * kernel-rt: kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909) * kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069) * kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615) * kernel-rt: kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656) * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset CVE-2024-26801) * kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) * kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397) * kernel: wifi: mac80211: (CVE-2024-35789, CVE-2024-35838, CVE-2024-35845) * kernel: wifi: nl80211: reject iftype change with mesh ID change (CVE-2024-27410) * kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835) * kernel:TCP-spoofed ghost ACKs and leak initial sequence number (CVE-2023-52881) * kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555) * kernel: ovl: fix leaked dentry (CVE-2021-46972) * kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073) * kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560) * kernel: ppp_async: limit MRU to 64K (CVE-2024-26675) * kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759) * kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907) * kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906) * kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804) * kernel: net/usb: kalmia: avoid printing uninitialized value on error path (CVE-2023-52703) * kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090) * kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464) * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) * kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826) * kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859) * kernel: crypto: (CVE-2024-26974, CVE-2023-52813) * kernel: can: (CVE-2023-52878, CVE-2021-47456) * kernel: usb: (CVE-2023-52781, CVE-2023-52877) * kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667) * kernel: usbnet: sanity check for maxpacket (CVE-2021-47495) * kernel: gro: fix ownership transfer (CVE-2024-35890) * kernel: erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888) * kernel: tipc: fix kernel warning when sending SYN message (CVE-2023-52700) * kernel: net/mlx5/mlxsw: (CVE-2024-35960, CVE-2024-36007, CVE-2024-35855) * kernel: net/mlx5e: (CVE-2024-35959, CVE-2023-52626, CVE-2024-35835) * kernel: mlxsw: (CVE-2024-35854, CVE-2024-35853, CVE-2024-35852) * kernel: net: (CVE-2024-35958, CVE-2021-47311, CVE-2021-47236, CVE-2021-47310) * kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004) * kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356) * kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353) Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-8.10.z kernel (JIRA:Rocky Linux-40882) * [rhel8.9][cxgb4]BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/54735 (JIRA:Rocky Linux-8779) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: tls (CVE-2024-26585,CVE-2024-26584, CVE-2024-26583 * kernel-rt: kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909) * kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069) * kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615) * kernel-rt: kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656) * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset CVE-2024-26801) * kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) * kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397) * kernel: wifi: mac80211: (CVE-2024-35789, CVE-2024-35838, CVE-2024-35845) * kernel: wifi: nl80211: reject iftype change with mesh ID change (CVE-2024-27410) * kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835) * kernel:TCP-spoofed ghost ACKs and leak initial sequence number (CVE-2023-52881) * kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555) * kernel: ovl: fix leaked dentry (CVE-2021-46972) * kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073) * kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560) * kernel: ppp_async: limit MRU to 64K (CVE-2024-26675) * kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759) * kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907) * kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906) * kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804) * kernel: net/usb: kalmia: avoid printing uninitialized value on error path (CVE-2023-52703) * kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090) * kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464) * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) * kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826) * kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859) * kernel: crypto: (CVE-2024-26974, CVE-2023-52813) * kernel: can: (CVE-2023-52878, CVE-2021-47456) * kernel: usb: (CVE-2023-52781, CVE-2023-52877) * kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667) * kernel: usbnet: sanity check for maxpacket (CVE-2021-47495) * kernel: gro: fix ownership transfer (CVE-2024-35890) * kernel: erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888) * kernel: tipc: fix kernel warning when sending SYN message (CVE-2023-52700) * kernel: net/mlx5/mlxsw: (CVE-2024-35960, CVE-2024-36007, CVE-2024-35855) * kernel: net/mlx5e: (CVE-2024-35959, CVE-2023-52626, CVE-2024-35835) * kernel: mlxsw: (CVE-2024-35854, CVE-2024-35853, CVE-2024-35852) * kernel: net: (CVE-2024-35958, CVE-2021-47311, CVE-2021-47236, CVE-2021-47310) * kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004) * kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356) * kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353) Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-8.10.z kernel (JIRA:Rocky Linux-40882) * [rhel8.9][cxgb4]BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/54735 (JIRA:Rocky Linux-8779) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm 13d18ed8cd660d4afd81e4ace076fae71f71ec48512f7b65c87261f13002852a kernel-rt-core-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm f24471f8789b0714fd9cc8075ba541a1118c0d48a3756f59bb7f5c5657d6dcb2 kernel-rt-debug-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm 0953c74936ead18b459692308e184600924016c88140b14d5b9f346fccf1d698 kernel-rt-debug-core-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm 44514ef1f07a4a342fbb1815f12421efa96a61e211c8acf1dde5f407f8d5c745 kernel-rt-debug-devel-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm ca02131b33063f2f7dbb9e4513f41593ab7fd3c313c45e815e52dd5e79bd4b8d kernel-rt-debuginfo-common-x86_64-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm 6a89dc2633ca54940a39bce372b1db3c4e295b94ec03da5d3ee659ce6d8207a1 kernel-rt-debug-kvm-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm 017379b8cdea408c97f1b19a8c912533939f2ce5c00b417f36bbbdb6f2ad0746 kernel-rt-debug-modules-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm 03653a9c7ddb177ae184420512f45da0150447014a63dfadd75bbb90cf15f76e kernel-rt-debug-modules-extra-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm 720963683d6791d68a48acda5fe4d1d7a6a2468dc597c51bb602768e5fd0c233 kernel-rt-devel-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm 43c83c57cf7f0e869689991c023cf381447f76d52a0256fb795b7f95995f0af5 kernel-rt-kvm-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm c86b5d3cb45e68507b3638394d77050a679bda270bf44b4d7e87d9d844fb0a3d kernel-rt-modules-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm 7c6f8684365767b17c8b23756d06f5cbfcac0de00deec7d8136c343f7c992e88 kernel-rt-modules-extra-4.18.0-553.8.1.rt7.349.el8_10.x86_64.rpm efac48965801b0812f1b94b9d8cba9c259bfb8b2f738f0b4d73087ae386a44fe RLSA-2024:5102 Important: kernel-rt security update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939) * kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622) * kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669) * kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802) * kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843) * kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878) * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886) * kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653) * kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823) * kernel: ext4: fix corruption during on-line resize (CVE-2024-35807) * kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801) * kernel: dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947) * kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893) * kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876) * kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864) * kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845) * kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658) * kernel: crash due to a missing check for leb_size (CVE-2024-25739) * kernel: tcp: make sure init the accept_queue's spinlocks once (CVE-2024-26614) * kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640) * kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (CVE-2024-26870) * kernel: nfs: fix UAF in direct writes (CVE-2024-26958) * kernel: SUNRPC: fix some memleaks in gssx_dec_option_array (CVE-2024-27388) * kernel: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (CVE-2024-27434) * kernel: of: Fix double free in of_parse_phandle_with_args_map (CVE-2023-52679) * kernel: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (CVE-2024-35930) * kernel: wifi: iwlwifi: mvm: rfi: fix potential response leaks (CVE-2024-35912) * kernel: block: prevent division by zero in blk_rq_stat_sum() (CVE-2024-35925) * kernel: