csaf_redhat - rhsa-2024:8614

rhsa-2024:8614

Vulnerability from csaf_redhat

Published

2024-10-30 00:15

Modified

2025-08-04 06:17

Summary

Red Hat Security Advisory: kernel-rt security update

Notes

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252) * hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201) * kernel: mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489) * kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671) * kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (CVE-2024-26686) * kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826) * kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961) * kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47384) * kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889) * kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960) * kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998) * kernel: filelock: fix potential use-after-free in posix_lock_inode (CVE-2024-41049) * kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055) * kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment (CVE-2024-42152) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)\n\n* hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201)\n\n* kernel: mm/sparsemem: fix race in accessing memory_section-\u003eusage (CVE-2023-52489)\n\n* kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671)\n\n* kernel: fs/proc: do_task_stat: use sig-\u003estats_lock to gather the threads/children stats (CVE-2024-26686)\n\n* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)\n\n* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)\n\n* kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47384)\n\n* kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889)\n\n* kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960)\n\n* kernel: ext4: fix uninitialized ratelimit_state-\u0026gt;lock access in __ext4_fill_super() (CVE-2024-40998)\n\n* kernel: filelock: fix potential use-after-free in posix_lock_inode (CVE-2024-41049)\n\n* kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)\n\n* kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment (CVE-2024-42152)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:8614",
        "url": "https://access.redhat.com/errata/RHSA-2024:8614"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2176140",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176140"
      },
      {
        "category": "external",
        "summary": "2268118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268118"
      },
      {
        "category": "external",
        "summary": "2269189",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269189"
      },
      {
        "category": "external",
        "summary": "2272811",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272811"
      },
      {
        "category": "external",
        "summary": "2273109",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273109"
      },
      {
        "category": "external",
        "summary": "2275604",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275604"
      },
      {
        "category": "external",
        "summary": "2278176",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278176"
      },
      {
        "category": "external",
        "summary": "2282356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282356"
      },
      {
        "category": "external",
        "summary": "2284571",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284571"
      },
      {
        "category": "external",
        "summary": "2297544",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297544"
      },
      {
        "category": "external",
        "summary": "2297582",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297582"
      },
      {
        "category": "external",
        "summary": "2300422",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300422"
      },
      {
        "category": "external",
        "summary": "2300429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300429"
      },
      {
        "category": "external",
        "summary": "2301519",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301519"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8614.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security update",
    "tracking": {
      "current_release_date": "2025-08-04T06:17:53+00:00",
      "generator": {
        "date": "2025-08-04T06:17:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHSA-2024:8614",
      "initial_release_date": "2024-10-30T00:15:44+00:00",
      "revision_history": [
        {
          "date": "2024-10-30T00:15:44+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-10-30T00:15:44+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-08-04T06:17:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Real Time EUS (v.9.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux Real Time EUS (v.9.2)",
                  "product_id": "RT-9.2.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_eus:9.2::realtime"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
                  "product_id": "NFV-9.2.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
                "product": {
                  "name": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
                  "product_id": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.90.1.rt14.375.el9_2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-core@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-core@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-core@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-kvm@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules-core@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@5.14.0-284.90.1.rt14.375.el9_2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src"
        },
        "product_reference": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v.9.2)",
          "product_id": "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "NFV-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src"
        },
        "product_reference": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v.9.2)",
          "product_id": "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        },
        "product_reference": "kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
        "relates_to_product_reference": "RT-9.2.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-47384",
      "discovery_date": "2024-05-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2282356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field\n\nIf driver read tmp value sufficient for\n(tmp \u0026 0x08) \u0026\u0026 (!(tmp \u0026 0x80)) \u0026\u0026 ((tmp \u0026 0x7) == ((tmp \u003e\u003e 4) \u0026 0x7))\nfrom device then Null pointer dereference occurs.\n(It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers)\nAlso lm75[] does not serve a purpose anymore after switching to\ndevm_i2c_new_dummy_device() in w83791d_detect_subclients().\n\nThe patch fixes possible NULL pointer dereference by removing lm75[].\n\nFound by Linux Driver Verification project (linuxtesting.org).\n\n[groeck: Dropped unnecessary continuation lines, fixed multi-line alignments]",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as a moderate severity because the impact is limited to system stability rather than unauthorized access or data exposure.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-47384"
        },
        {
          "category": "external",
          "summary": "RHBZ#2282356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-47384",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-47384"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-47384",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47384"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2021-47384-f311@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2021-47384-f311@gregkh/T"
        }
      ],
      "release_date": "2024-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jann Horn"
          ],
          "organization": "Google Project Zero"
        }
      ],
      "cve": "CVE-2023-1252",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2023-03-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2176140"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free flaw was found in the Linux kernel\u2019s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 (\"ovl: fix use after free in struct ovl_aio_req\") not applied yet, the kernel could be affected.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: ovl: fix use after free in struct ovl_aio_req",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is possibly only triggered if an Ext4 filesystem is mounted. Because of that fact, and because exploitation would require that an attacker was able to control how that filesystem interacted with an OverlayFS filesystem, Red Hat assesses the impact of this vulnerability as Medium.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-416: Use After Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure that only authorized users and roles can execute or modify code. Red Hat also enforces least functionality, enabling only essential features, services, and ports. Hardening guidelines ensure the most restrictive settings required for operations, while baseline configurations enforce safe memory allocation and deallocation practices to reduce the risk of use-after-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code and provide real-time visibility into memory usage, lowering the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents a compromised process from accessing memory freed by another, containing potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-1252"
        },
        {
          "category": "external",
          "summary": "RHBZ#2176140",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176140"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1252"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1252",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1252"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/",
          "url": "https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/"
        }
      ],
      "release_date": "2021-11-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: ovl: fix use after free in struct ovl_aio_req"
    },
    {
      "cve": "CVE-2023-52489",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "discovery_date": "2024-02-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2269189"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A race condition was found on a PFN in the Linux Kernel, which can fall into the device memory region with the system memory configuration. Normal zone start and end PFNs contain the device memory PFNs as well, and the compaction triggered will try on the device memory PFNs and end up in NOP. This may lead to compromised Availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: mm/sparsemem: fix race in accessing memory_section-\u003eusage",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, limiting the impact of exploitation attempts. Static code analysis and peer code review techniques are used to execute robust input validation and error-handling mechanisms to ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. In the case of successful exploitation, detection and containment controls are in place to limit impacts by alerting on anomalous system behavior in real time, while process isolation and automated orchestration via Kubernetes minimize the likelihood of concurrent execution scenarios that would trigger the race condition and help contain the impact to a single process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-52489"
        },
        {
          "category": "external",
          "summary": "RHBZ#2269189",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269189"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-52489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-52489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52489"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/20240229155245.1571576-30-lee@kernel.org/T",
          "url": "https://lore.kernel.org/linux-cve-announce/20240229155245.1571576-30-lee@kernel.org/T"
        }
      ],
      "release_date": "2024-02-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: mm/sparsemem: fix race in accessing memory_section-\u003eusage"
    },
    {
      "cve": "CVE-2024-2201",
      "cwe": {
        "id": "CWE-1423",
        "name": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution"
      },
      "discovery_date": "2023-11-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268118"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in some Intel CPUs where mitigations for the Spectre V2/BHI vulnerability were incomplete. This issue may allow an attacker to read arbitrary memory, compromising system integrity and exposing sensitive information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: cpu: intel: Native Branch History Injection (BHI)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has very limited visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content and in most cases merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or even documenting the changes. Unless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required (in terms of Red Hat ownership of development processes, QA and documentation) for releasing this content as a RHSA. For more information please contact the binary content vendor.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268118",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268118"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2201"
        },
        {
          "category": "external",
          "summary": "https://download.vusec.net/papers/inspectre_sec24.pdf",
          "url": "https://download.vusec.net/papers/inspectre_sec24.pdf"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html#inpage-nav-8",
          "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html#inpage-nav-8"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2024/04/09/15",
          "url": "https://www.openwall.com/lists/oss-security/2024/04/09/15"
        },
        {
          "category": "external",
          "summary": "https://www.vusec.net/projects/native-bhi/",
          "url": "https://www.vusec.net/projects/native-bhi/"
        }
      ],
      "release_date": "2024-04-09T04:30:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: cpu: intel: Native Branch History Injection (BHI)"
    },
    {
      "cve": "CVE-2024-26671",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "discovery_date": "2024-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272811"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix IO hang from sbitmap wakeup race\n\nIn blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered\nwith the following blk_mq_get_driver_tag() in case of getting driver\ntag failure.\n\nThen in __sbitmap_queue_wake_up(), waitqueue_active() may not observe\nthe added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime\nblk_mq_mark_tag_wait() can\u0027t get driver tag successfully.\n\nThis issue can be reproduced by running the following test in loop, and\nfio hang can be observed in \u003c 30min when running it on my test VM\nin laptop.\n\n\tmodprobe -r scsi_debug\n\tmodprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4\n\tdev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename`\n\tfio --filename=/dev/\"$dev\" --direct=1 --rw=randrw --bs=4k --iodepth=1 \\\n       \t\t--runtime=100 --numjobs=40 --time_based --name=test \\\n        \t--ioengine=libaio\n\nFix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which\nis just fine in case of running out of tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: blk-mq: fix IO hang from sbitmap wakeup race",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is fixed in RHEL-9.4 and above (including RHEL 8.10)\n~~~\na7f97b4cae32 (in rhel-9.4, rhel-9.5) blk-mq: fix IO hang from sbitmap wakeup race \n098ab94a5112 (in rhel-8.10) blk-mq: fix IO hang from sbitmap wakeup race\n~~~\n\nPlease note that while RHEL-9 kernel-rt still appears as affected, it has been fixed in the same RHSA as RHEL-9 kernel. This is because from RHEL-9.3 onwards, the kernel and kernel-rt fixes are bundled together in a single errata.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, limiting the impact of exploitation attempts. Static code analysis and peer code review techniques are used to execute robust input validation and error-handling mechanisms to ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. In the case of successful exploitation, detection and containment controls are in place to limit impacts by alerting on anomalous system behavior in real time, while process isolation and automated orchestration via Kubernetes minimize the likelihood of concurrent execution scenarios that would trigger the race condition and help contain the impact to a single process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-26671"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272811",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272811"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-26671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26671"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26671",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26671"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024040219-CVE-2024-26671-2543@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024040219-CVE-2024-26671-2543@gregkh/T"
        }
      ],
      "release_date": "2024-04-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: blk-mq: fix IO hang from sbitmap wakeup race"
    },
    {
      "cve": "CVE-2024-26686",
      "cwe": {
        "id": "CWE-413",
        "name": "Improper Resource Locking"
      },
      "discovery_date": "2024-04-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2273109"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the do_task_stat() function in the Linux kernel, where due to excessive lock contention, a potential hard lockup could be created. This can create a performance bottleneck and lead to kernel unresponsiveness.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: fs/proc: do_task_stat: use sig-\u003estats_lock to gather the threads/children stats",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-26686"
        },
        {
          "category": "external",
          "summary": "RHBZ#2273109",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273109"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-26686",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26686"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26686",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26686"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024040335-CVE-2024-26686-b22f@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024040335-CVE-2024-26686-b22f@gregkh/T"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: fs/proc: do_task_stat: use sig-\u003estats_lock to gather the threads/children stats"
    },
    {
      "cve": "CVE-2024-26826",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2275604"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel. A logical error in the Multipath TCP packet manager causes some packets intended for retransmission to be lost, resulting in a potential denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: mptcp: fix data re-injection from stale subflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-20: Improper Input Validation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by input validation vulnerabilities. Security testing and evaluation standards are implemented within the environment to rigorously test input validation mechanisms during the development lifecycle, while static code analysis identifies potential input validation vulnerabilities by default. Process isolation ensures that processes handling potentially malicious or unvalidated inputs run in isolated environments by separating execution domains for each process. Malicious code protections, such as IPS/IDS and antimalware solutions, help detect and mitigate malicious payloads stemming from input validation vulnerabilities. Finally, robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks further.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-26826"
        },
        {
          "category": "external",
          "summary": "RHBZ#2275604",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275604"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-26826",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26826",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26826"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024041703-CVE-2024-26826-b984@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024041703-CVE-2024-26826-b984@gregkh/T"
        }
      ],
      "release_date": "2024-04-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: mptcp: fix data re-injection from stale subflow"
    },
    {
      "cve": "CVE-2024-26961",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2024-05-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2278176"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux Kernel where resources are improperly managed in IEEE 802.15.4 networking, leading to a potential use-after-free issue, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-26961"
        },
        {
          "category": "external",
          "summary": "RHBZ#2278176",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278176"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-26961",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26961"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26961",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26961"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024050129-CVE-2024-26961-408d@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024050129-CVE-2024-26961-408d@gregkh/T"
        }
      ],
      "release_date": "2024-05-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del"
    },
    {
      "cve": "CVE-2024-36889",
      "cwe": {
        "id": "CWE-665",
        "name": "Improper Initialization"
      },
      "discovery_date": "2024-05-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2284571"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_nxt is properly initialized on connect\n\nChristoph reported a splat hinting at a corrupted snd_una:\n\n  WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n  Modules linked in:\n  CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n  Workqueue: events mptcp_worker\n  RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n  Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8\n  \t8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe\n  \t\u003c0f\u003e 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9\n  RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293\n  RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4\n  RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001\n  RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n  R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000\n  R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000\n  FS:  0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0\n  Call Trace:\n   \u003cTASK\u003e\n   __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline]\n   mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline]\n   __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615\n   mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767\n   process_one_work+0x1e0/0x560 kernel/workqueue.c:3254\n   process_scheduled_works kernel/workqueue.c:3335 [inline]\n   worker_thread+0x3c7/0x640 kernel/workqueue.c:3416\n   kthread+0x121/0x170 kernel/kthread.c:388\n   ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n   \u003c/TASK\u003e\n\nWhen fallback to TCP happens early on a client socket, snd_nxt\nis not yet initialized and any incoming ack will copy such value\ninto snd_una. If the mptcp worker (dumbly) tries mptcp-level\nre-injection after such ack, that would unconditionally trigger a send\nbuffer cleanup using \u0027bad\u0027 snd_una values.\n\nWe could easily disable re-injection for fallback sockets, but such\ndumb behavior already helped catching a few subtle issues and a very\nlow to zero impact in practice.\n\nInstead address the issue always initializing snd_nxt (and write_seq,\nfor consistency) at connect time.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: mptcp: ensure snd_nxt is properly initialized on connect",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-36889"