wifi: ath11k: decrease MHI channel buffer length to 8KB (CVE-2024-35938) * kernel: wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937) * kernel: wifi: rtw89: fix null pointer access when abort scan (CVE-2024-35946) * kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path (CVE-2024-36005) * kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000) * kernel: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (CVE-2024-36006) * kernel: net: ieee802154: fix null deref in parse dev addr (CVE-2021-47257) * kernel: mmc: sdio: fix possible resource leaks in some error paths (CVE-2023-52730) * kernel: wifi: ath11k: fix gtk offload status event locking (CVE-2023-52777) * (CVE-2023-52832) * (CVE-2023-52803) * (CVE-2023-52756) * (CVE-2023-52834) * (CVE-2023-52791) * (CVE-2023-52764) * (CVE-2021-47468) * (CVE-2021-47284) * (CVE-2024-36025) * (CVE-2024-36941) * (CVE-2024-36940) * (CVE-2024-36904) * (CVE-2024-36896) * (CVE-2024-36954) * (CVE-2024-36950) * (CVE-2024-38575) * (CVE-2024-36917) * (CVE-2024-36016) * (CVE-2023-52762) * (CVE-2024-27025) * (CVE-2021-47548) * (CVE-2023-52619) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939) * kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622) * kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669) * kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802) * kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843) * kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878) * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886) * kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653) * kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823) * kernel: ext4: fix corruption during on-line resize (CVE-2024-35807) * kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801) * kernel: dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947) * kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893) * kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876) * kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864) * kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845) * kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658) * kernel: crash due to a missing check for leb_size (CVE-2024-25739) * kernel: tcp: make sure init the accept_queue's spinlocks once (CVE-2024-26614) * kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640) * kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (CVE-2024-26870) * kernel: nfs: fix UAF in direct writes (CVE-2024-26958) * kernel: SUNRPC: fix some memleaks in gssx_dec_option_array (CVE-2024-27388) * kernel: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (CVE-2024-27434) * kernel: of: Fix double free in of_parse_phandle_with_args_map (CVE-2023-52679) * kernel: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (CVE-2024-35930) * kernel: wifi: iwlwifi: mvm: rfi: fix potential response leaks (CVE-2024-35912) * kernel: block: prevent division by zero in blk_rq_stat_sum() (CVE-2024-35925) * kernel: wifi: ath11k: decrease MHI channel buffer length to 8KB (CVE-2024-35938) * kernel: wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937) * kernel: wifi: rtw89: fix null pointer access when abort scan (CVE-2024-35946) * kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path (CVE-2024-36005) * kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000) * kernel: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (CVE-2024-36006) * kernel: net: ieee802154: fix null deref in parse dev addr (CVE-2021-47257) * kernel: mmc: sdio: fix possible resource leaks in some error paths (CVE-2023-52730) * kernel: wifi: ath11k: fix gtk offload status event locking (CVE-2023-52777) * (CVE-2023-52832) * (CVE-2023-52803) * (CVE-2023-52756) * (CVE-2023-52834) * (CVE-2023-52791) * (CVE-2023-52764) * (CVE-2021-47468) * (CVE-2021-47284) * (CVE-2024-36025) * (CVE-2024-36941) * (CVE-2024-36940) * (CVE-2024-36904) * (CVE-2024-36896) * (CVE-2024-36954) * (CVE-2024-36950) * (CVE-2024-38575) * (CVE-2024-36917) * (CVE-2024-36016) * (CVE-2023-52762) * (CVE-2024-27025) * (CVE-2021-47548) * (CVE-2023-52619) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm c64fefa8d1d8c7c008c37bc73bd5e4c06f93524a86ab65aff2e2914433379469 kernel-rt-core-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm 6ef6280b7d4f759d50c22b25d2595852010a0c034e228f417456b3190f29d761 kernel-rt-debug-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm b345a95908ee80ddd7c91973756c19d3e5c5c5b40a23a20a5fa234bf02c849ac kernel-rt-debug-core-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm 780317ec06c7bfede339b1d97afef10a79db0f256e276e7f3062e3d0b029c9e9 kernel-rt-debug-devel-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm ac8148880a1446f59b9efe5816079348495a133e010574b0911ac939fdd384d9 