        },
        {
          "category": "external",
          "summary": "RHBZ#2284571",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284571"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-36889",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-36889",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36889"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024053033-CVE-2024-36889-222d@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024053033-CVE-2024-36889-222d@gregkh/T"
        }
      ],
      "release_date": "2024-05-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: mptcp: ensure snd_nxt is properly initialized on connect"
    },
    {
      "cve": "CVE-2024-40960",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2024-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2297544"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the Linux kernel\u0027s IPv6 routing component, where a NULL dereference occurs in the rt6_probe() function. This issue happens when the function attempts to access a resource without confirming its availability, leading to potential crashes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: ipv6: prevent possible NULL dereference in rt6_probe()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of NULL pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies NULL dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. \n\nAdditionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-40960"
        },
        {
          "category": "external",
          "summary": "RHBZ#2297544",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297544"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-40960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40960",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40960"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024071225-CVE-2024-40960-d46f@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024071225-CVE-2024-40960-d46f@gregkh/T"
        }
      ],
      "release_date": "2024-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: ipv6: prevent possible NULL dereference in rt6_probe()"
    },
    {
      "cve": "CVE-2024-40998",
      "discovery_date": "2024-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2297582"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix uninitialized ratelimit_state-\u003elock access in __ext4_fill_super()\n\nIn the following concurrency we will access the uninitialized rs-\u003elock:\n\next4_fill_super\n  ext4_register_sysfs\n   // sysfs registered msg_ratelimit_interval_ms\n                             // Other processes modify rs-\u003einterval to\n                             // non-zero via msg_ratelimit_interval_ms\n  ext4_orphan_cleanup\n    ext4_msg(sb, KERN_INFO, \"Errors on filesystem, \"\n      __ext4_msg\n        ___ratelimit(\u0026(EXT4_SB(sb)-\u003es_msg_ratelimit_state)\n          if (!rs-\u003einterval)  // do nothing if interval is 0\n            return 1;\n          raw_spin_trylock_irqsave(\u0026rs-\u003elock, flags)\n            raw_spin_trylock(lock)\n              _raw_spin_trylock\n                __raw_spin_trylock\n                  spin_acquire(\u0026lock-\u003edep_map, 0, 1, _RET_IP_)\n                    lock_acquire\n                      __lock_acquire\n                        register_lock_class\n                          assign_lock_key\n                            dump_stack();\n  ratelimit_state_init(\u0026sbi-\u003es_msg_ratelimit_state, 5 * HZ, 10);\n    raw_spin_lock_init(\u0026rs-\u003elock);\n    // init rs-\u003elock here\n\nand get the following dump_stack:\n\n=========================================================\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn\u0027t initialize this object before use?\nturning off the locking correctness validator.\nCPU: 12 PID: 753 Comm: mount Tainted: G E 6.7.0-rc6-next-20231222 #504\n[...]\nCall Trace:\n dump_stack_lvl+0xc5/0x170\n dump_stack+0x18/0x30\n register_lock_class+0x740/0x7c0\n __lock_acquire+0x69/0x13a0\n lock_acquire+0x120/0x450\n _raw_spin_trylock+0x98/0xd0\n ___ratelimit+0xf6/0x220\n __ext4_msg+0x7f/0x160 [ext4]\n ext4_orphan_cleanup+0x665/0x740 [ext4]\n __ext4_fill_super+0x21ea/0x2b10 [ext4]\n ext4_fill_super+0x14d/0x360 [ext4]\n[...]\n=========================================================\n\nNormally interval is 0 until s_msg_ratelimit_state is initialized, so\n___ratelimit() does nothing. But registering sysfs precedes initializing\nrs-\u003elock, so it is possible to change rs-\u003einterval to a non-zero value\nvia the msg_ratelimit_interval_ms interface of sysfs while rs-\u003elock is\nuninitialized, and then a call to ext4_msg triggers the problem by\naccessing an uninitialized rs-\u003elock. Therefore register sysfs after all\ninitializations are complete to avoid such problems.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: ext4: fix uninitialized ratelimit_state-\u0026gt;lock access in __ext4_fill_super()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-40998"
        },
        {
          "category": "external",
          "summary": "RHBZ#2297582",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297582"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-40998",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-40998"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40998",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40998"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024071252-CVE-2024-40998-90d6@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024071252-CVE-2024-40998-90d6@gregkh/T"
        }
      ],
      "release_date": "2024-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: ext4: fix uninitialized ratelimit_state-\u0026gt;lock access in __ext4_fill_super()"
    },
    {
      "cve": "CVE-2024-41049",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2024-07-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2300422"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability was found in the Linux kernel in trace_posix_lock_inode(). This issue occurred when the request pointer was changed to point to a lock entry added to the inode\u0027s list. Before the tracepoint could fire, another task raced in and freed the lock.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: filelock: fix potential use-after-free in posix_lock_inode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Because this vulnerability requires a degree of control over the target system sufficient to control system timings and trigger crafted race conditions, Red Hat assesses its security impact as Moderate.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-416: Use After Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure that only authorized users and roles can execute or modify code. Red Hat also enforces least functionality, enabling only essential features, services, and ports. Hardening guidelines ensure the most restrictive settings required for operations, while baseline configurations enforce safe memory allocation and deallocation practices to reduce the risk of use-after-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code and provide real-time visibility into memory usage, lowering the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents a compromised process from accessing memory freed by another, containing potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-41049"
        },
        {
          "category": "external",
          "summary": "RHBZ#2300422",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300422"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-41049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-41049",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41049"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024072927-CVE-2024-41049-bf28@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024072927-CVE-2024-41049-bf28@gregkh/T"
        }
      ],
      "release_date": "2024-07-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: filelock: fix potential use-after-free in posix_lock_inode"
    },
    {
      "cve": "CVE-2024-41055",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2024-07-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2300429"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared.  The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference.  We need to check its value before\ndereferencing it.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: mm: prevent derefencing NULL ptr in pfn_section_valid()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-41055"
        },
        {
          "category": "external",
          "summary": "RHBZ#2300429",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300429"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-41055",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-41055",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41055"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024072928-CVE-2024-41055-5764@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024072928-CVE-2024-41055-5764@gregkh/T"
        }
      ],
      "release_date": "2024-07-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: mm: prevent derefencing NULL ptr in pfn_section_valid()"
    },
    {
      "cve": "CVE-2024-42152",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "discovery_date": "2024-07-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2301519"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the Linux kernel\u0027s nvme driver. A lack of proper checks can lead to a race condition during the destruction of a queue pair when a controller is being established. This issue can lead to system instability or crashes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-404: Improper Resource Shutdown or Release vulnerability and downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface and mitigates the risk of resource exhaustion from data leaks. \n\nThe environment incorporates malicious code protections such as IDS/IPS and antimalware solutions to detect threats and provide real-time visibility into resource usage, reducing the likelihood of resource leaks that could cause system instability. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, supporting the detection of abnormal resource usage patterns. Static code analysis and peer reviews enforce strong input validation and error handling to minimize the risk of denial-of-service (DoS) attacks. Lastly, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) strengthen resilience against memory-related vulnerabilities.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
          "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
          "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-42152"
        },
        {
          "category": "external",
          "summary": "RHBZ#2301519",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301519"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-42152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42152",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42152"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42152-c248@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42152-c248@gregkh/T"
        }
      ],
      "release_date": "2024-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T00:15:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8614"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "NFV-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "NFV-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.src",
            "RT-9.2.0.Z.EUS:kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-devel-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-kvm-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-core-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64",
            "RT-9.2.0.Z.EUS:kernel-rt-modules-extra-0:5.14.0-284.90.1.rt14.375.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment"
    }
  ]
}

CVE-2024-26826 (GCVE-0-2024-26826)

Vulnerability from cvelistv5

Published

2024-04-17 09:43

Modified

2025-05-04 08:57

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data re-injection from stale subflow When the MPTCP PM detects that a subflow is stale, all the packet scheduler must re-inject all the mptcp-level unacked data. To avoid acquiring unneeded locks, it first try to check if any unacked data is present at all in the RTX queue, but such check is currently broken, as it uses TCP-specific helper on an MPTCP socket. Funnily enough fuzzers and static checkers are happy, as the accessed memory still belongs to the mptcp_sock struct, and even from a functional perspective the recovery completed successfully, as the short-cut test always failed. A recent unrelated TCP change - commit d5fed5addb2b ("tcp: reorganize tcp_sock fast path variables") - exposed the issue, as the tcp field reorganization makes the mptcp code always skip the re-inection. Fix the issue dropping the bogus call: we are on a slow path, the early optimization proved once again to be evil.

References

►

URL

Tags

	https://git.kernel.org/stable/c/6f95120f898b40d13fd441225ef511307853c9c2
	https://git.kernel.org/stable/c/6673d9f1c2cd984390550dbdf7d5ae07b20abbf8
	https://git.kernel.org/stable/c/b609c783c535493aa3fca22c7e40a120370b1ca5
	https://git.kernel.org/stable/c/624902eab7abcb8731b333ec73f206d38d839cd8
	https://git.kernel.org/stable/c/b6c620dc43ccb4e802894e54b651cf81495e9598

Impacted products

Vendor

Product

Version

►

Linux

Version: 1e1d9d6f119c55c05e8ea78ed3e49046690abffd
Version: 1e1d9d6f119c55c05e8ea78ed3e49046690abffd
Version: 1e1d9d6f119c55c05e8ea78ed3e49046690abffd
Version: 1e1d9d6f119c55c05e8ea78ed3e49046690abffd
Version: 1e1d9d6f119c55c05e8ea78ed3e49046690abffd

Linux

Version: 5.15

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6f95120f898b40d13fd441225ef511307853c9c2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6673d9f1c2cd984390550dbdf7d5ae07b20abbf8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b609c783c535493aa3fca22c7e40a120370b1ca5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/624902eab7abcb8731b333ec73f206d38d839cd8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b6c620dc43ccb4e802894e54b651cf81495e9598"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26826",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:49:00.883183Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:30.420Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6f95120f898b40d13fd441225ef511307853c9c2",
              "status": "affected",
              "version": "1e1d9d6f119c55c05e8ea78ed3e49046690abffd",
              "versionType": "git"
            },
            {
              "lessThan": "6673d9f1c2cd984390550dbdf7d5ae07b20abbf8",
              "status": "affected",
              "version": "1e1d9d6f119c55c05e8ea78ed3e49046690abffd",
              "versionType": "git"
            },
            {
              "lessThan": "b609c783c535493aa3fca22c7e40a120370b1ca5",
              "status": "affected",
              "version": "1e1d9d6f119c55c05e8ea78ed3e49046690abffd",
              "versionType": "git"
            },
            {
              "lessThan": "624902eab7abcb8731b333ec73f206d38d839cd8",
              "status": "affected",
              "version": "1e1d9d6f119c55c05e8ea78ed3e49046690abffd",
              "versionType": "git"
            },
            {
              "lessThan": "b6c620dc43ccb4e802894e54b651cf81495e9598",
              "status": "affected",
              "version": "1e1d9d6f119c55c05e8ea78ed3e49046690abffd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix data re-injection from stale subflow\n\nWhen the MPTCP PM detects that a subflow is stale, all the packet\nscheduler must re-inject all the mptcp-level unacked data. To avoid\nacquiring unneeded locks, it first try to check if any unacked data\nis present at all in the RTX queue, but such check is currently\nbroken, as it uses TCP-specific helper on an MPTCP socket.\n\nFunnily enough fuzzers and static checkers are happy, as the accessed\nmemory still belongs to the mptcp_sock struct, and even from a\nfunctional perspective the recovery completed successfully, as\nthe short-cut test always failed.\n\nA recent unrelated TCP change - commit d5fed5addb2b (\"tcp: reorganize\ntcp_sock fast path variables\") - exposed the issue, as the tcp field\nreorganization makes the mptcp code always skip the re-inection.\n\nFix the issue dropping the bogus call: we are on a slow path, the early\noptimization proved once again to be evil."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:24.333Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6f95120f898b40d13fd441225ef511307853c9c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/6673d9f1c2cd984390550dbdf7d5ae07b20abbf8"
        },
        {
          "url": "https://git.kernel.org/stable/c/b609c783c535493aa3fca22c7e40a120370b1ca5"
        },
        {
          "url": "https://git.kernel.org/stable/c/624902eab7abcb8731b333ec73f206d38d839cd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6c620dc43ccb4e802894e54b651cf81495e9598"
        }
      ],
      "title": "mptcp: fix data re-injection from stale subflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26826",
    "datePublished": "2024-04-17T09:43:51.741Z",
    "dateReserved": "2024-02-19T14:20:24.181Z",
    "dateUpdated": "2025-05-04T08:57:24.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40998 (GCVE-0-2024-40998)

Vulnerability from cvelistv5

Published

2024-07-12 12:37

Modified

2025-05-04 09:19

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() In the following concurrency we will access the uninitialized rs->lock: ext4_fill_super ext4_register_sysfs // sysfs registered msg_ratelimit_interval_ms // Other processes modify rs->interval to // non-zero via msg_ratelimit_interval_ms ext4_orphan_cleanup ext4_msg(sb, KERN_INFO, "Errors on filesystem, " __ext4_msg ___ratelimit(&(EXT4_SB(sb)->s_msg_ratelimit_state) if (!rs->interval) // do nothing if interval is 0 return 1; raw_spin_trylock_irqsave(&rs->lock, flags) raw_spin_trylock(lock) _raw_spin_trylock __raw_spin_trylock spin_acquire(&lock->dep_map, 0, 1, _RET_IP_) lock_acquire __lock_acquire register_lock_class assign_lock_key dump_stack(); ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10); raw_spin_lock_init(&rs->lock); // init rs->lock here and get the following dump_stack: ========================================================= INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 12 PID: 753 Comm: mount Tainted: G E 6.7.0-rc6-next-20231222 #504 [...] Call Trace: dump_stack_lvl+0xc5/0x170 dump_stack+0x18/0x30 register_lock_class+0x740/0x7c0 __lock_acquire+0x69/0x13a0 lock_acquire+0x120/0x450 _raw_spin_trylock+0x98/0xd0 ___ratelimit+0xf6/0x220 __ext4_msg+0x7f/0x160 [ext4] ext4_orphan_cleanup+0x665/0x740 [ext4] __ext4_fill_super+0x21ea/0x2b10 [ext4] ext4_fill_super+0x14d/0x360 [ext4] [...] ========================================================= Normally interval is 0 until s_msg_ratelimit_state is initialized, so ___ratelimit() does nothing. But registering sysfs precedes initializing rs->lock, so it is possible to change rs->interval to a non-zero value via the msg_ratelimit_interval_ms interface of sysfs while rs->lock is uninitialized, and then a call to ext4_msg triggers the problem by accessing an uninitialized rs->lock. Therefore register sysfs after all initializations are complete to avoid such problems.