kernel-rt-debuginfo-common-x86_64-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm 2999862cbaca185b5ac9c7c1dde86a48b96c59b84547645ac8be3d40eeb487f1 kernel-rt-debug-kvm-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm 11c54c2170309551357fdfcb790ce6cf3c21e63737f912078421e2c52ea5a5ff kernel-rt-debug-modules-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm 6ff80a0346a3eecd8e8d6452ecf1bca624dac725fb49ae8d26eeae76d126693c kernel-rt-debug-modules-extra-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm c1b0414ca0cafed2668589f6460fa70dac3e9b22bd512c7c20461170214db548 kernel-rt-devel-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm 53c752c0b5e2cb70cbafd95d20e48b5e3630bb7e791d8d2b6f04487dc0314688 kernel-rt-kvm-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm 81ae83f60d43d6e5545994518639889eba54e4cd955e085141f1433b02c08865 kernel-rt-modules-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm fbc20568303ea6dc694c79250ae2aa188e1ecf496fa337dc5e51171057629664 kernel-rt-modules-extra-4.18.0-553.16.1.rt7.357.el8_10.x86_64.rpm fe0f92df92326908dd527d1d28b4aea55b4987a0debe23f7b88e2efbe2a5b946 RLSA-2024:7001 Important: kernel-rt security update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): CVE-2023-6040 CVE-2024-26595 CVE-2021-46984 CVE-2023-52478 CVE-2023-52476 CVE-2023-52522 CVE-2021-47101 CVE-2021-47097 CVE-2023-52605 CVE-2024-26645 CVE-2024-26665 CVE-2024-26720 CVE-2024-26717 CVE-2024-26769 CVE-2024-26894 CVE-2024-26880 CVE-2024-26855 CVE-2024-26923 CVE-2024-26939 CVE-2024-27013 CVE-2024-27042 CVE-2024-35809 CVE-2023-52683 CVE-2024-35884 CVE-2024-35877 CVE-2024-35944 CVE-2024-35989 CVE-2021-47412 CVE-2021-47393 CVE-2021-47386 CVE-2021-47385 CVE-2021-47384 CVE-2021-47383 CVE-2021-47432 CVE-2021-47352 CVE-2021-47338 CVE-2021-47321 CVE-2021-47289 CVE-2021-47287 CVE-2023-52817 CVE-2023-52840 CVE-2021-47441 CVE-2021-47466 CVE-2021-47455 CVE-2021-47497 CVE-2021-47560 CVE-2021-47527 CVE-2024-36883 CVE-2024-36920 CVE-2024-36902 CVE-2024-36953 CVE-2024-36939 CVE-2024-36901 CVE-2021-47582 CVE-2021-47609 CVE-2024-38619 CVE-2022-48754 CVE-2022-48760 CVE-2024-38581 CVE-2024-38570 CVE-2024-38559 CVE-2024-38558 CVE-2024-37356 CVE-2024-39471 CVE-2024-39499 CVE-2024-39501 CVE-2024-39506 CVE-2024-40904 CVE-2024-40911 CVE-2024-40912 CVE-2024-40929 CVE-2024-40931 CVE-2024-40941 CVE-2024-40954 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40972 CVE-2024-40977 CVE-2024-40978 CVE-2024-40988 CVE-2024-40989 CVE-2024-40995 CVE-2024-40997 CVE-2024-40998 CVE-2024-41005 CVE-2024-40901 CVE-2024-41007 CVE-2024-41008 CVE-2022-48804 CVE-2022-48836 CVE-2022-48866 CVE-2024-41090 CVE-2024-41091 CVE-2024-41012 CVE-2024-41013 CVE-2024-41014 CVE-2024-41035 CVE-2024-41038 CVE-2024-41039 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41055 CVE-2024-41056 CVE-2024-41060 CVE-2024-41071 CVE-2024-41076 CVE-2024-41097 CVE-2024-42084 CVE-2024-42090 CVE-2024-42096 CVE-2024-42114 CVE-2024-42124 CVE-2024-42131 CVE-2024-42152 CVE-2024-42154 CVE-2024-42226 CVE-2024-42228 CVE-2024-42237 CVE-2024-42238 CVE-2024-42240 CVE-2024-42246 CVE-2024-42322 CVE-2024-43871 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): CVE-2023-6040 CVE-2024-26595 CVE-2021-46984 CVE-2023-52478 CVE-2023-52476 CVE-2023-52522 CVE-2021-47101 CVE-2021-47097 CVE-2023-52605 CVE-2024-26645 CVE-2024-26665 CVE-2024-26720 CVE-2024-26717 CVE-2024-26769 CVE-2024-26894 CVE-2024-26880 CVE-2024-26855 CVE-2024-26923 CVE-2024-26939 CVE-2024-27013 CVE-2024-27042 CVE-2024-35809 CVE-2023-52683 CVE-2024-35884 CVE-2024-35877 CVE-2024-35944 CVE-2024-35989 CVE-2021-47412 CVE-2021-47393 CVE-2021-47386 CVE-2021-47385 CVE-2021-47384 CVE-2021-47383 CVE-2021-47432 CVE-2021-47352 CVE-2021-47338 CVE-2021-47321 CVE-2021-47289 CVE-2021-47287 CVE-2023-52817 CVE-2023-52840 CVE-2021-47441 CVE-2021-47466 CVE-2021-47455 CVE-2021-47497 CVE-2021-47560 CVE-2021-47527 CVE-2024-36883 CVE-2024-36920 CVE-2024-36902 CVE-2024-36953 CVE-2024-36939 CVE-2024-36901 CVE-2021-47582 CVE-2021-47609 CVE-2024-38619 CVE-2022-48754 CVE-2022-48760 CVE-2024-38581 CVE-2024-38570 CVE-2024-38559 CVE-2024-38558 CVE-2024-37356 CVE-2024-39471 CVE-2024-39499 CVE-2024-39501 CVE-2024-39506 CVE-2024-40904 CVE-2024-40911 CVE-2024-40912 CVE-2024-40929 CVE-2024-40931 CVE-2024-40941 CVE-2024-40954 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40972 CVE-2024-40977 CVE-2024-40978 CVE-2024-40988 CVE-2024-40989 CVE-2024-40995 CVE-2024-40997 CVE-2024-40998 CVE-2024-41005 CVE-2024-40901 CVE-2024-41007 CVE-2024-41008 CVE-2022-48804 CVE-2022-48836 CVE-2022-48866 CVE-2024-41090 CVE-2024-41091 CVE-2024-41012 CVE-2024-41013 CVE-2024-41014 CVE-2024-41035 CVE-2024-41038 CVE-2024-41039 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41055 CVE-2024-41056 CVE-2024-41060 