References

►

URL

Tags

	https://git.kernel.org/stable/c/23afcd52af06880c6c913a0ad99022b8937b575c
	https://git.kernel.org/stable/c/645267906944a9aeec9d5c56ee24a9096a288798
	https://git.kernel.org/stable/c/b4b4fda34e535756f9e774fb2d09c4537b7dfd1c

Impacted products

Vendor

Product

Version

►

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:56.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23afcd52af06880c6c913a0ad99022b8937b575c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/645267906944a9aeec9d5c56ee24a9096a288798"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b4b4fda34e535756f9e774fb2d09c4537b7dfd1c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40998",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:01:25.647023Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:19.460Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "23afcd52af06880c6c913a0ad99022b8937b575c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "645267906944a9aeec9d5c56ee24a9096a288798",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b4b4fda34e535756f9e774fb2d09c4537b7dfd1c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix uninitialized ratelimit_state-\u003elock access in __ext4_fill_super()\n\nIn the following concurrency we will access the uninitialized rs-\u003elock:\n\next4_fill_super\n  ext4_register_sysfs\n   // sysfs registered msg_ratelimit_interval_ms\n                             // Other processes modify rs-\u003einterval to\n                             // non-zero via msg_ratelimit_interval_ms\n  ext4_orphan_cleanup\n    ext4_msg(sb, KERN_INFO, \"Errors on filesystem, \"\n      __ext4_msg\n        ___ratelimit(\u0026(EXT4_SB(sb)-\u003es_msg_ratelimit_state)\n          if (!rs-\u003einterval)  // do nothing if interval is 0\n            return 1;\n          raw_spin_trylock_irqsave(\u0026rs-\u003elock, flags)\n            raw_spin_trylock(lock)\n              _raw_spin_trylock\n                __raw_spin_trylock\n                  spin_acquire(\u0026lock-\u003edep_map, 0, 1, _RET_IP_)\n                    lock_acquire\n                      __lock_acquire\n                        register_lock_class\n                          assign_lock_key\n                            dump_stack();\n  ratelimit_state_init(\u0026sbi-\u003es_msg_ratelimit_state, 5 * HZ, 10);\n    raw_spin_lock_init(\u0026rs-\u003elock);\n    // init rs-\u003elock here\n\nand get the following dump_stack:\n\n=========================================================\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn\u0027t initialize this object before use?\nturning off the locking correctness validator.\nCPU: 12 PID: 753 Comm: mount Tainted: G E 6.7.0-rc6-next-20231222 #504\n[...]\nCall Trace:\n dump_stack_lvl+0xc5/0x170\n dump_stack+0x18/0x30\n register_lock_class+0x740/0x7c0\n __lock_acquire+0x69/0x13a0\n lock_acquire+0x120/0x450\n _raw_spin_trylock+0x98/0xd0\n ___ratelimit+0xf6/0x220\n __ext4_msg+0x7f/0x160 [ext4]\n ext4_orphan_cleanup+0x665/0x740 [ext4]\n __ext4_fill_super+0x21ea/0x2b10 [ext4]\n ext4_fill_super+0x14d/0x360 [ext4]\n[...]\n=========================================================\n\nNormally interval is 0 until s_msg_ratelimit_state is initialized, so\n___ratelimit() does nothing. But registering sysfs precedes initializing\nrs-\u003elock, so it is possible to change rs-\u003einterval to a non-zero value\nvia the msg_ratelimit_interval_ms interface of sysfs while rs-\u003elock is\nuninitialized, and then a call to ext4_msg triggers the problem by\naccessing an uninitialized rs-\u003elock. Therefore register sysfs after all\ninitializations are complete to avoid such problems."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:19:40.394Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/23afcd52af06880c6c913a0ad99022b8937b575c"
        },
        {
          "url": "https://git.kernel.org/stable/c/645267906944a9aeec9d5c56ee24a9096a288798"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4b4fda34e535756f9e774fb2d09c4537b7dfd1c"
        }
      ],
      "title": "ext4: fix uninitialized ratelimit_state-\u003elock access in __ext4_fill_super()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40998",
    "datePublished": "2024-07-12T12:37:39.823Z",
    "dateReserved": "2024-07-12T12:17:45.607Z",
    "dateUpdated": "2025-05-04T09:19:40.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41055 (GCVE-0-2024-41055)

Vulnerability from cvelistv5

Published

2024-07-29 14:32

Modified

2025-05-04 12:57

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfn_section_valid() Commit 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing memory_section->usage") changed pfn_section_valid() to add a READ_ONCE() call around "ms->usage" to fix a race with section_deactivate() where ms->usage can be cleared. The READ_ONCE() call, by itself, is not enough to prevent NULL pointer dereference. We need to check its value before dereferencing it.

References

►

URL

Tags

	https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982
	https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503
	https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509
	https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7
	https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63
	https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e

Impacted products

Vendor

Product

Version

►

Linux

Version: 90ad17575d26874287271127d43ef3c2af876cea
Version: b448de2459b6d62a53892487ab18b7d823ff0529
Version: 68ed9e33324021e9d6b798e9db00ca3093d2012a
Version: 70064241f2229f7ba7b9599a98f68d9142e81a97
Version: 5ec8e8ea8b7783fab150cf86404fc38cb4db8800
Version: 5ec8e8ea8b7783fab150cf86404fc38cb4db8800
Version: 3a01daace71b521563c38bbbf874e14c3e58adb7

Linux

Version: 6.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:46:52.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41055",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:22:28.194623Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:01.312Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/mmzone.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0100aeb8a12d51950418e685f879cc80cb8e5982",
              "status": "affected",
              "version": "90ad17575d26874287271127d43ef3c2af876cea",
              "versionType": "git"
            },
            {
              "lessThan": "bc17f2377818dca643a74499c3f5333500c90503",
              "status": "affected",
              "version": "b448de2459b6d62a53892487ab18b7d823ff0529",
              "versionType": "git"
            },
            {
              "lessThan": "941e816185661bf2b44b488565d09444ae316509",
              "status": "affected",
              "version": "68ed9e33324021e9d6b798e9db00ca3093d2012a",
              "versionType": "git"
            },
            {
              "lessThan": "797323d1cf92d09b7a017cfec576d9babf99cde7",
              "status": "affected",
              "version": "70064241f2229f7ba7b9599a98f68d9142e81a97",
              "versionType": "git"
            },
            {
              "lessThan": "adccdf702b4ea913ded5ff512239e382d7473b63",
              "status": "affected",
              "version": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800",
              "versionType": "git"
            },
            {
              "lessThan": "82f0b6f041fad768c28b4ad05a683065412c226e",
              "status": "affected",
              "version": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3a01daace71b521563c38bbbf874e14c3e58adb7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/mmzone.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "5.10.210",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.15.149",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "6.1.76",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "6.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared.  The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference.  We need to check its value before\ndereferencing it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:33.295Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503"
        },
        {
          "url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509"
        },
        {
          "url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7"
        },
        {
          "url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63"
        },
        {
          "url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e"
        }
      ],
      "title": "mm: prevent derefencing NULL ptr in pfn_section_valid()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41055",
    "datePublished": "2024-07-29T14:32:10.672Z",
    "dateReserved": "2024-07-12T12:17:45.627Z",
    "dateUpdated": "2025-05-04T12:57:33.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26686 (GCVE-0-2024-26686)

Vulnerability from cvelistv5

Published

2024-04-03 14:54

Modified

2025-05-04 08:54

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the statistics outside of ->siglock protected section, in the likely case this code will run lockless.

References

►

URL

Tags

	https://git.kernel.org/stable/c/4fe85bdaabd63f8f8579b24a10ed597c9c482164
	https://git.kernel.org/stable/c/0c35d1914353799c54fa1843fe7dea6fcbcdbac5
	https://git.kernel.org/stable/c/cf4b8c39b9a0bd81c47afc7ef62914a62dd5ec4d
	https://git.kernel.org/stable/c/3820b0fac7732a653bcc6f6ac20c1d72e697f8f6
	https://git.kernel.org/stable/c/27978243f165b44e342f28f449b91327944ea071
	https://git.kernel.org/stable/c/7601df8031fd67310af891897ef6cc0df4209305

Impacted products

Vendor

Product

Version

►

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26686",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T18:03:13.492262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:23.666Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.556Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf4b8c39b9a0bd81c47afc7ef62914a62dd5ec4d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/27978243f165b44e342f28f449b91327944ea071"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7601df8031fd67310af891897ef6cc0df4209305"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/proc/array.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4fe85bdaabd63f8f8579b24a10ed597c9c482164",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0c35d1914353799c54fa1843fe7dea6fcbcdbac5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cf4b8c39b9a0bd81c47afc7ef62914a62dd5ec4d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3820b0fac7732a653bcc6f6ac20c1d72e697f8f6",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "27978243f165b44e342f28f449b91327944ea071",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7601df8031fd67310af891897ef6cc0df4209305",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/proc/array.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.237",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.237",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.82",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: do_task_stat: use sig-\u003estats_lock to gather the threads/children stats\n\nlock_task_sighand() can trigger a hard lockup.  If NR_CPUS threads call\ndo_task_stat() at the same time and the process has NR_THREADS, it will\nspin with irqs disabled O(NR_CPUS * NR_THREADS) time.\n\nChange do_task_stat() to use sig-\u003estats_lock to gather the statistics\noutside of -\u003esiglock protected section, in the likely case this code will\nrun lockless."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:54:03.497Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4fe85bdaabd63f8f8579b24a10ed597c9c482164"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c35d1914353799c54fa1843fe7dea6fcbcdbac5"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf4b8c39b9a0bd81c47afc7ef62914a62dd5ec4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/3820b0fac7732a653bcc6f6ac20c1d72e697f8f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/27978243f165b44e342f28f449b91327944ea071"
        },
        {
          "url": "https://git.kernel.org/stable/c/7601df8031fd67310af891897ef6cc0df4209305"
        }
      ],
      "title": "fs/proc: do_task_stat: use sig-\u003estats_lock to gather the threads/children stats",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26686",
    "datePublished": "2024-04-03T14:54:48.530Z",
    "dateReserved": "2024-02-19T14:20:24.154Z",
    "dateUpdated": "2025-05-04T08:54:03.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36889 (GCVE-0-2024-36889)

Vulnerability from cvelistv5

Published

2024-05-30 15:28

Modified

2025-05-04 09:11

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_nxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snd_una: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules linked in: CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 Workqueue: events mptcp_worker RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8 8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe <0f> 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9 RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4 RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000 R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000 FS: 0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0 Call Trace: <TASK> __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline] mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline] __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615 mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767 process_one_work+0x1e0/0x560 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x3c7/0x640 kernel/workqueue.c:3416 kthread+0x121/0x170 kernel/kthread.c:388 ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 </TASK> When fallback to TCP happens early on a client socket, snd_nxt is not yet initialized and any incoming ack will copy such value into snd_una. If the mptcp worker (dumbly) tries mptcp-level re-injection after such ack, that would unconditionally trigger a send buffer cleanup using 'bad' snd_una values. We could easily disable re-injection for fallback sockets, but such dumb behavior already helped catching a few subtle issues and a very low to zero impact in practice. Instead address the issue always initializing snd_nxt (and write_seq, for consistency) at connect time.

References

►

URL

Tags

	https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4
	https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193
	https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012
	https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f
	https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe
	https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386

Impacted products

Vendor

Product

Version

►

Linux

Version: 8fd738049ac3d67a937d36577763b47180aae1ad
Version: 8fd738049ac3d67a937d36577763b47180aae1ad
Version: 8fd738049ac3d67a937d36577763b47180aae1ad
Version: 8fd738049ac3d67a937d36577763b47180aae1ad
Version: 8fd738049ac3d67a937d36577763b47180aae1ad
Version: 8fd738049ac3d67a937d36577763b47180aae1ad

Linux

Version: 5.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36889",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:29:56.745706Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:33:02.390Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:49.113Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "99951b62bf20cec9247f633a3bea898338b9e5b4",
              "status": "affected",
              "version": "8fd738049ac3d67a937d36577763b47180aae1ad",
              "versionType": "git"
            },
            {
              "lessThan": "dc941fec0719d0471a5902424d6b2a17df233193",
              "status": "affected",
              "version": "8fd738049ac3d67a937d36577763b47180aae1ad",
              "versionType": "git"
            },
            {
              "lessThan": "39ca83ed73db9edcc6d70c0dc7a73085a4725012",
              "status": "affected",
              "version": "8fd738049ac3d67a937d36577763b47180aae1ad",
              "versionType": "git"
            },
            {
              "lessThan": "aa0c07c1f20e05b30019bff083ec43665536f06f",
              "status": "affected",
              "version": "8fd738049ac3d67a937d36577763b47180aae1ad",
              "versionType": "git"
            },
            {
              "lessThan": "592f69b41766d366dbb8ff4ef5a67c4396527bbe",
              "status": "affected",
              "version": "8fd738049ac3d67a937d36577763b47180aae1ad",
              "versionType": "git"
            },
            {
              "lessThan": "fb7a0d334894206ae35f023a82cad5a290fd7386",
              "status": "affected",
              "version": "8fd738049ac3d67a937d36577763b47180aae1ad",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.218",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.218",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_nxt is properly initialized on connect\n\nChristoph reported a splat hinting at a corrupted snd_una:\n\n  WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n  Modules linked in:\n  CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n  Workqueue: events mptcp_worker\n  RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n  Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8\n  \t8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe\n  \t\u003c0f\u003e 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9\n  RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293\n  RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4\n  RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001\n  RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n  R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000\n  R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000\n  FS:  0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0\n  Call Trace:\n   \u003cTASK\u003e\n   __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline]\n   mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline]\n   __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615\n   mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767\n   process_one_work+0x1e0/0x560 kernel/workqueue.c:3254\n   process_scheduled_works kernel/workqueue.c:3335 [inline]\n   worker_thread+0x3c7/0x640 kernel/workqueue.c:3416\n   kthread+0x121/0x170 kernel/kthread.c:388\n   ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n   \u003c/TASK\u003e\n\nWhen fallback to TCP happens early on a client socket, snd_nxt\nis not yet initialized and any incoming ack will copy such value\ninto snd_una. If the mptcp worker (dumbly) tries mptcp-level\nre-injection after such ack, that would unconditionally trigger a send\nbuffer cleanup using \u0027bad\u0027 snd_una values.\n\nWe could easily disable re-injection for fallback sockets, but such\ndumb behavior already helped catching a few subtle issues and a very\nlow to zero impact in practice.\n\nInstead address the issue always initializing snd_nxt (and write_seq,\nfor consistency) at connect time."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:11:28.710Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193"
        },
        {
          "url": "https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f"
        },
        {
          "url": "https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386"
        }
      ],
      "title": "mptcp: ensure snd_nxt is properly initialized on connect",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36889",
    "datePublished": "2024-05-30T15:28:56.794Z",
    "dateReserved": "2024-05-30T15:25:07.065Z",
    "dateUpdated": "2025-05-04T09:11:28.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2201 (GCVE-0-2024-2201)

Vulnerability from cvelistv5

Published

2024-12-19 20:28

Modified

2025-01-09 16:40

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-1423

Summary

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.