CVE-2024-41071 CVE-2024-41076 CVE-2024-41097 CVE-2024-42084 CVE-2024-42090 CVE-2024-42096 CVE-2024-42114 CVE-2024-42124 CVE-2024-42131 CVE-2024-42152 CVE-2024-42154 CVE-2024-42226 CVE-2024-42228 CVE-2024-42237 CVE-2024-42238 CVE-2024-42240 CVE-2024-42246 CVE-2024-42322 CVE-2024-43871 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm 8e0bc1a01a1cc561cf4b9b270359302e7da0227818469dcd11d3e4dca3033e9e kernel-rt-core-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm 2981a9ae5291ed14ab23643a9925c400f71c1a090676f61c17418e20773ce136 kernel-rt-debug-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm f5e4d57294b07edf302977a5c72a980ef9af2d393b0b371beab31f5e8566bfd0 kernel-rt-debug-core-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm 1e830fce5794093edeb61d76c0b4a3733ac60a4cad00aa1302bf986d86da7296 kernel-rt-debug-devel-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm fa689e2cbfa51ee107689c170287a6da88dd8011ee606732d6003a405d344b39 kernel-rt-debuginfo-common-x86_64-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm 4e281d458b318ba5d37ae091d67306fc5c07cb5142a2aa4f309cc26f1f0989c4 kernel-rt-debug-kvm-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm 783725e5a56621b81568d4ed94f724bcc2e9d6a31e648ae28141d859b799cfe9 kernel-rt-debug-modules-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm 5bfc788ea15b886dd52a9dcf16cb5333b90e8dbb4938302d23b54b0a5a33494c kernel-rt-debug-modules-extra-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm aa36a8af81a26057a66b512f0e9409d6ebf40d395d3961af87bfe7a5b31fa7ee kernel-rt-devel-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm ae6956361fb4a3ff8f130290cf11e3a0b883c2f9abe9e6a9982efc2958313445 kernel-rt-kvm-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm f197465367bda02a7fc50cfe338bcdb6e6a5c2a968720be8b748619654512fe2 kernel-rt-modules-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm 1979eb9f0a5076be9657328631a134734b2698666344ef77a619e33f13f51495 kernel-rt-modules-extra-4.18.0-553.22.1.rt7.363.el8_10.x86_64.rpm 78fb86274f64ace14524d3458e259da488fdcde8ef3aeaf38cabc1df7d20402c RLSA-2024:8870 Moderate: kernel-rt security update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857) * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492) * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851) * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924) * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017) * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976) * kernel: nouveau: lock the client object tree. (CVE-2024-27062) * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898) * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939) * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608) * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586) * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541) * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540) * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503) * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924) * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961) * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983) * kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984) * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773) * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009) * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042) * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066) * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092) * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093) * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070) * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079) * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244) * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292) * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301) * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854) * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880) * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936) * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889) * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892) * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935) * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989) * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990) * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018) * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826) * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857) * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492) * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851) * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924) * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017) * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976) * kernel: nouveau: lock the client object tree. (CVE-2024-27062) * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898) * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939) * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608) * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586) * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541) * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540) * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503) * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924) * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961) * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983) * kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984) * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773) * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009) * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042) * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066) * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092) * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093) * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070) * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079) * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244) * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292) * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301) * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854) * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880) * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936) * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889) * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892) * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935) * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989) * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990) * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018) * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826) * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 832116677c798b75721f920f7923f55475c358452011c267bc8911855fef1e7f kernel-rt-core-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm b388cf2522953e2dd4da8ec55063d0674d3e6d8ab7e94c7ab2b429d8325402d2 kernel-rt-debug-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 23a25faebe0d66fe7c9414cdaec2d93b0a15d2232d3f3704c4023e542259cb5e kernel-rt-debug-core-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm fd71f051e2c75d1ce6a4d56de7a14a8088002afe90bdd1170fcab960eb402f24 kernel-rt-debug-devel-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm ce50c5b601eb959b321165e691093987dd0029c4fb453a80f9488aef82cfcc02 kernel-rt-debuginfo-common-x86_64-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm f24f298c1e4fb06c5c9395e88d61ef8ba8e26ed50744833187073c191b9201e0 kernel-rt-debug-kvm-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm d99c559a0f4eec31eabeb8042623968b5d00144d3e598e80dce1e4e366410299 kernel-rt-debug-modules-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 3e701e185cfce4724c763ea8d46d28ee7ffd7a95b9ed4d03c62704cfd40ab623 kernel-rt-debug-modules-extra-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 5bae637ce7c80f73e070c3c78123c1d8707ece57d4e8b83e770ad7d319a13dd3 kernel-rt-devel-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 28cf84a457fef1df725d47fffd7e079717ee59ba6b6315faecc418aa9566022b kernel-rt-kvm-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 72197d107f9afd6aec8aac805b7c8f3b33f90cb554e95d25010c07d7a09f30a7 kernel-rt-modules-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 6d0ed7a568a8bee47133b5f81dd4a7a649e12dff587074f549e16ab6ef9a4d07 kernel-rt-modules-extra-4.18.0-553.27.1.rt7.368.el8_10.x86_64.rpm 913638452a9f9ef3b34d0fac76e358fee84ac2d51c12169de181aa517bd14310 RLSA-2024:10282 Low: kernel-rt:4.18.0 security update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: media: edia: dvbdev: fix a use-after-free (CVE-2024-27043) * kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CVE-2024-38564) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Low

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: media: edia: dvbdev: fix a use-after-free (CVE-2024-27043) * kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CVE-2024-38564) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm 9c1b348d81e14b068b6edbe916d431a3493f526078c4049a4214d75903ed61fb kernel-rt-core-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm 73c63cb2518bad1ada3969d7a173ebfe52f9726783ca3e4d598b3d4847e5da1f kernel-rt-debug-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm 550c0102a53e9da4b63ad207d7e141a7621b90ff83175373aa9aa92984d0e514 kernel-rt-debug-core-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm 430b3c2029ed5f5a279f4cf19d5857932b144cbe003d847fca8b0c826320a8d2 kernel-rt-debug-devel-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm c0ffd2dd75c705c148da67271e4ee6777ec2075171ff1c11ef51e90fe0d55231 kernel-rt-debuginfo-common-x86_64-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm 0a91c2d0bda3ed5dfa2b20985e3f01c5eb9564d5871c7489fffbe4a38cc3738b kernel-rt-debug-kvm-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm bc70031368ad72244234ecc93bfd1002c211d8ca7630ec8c69fe1303126cbf5c kernel-rt-debug-modules-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm a0a7f328192f956506a034b2de9eb1c1f6e61354630762c8c1c98067686567d3 kernel-rt-debug-modules-extra-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm 5566e8a6ed1ee772637d74b72742d3d2bfd6558c5490714c729e7a746d696d81 kernel-rt-devel-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm 526e6560d1f4bf8ed68b458757653abac21227efb5e6a2cb4931aff373a89941 kernel-rt-kvm-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm f9e5245564117a58cc285647935c70c429c1ae386ca8a1cab75d064168a424f4 kernel-rt-modules-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm 338bae654f2d9e97c2daea42fc6a0b0afabe884f45669dc26e4d16b08cba1344 kernel-rt-modules-extra-4.18.0-553.30.1.rt7.371.el8_10.x86_64.rpm 6639b3755553022a005ef002524754bb5c8c1ab266c454e0361ed618912252ae RLSA-2024:10944 Moderate: kernel-rt security update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: selinux,smack: don't bypass permissions check in inode_setsecctx hook (CVE-2024-46695) * kernel: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (CVE-2024-49949) * kernel: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (CVE-2024-50082) * kernel: arm64: probes: Remove broken LDR (literal) uprobe support (CVE-2024-50099) * kernel: xfrm: fix one more kernel-infoleak in algo dumping (CVE-2024-50110) * kernel: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (CVE-2024-50142) * kernel: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (CVE-2024-50192) * kernel: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (CVE-2024-50256) * kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (CVE-2024-50264) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: selinux,smack: don't bypass permissions check in inode_setsecctx hook (CVE-2024-46695) * kernel: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (CVE-2024-49949) * kernel: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (CVE-2024-50082) * kernel: arm64: probes: Remove broken LDR (literal) uprobe support (CVE-2024-50099) * kernel: xfrm: fix one more kernel-infoleak in algo dumping (CVE-2024-50110) * kernel: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (CVE-2024-50142) * kernel: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (CVE-2024-50192) * kernel: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (CVE-2024-50256) * kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (CVE-2024-50264) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm b780de8a7ae86ebdc0c4e0b729bb410a46c2f5aa7662d778ad8d1673ac1a632c kernel-rt-core-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm 5870f0f6faf1d18ac74976e7dd943864c3c76a40188d8a4951e029e21f78f407 kernel-rt-debug-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm d42d09e42178c1bf20ac1745b4206af31cfd410747464ee53cd5fec2f4fed5a6 kernel-rt-debug-core-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm 07cc257543cc8dc1cc6f9cbc8b8b6e7eb9652badd5684c29772a1d31e3b9509e kernel-rt-debug-devel-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm 9812af075b47dd716040e1c0ea68f428d53b000664dbb404401f1b840b1ec9d1 kernel-rt-debuginfo-common-x86_64-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm b5e4322df32bde685cfc00aba44ec4a2d2a0a79f27a6b1ba7bb61502baaf817e kernel-rt-debug-kvm-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm b72044dbdba6dfe8b7f44c1fcea0281a88d13e02e5e88053dc0d80e6b84ee973 kernel-rt-debug-modules-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm 8fa1d9b9a4726994344bf43a988417d188ec93cb6eb551adabe4730e46bbab29 kernel-rt-debug-modules-extra-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm 4d475bb3fd28de48d260cfc003eb8b571146e78a8bc505eb1e709458238903c1 kernel-rt-devel-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm 3149d23bfb8b12f69e548e2dcdd87e926f2a9a28e819ffe3afff928b251cae55 kernel-rt-kvm-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm d4b234daa882872b4b90054923a7f3c0cac0e590b940d1d814da474fb0c052f7 kernel-rt-modules-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm 8f506dc0c3fcc79ee21dafe49808031a62b03b25b2db0f5cf893a3dbf0a28481 kernel-rt-modules-extra-4.18.0-553.32.1.rt7.373.el8_10.x86_64.rpm 191f86fc3ba6099115b0e4433a2ff8933ebb0ffd24e702f18fcf724580622cf8