References

►

URL

Tags

	https://www.kb.cert.org/vuls/id/155143
	https://github.com/vusec/inspectre-gadget?tab=readme-ov-file
	http://www.openwall.com/lists/oss-security/2024/04/09/15
	http://www.openwall.com/lists/oss-security/2024/05/07/7
	http://xenbits.xen.org/xsa/advisory-456.html
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QKNCPX7CJUK4I6BRGABAUQK2DMQZUCA/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/
	https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/branch-history-injection.htm

Impacted products

	Vendor	Product	Version
	Xen	Xen	Version: See advisory "x86: Native Branch History Injection"

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 4.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-2201",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-31T18:51:54.984364Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T16:40:32.522Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Xen",
          "vendor": "Xen",
          "versions": [
            {
              "status": "affected",
              "version": "See advisory \"x86: Native Branch History Injection\""
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-1423",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T20:29:32.134Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://www.kb.cert.org/vuls/id/155143"
        },
        {
          "url": "https://github.com/vusec/inspectre-gadget?tab=readme-ov-file"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/09/15"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/07/7"
        },
        {
          "url": "http://xenbits.xen.org/xsa/advisory-456.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QKNCPX7CJUK4I6BRGABAUQK2DMQZUCA/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/"
        },
        {
          "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/branch-history-injection.htm"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE-2024-2201",
      "x_generator": {
        "engine": "VINCE 3.0.11",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2201"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2024-2201",
    "datePublished": "2024-12-19T20:28:31.596Z",
    "dateReserved": "2024-03-05T19:12:39.649Z",
    "dateUpdated": "2025-01-09T16:40:32.522Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26961 (GCVE-0-2024-26961)

Vulnerability from cvelistv5

Published

2024-05-01 05:19

Modified

2025-05-04 09:00

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154_llsec_key_del() can free resources of a key directly without following the RCU rules for waiting before the end of a grace period. This may lead to use-after-free in case llsec_lookup_key() is traversing the list of keys in parallel with a key deletion: refcount_t: addition on 0; use-after-free. WARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0 Modules linked in: CPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:refcount_warn_saturate+0x162/0x2a0 Call Trace: <TASK> llsec_lookup_key.isra.0+0x890/0x9e0 mac802154_llsec_encrypt+0x30c/0x9c0 ieee802154_subif_start_xmit+0x24/0x1e0 dev_hard_start_xmit+0x13e/0x690 sch_direct_xmit+0x2ae/0xbc0 __dev_queue_xmit+0x11dd/0x3c20 dgram_sendmsg+0x90b/0xd60 __sys_sendto+0x466/0x4c0 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x45/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Also, ieee802154_llsec_key_entry structures are not freed by mac802154_llsec_key_del(): unreferenced object 0xffff8880613b6980 (size 64): comm "iwpan", pid 2176, jiffies 4294761134 (age 60.475s) hex dump (first 32 bytes): 78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de x......."....... 00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00 ................ backtrace: [<ffffffff81dcfa62>] __kmem_cache_alloc_node+0x1e2/0x2d0 [<ffffffff81c43865>] kmalloc_trace+0x25/0xc0 [<ffffffff88968b09>] mac802154_llsec_key_add+0xac9/0xcf0 [<ffffffff8896e41a>] ieee802154_add_llsec_key+0x5a/0x80 [<ffffffff8892adc6>] nl802154_add_llsec_key+0x426/0x5b0 [<ffffffff86ff293e>] genl_family_rcv_msg_doit+0x1fe/0x2f0 [<ffffffff86ff46d1>] genl_rcv_msg+0x531/0x7d0 [<ffffffff86fee7a9>] netlink_rcv_skb+0x169/0x440 [<ffffffff86ff1d88>] genl_rcv+0x28/0x40 [<ffffffff86fec15c>] netlink_unicast+0x53c/0x820 [<ffffffff86fecd8b>] netlink_sendmsg+0x93b/0xe60 [<ffffffff86b91b35>] ____sys_sendmsg+0xac5/0xca0 [<ffffffff86b9c3dd>] ___sys_sendmsg+0x11d/0x1c0 [<ffffffff86b9c65a>] __sys_sendmsg+0xfa/0x1d0 [<ffffffff88eadbf5>] do_syscall_64+0x45/0xf0 [<ffffffff890000ea>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 Handle the proper resource release in the RCU callback function mac802154_llsec_key_del_rcu(). Note that if llsec_lookup_key() finds a key, it gets a refcount via llsec_key_get() and locally copies key id from key_entry (which is a list element). So it's safe to call llsec_key_put() and free the list entry after the RCU grace period elapses. Found by Linux Verification Center (linuxtesting.org).

References

►

URL

Tags

	https://git.kernel.org/stable/c/068ab2759bc0b4daf0b964de61b2731449c86531
	https://git.kernel.org/stable/c/d3d858650933d44ac12c1f31337e7110c2071821
	https://git.kernel.org/stable/c/dcd51ab42b7a0431575689c5f74b8b6efd45fc2f
	https://git.kernel.org/stable/c/20d3e1c8a1847497269f04d874b2a5818ec29e2d
	https://git.kernel.org/stable/c/640297c3e897bd7e1481466a6a5cb9560f1edb88
	https://git.kernel.org/stable/c/49c8951680d7b76fceaee89dcfbab1363fb24fd1
	https://git.kernel.org/stable/c/e8a1e58345cf40b7b272e08ac7b32328b2543e40

Impacted products

Vendor

Product

Version

►

Linux

Version: 5d637d5aabd85132bd85779677d8acb708e0ed90
Version: 5d637d5aabd85132bd85779677d8acb708e0ed90
Version: 5d637d5aabd85132bd85779677d8acb708e0ed90
Version: 5d637d5aabd85132bd85779677d8acb708e0ed90
Version: 5d637d5aabd85132bd85779677d8acb708e0ed90
Version: 5d637d5aabd85132bd85779677d8acb708e0ed90
Version: 5d637d5aabd85132bd85779677d8acb708e0ed90

Linux

Version: 3.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26961",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T17:51:17.536237Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:15.130Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.779Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/068ab2759bc0b4daf0b964de61b2731449c86531"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3d858650933d44ac12c1f31337e7110c2071821"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dcd51ab42b7a0431575689c5f74b8b6efd45fc2f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/20d3e1c8a1847497269f04d874b2a5818ec29e2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/640297c3e897bd7e1481466a6a5cb9560f1edb88"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/49c8951680d7b76fceaee89dcfbab1363fb24fd1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8a1e58345cf40b7b272e08ac7b32328b2543e40"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/cfg802154.h",
            "net/mac802154/llsec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "068ab2759bc0b4daf0b964de61b2731449c86531",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            },
            {
              "lessThan": "d3d858650933d44ac12c1f31337e7110c2071821",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            },
            {
              "lessThan": "dcd51ab42b7a0431575689c5f74b8b6efd45fc2f",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            },
            {
              "lessThan": "20d3e1c8a1847497269f04d874b2a5818ec29e2d",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            },
            {
              "lessThan": "640297c3e897bd7e1481466a6a5cb9560f1edb88",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            },
            {
              "lessThan": "49c8951680d7b76fceaee89dcfbab1363fb24fd1",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            },
            {
              "lessThan": "e8a1e58345cf40b7b272e08ac7b32328b2543e40",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/cfg802154.h",
            "net/mac802154/llsec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.16"
            },
            {
              "lessThan": "3.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: fix llsec key resources release in mac802154_llsec_key_del\n\nmac802154_llsec_key_del() can free resources of a key directly without\nfollowing the RCU rules for waiting before the end of a grace period. This\nmay lead to use-after-free in case llsec_lookup_key() is traversing the\nlist of keys in parallel with a key deletion:\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0\nModules linked in:\nCPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x162/0x2a0\nCall Trace:\n \u003cTASK\u003e\n llsec_lookup_key.isra.0+0x890/0x9e0\n mac802154_llsec_encrypt+0x30c/0x9c0\n ieee802154_subif_start_xmit+0x24/0x1e0\n dev_hard_start_xmit+0x13e/0x690\n sch_direct_xmit+0x2ae/0xbc0\n __dev_queue_xmit+0x11dd/0x3c20\n dgram_sendmsg+0x90b/0xd60\n __sys_sendto+0x466/0x4c0\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x45/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nAlso, ieee802154_llsec_key_entry structures are not freed by\nmac802154_llsec_key_del():\n\nunreferenced object 0xffff8880613b6980 (size 64):\n  comm \"iwpan\", pid 2176, jiffies 4294761134 (age 60.475s)\n  hex dump (first 32 bytes):\n    78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de  x.......\".......\n    00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00  ................\n  backtrace:\n    [\u003cffffffff81dcfa62\u003e] __kmem_cache_alloc_node+0x1e2/0x2d0\n    [\u003cffffffff81c43865\u003e] kmalloc_trace+0x25/0xc0\n    [\u003cffffffff88968b09\u003e] mac802154_llsec_key_add+0xac9/0xcf0\n    [\u003cffffffff8896e41a\u003e] ieee802154_add_llsec_key+0x5a/0x80\n    [\u003cffffffff8892adc6\u003e] nl802154_add_llsec_key+0x426/0x5b0\n    [\u003cffffffff86ff293e\u003e] genl_family_rcv_msg_doit+0x1fe/0x2f0\n    [\u003cffffffff86ff46d1\u003e] genl_rcv_msg+0x531/0x7d0\n    [\u003cffffffff86fee7a9\u003e] netlink_rcv_skb+0x169/0x440\n    [\u003cffffffff86ff1d88\u003e] genl_rcv+0x28/0x40\n    [\u003cffffffff86fec15c\u003e] netlink_unicast+0x53c/0x820\n    [\u003cffffffff86fecd8b\u003e] netlink_sendmsg+0x93b/0xe60\n    [\u003cffffffff86b91b35\u003e] ____sys_sendmsg+0xac5/0xca0\n    [\u003cffffffff86b9c3dd\u003e] ___sys_sendmsg+0x11d/0x1c0\n    [\u003cffffffff86b9c65a\u003e] __sys_sendmsg+0xfa/0x1d0\n    [\u003cffffffff88eadbf5\u003e] do_syscall_64+0x45/0xf0\n    [\u003cffffffff890000ea\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nHandle the proper resource release in the RCU callback function\nmac802154_llsec_key_del_rcu().\n\nNote that if llsec_lookup_key() finds a key, it gets a refcount via\nllsec_key_get() and locally copies key id from key_entry (which is a\nlist element). So it\u0027s safe to call llsec_key_put() and free the list\nentry after the RCU grace period elapses.\n\nFound by Linux Verification Center (linuxtesting.org)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:52.446Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/068ab2759bc0b4daf0b964de61b2731449c86531"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3d858650933d44ac12c1f31337e7110c2071821"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcd51ab42b7a0431575689c5f74b8b6efd45fc2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/20d3e1c8a1847497269f04d874b2a5818ec29e2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/640297c3e897bd7e1481466a6a5cb9560f1edb88"
        },
        {
          "url": "https://git.kernel.org/stable/c/49c8951680d7b76fceaee89dcfbab1363fb24fd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8a1e58345cf40b7b272e08ac7b32328b2543e40"
        }
      ],
      "title": "mac802154: fix llsec key resources release in mac802154_llsec_key_del",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26961",
    "datePublished": "2024-05-01T05:19:16.361Z",
    "dateReserved": "2024-02-19T14:20:24.201Z",
    "dateUpdated": "2025-05-04T09:00:52.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41049 (GCVE-0-2024-41049)

Vulnerability from cvelistv5

Published

2024-07-29 14:32

Modified

2025-05-04 12:57

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.

References

►

URL

Tags

	https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
	https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b
	https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
	https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
	https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
	https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
	https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92

Impacted products

Vendor

Product

Version

►

Linux

Version: 117fb80cd1e63c419c7a221ce070becb4bfc7b6d
Version: a6f4129378ca15f62cbdde09a7d3ccc35adcf49d
Version: 766e56faddbec2eaf70c9299e1c9ef74d846d32b
Version: 34bff6d850019e00001129d6de3aa4874c2cf471
Version: 74f6f5912693ce454384eaeec48705646a21c74f
Version: 74f6f5912693ce454384eaeec48705646a21c74f
Version: 74f6f5912693ce454384eaeec48705646a21c74f
Version: e75396988bb9b3b90e6e8690604d0f566cea403a

Linux

Version: 6.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:46:52.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41049",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:22:47.848280Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:01.912Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/locks.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1cbbb3d9475c403ebedc327490c7c2b991398197",
              "status": "affected",
              "version": "117fb80cd1e63c419c7a221ce070becb4bfc7b6d",
              "versionType": "git"
            },
            {
              "lessThan": "7d4c14f4b511fd4c0dc788084ae59b4656ace58b",
              "status": "affected",
              "version": "a6f4129378ca15f62cbdde09a7d3ccc35adcf49d",
              "versionType": "git"
            },
            {
              "lessThan": "02a8964260756c70b20393ad4006948510ac9967",
              "status": "affected",
              "version": "766e56faddbec2eaf70c9299e1c9ef74d846d32b",
              "versionType": "git"
            },
            {
              "lessThan": "5cb36e35bc10ea334810937990c2b9023dacb1b0",
              "status": "affected",
              "version": "34bff6d850019e00001129d6de3aa4874c2cf471",
              "versionType": "git"
            },
            {
              "lessThan": "432b06b69d1d354a171f7499141116536579eb6a",
              "status": "affected",
              "version": "74f6f5912693ce454384eaeec48705646a21c74f",
              "versionType": "git"
            },
            {
              "lessThan": "116599f6a26906cf33f67975c59f0692ecf7e9b2",
              "status": "affected",
              "version": "74f6f5912693ce454384eaeec48705646a21c74f",
              "versionType": "git"
            },
            {
              "lessThan": "1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92",
              "status": "affected",
              "version": "74f6f5912693ce454384eaeec48705646a21c74f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e75396988bb9b3b90e6e8690604d0f566cea403a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/locks.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "5.4.257",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "5.10.197",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.15.133",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "6.1.55",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: fix potential use-after-free in posix_lock_inode\n\nLight Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().\nThe request pointer had been changed earlier to point to a lock entry\nthat was added to the inode\u0027s list. However, before the tracepoint could\nfire, another task raced in and freed that lock.\n\nFix this by moving the tracepoint inside the spinlock, which should\nensure that this doesn\u0027t happen."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:32.138Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b"
        },
        {
          "url": "https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967"
        },
        {
          "url": "https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92"
        }
      ],
      "title": "filelock: fix potential use-after-free in posix_lock_inode",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41049",
    "datePublished": "2024-07-29T14:32:05.953Z",
    "dateReserved": "2024-07-12T12:17:45.625Z",
    "dateUpdated": "2025-05-04T12:57:32.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26671 (GCVE-0-2024-26671)

Vulnerability from cvelistv5

Published

2024-04-02 06:49

Modified

2025-05-04 08:53

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_queue_wake_up(), waitqueue_active() may not observe the added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime blk_mq_mark_tag_wait() can't get driver tag successfully. This issue can be reproduced by running the following test in loop, and fio hang can be observed in < 30min when running it on my test VM in laptop. modprobe -r scsi_debug modprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4 dev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename` fio --filename=/dev/"$dev" --direct=1 --rw=randrw --bs=4k --iodepth=1 \ --runtime=100 --numjobs=40 --time_based --name=test \ --ioengine=libaio Fix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which is just fine in case of running out of tag.

References

►

URL

Tags

	https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676
	https://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10
	https://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f
	https://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b
	https://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56
	https://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0
	https://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2
	https://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed

Impacted products

Vendor

Product

Version

►

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26671",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:53:32.693372Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:37.992Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/blk-mq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9525b38180e2753f0daa1a522b7767a2aa969676",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7610ba1319253225a9ba8a9d28d472fc883b4e2f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "89e0e66682e1538aeeaa3109503473663cd24c8b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1d9c777d3e70bdc57dddf7a14a80059d65919e56",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6d8b01624a2540336a32be91f25187a433af53a0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f1bc0d8163f8ee84a8d5affdf624cfad657df1d2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5266caaf5660529e3da53004b8b7174cab6374ed",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/blk-mq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix IO hang from sbitmap wakeup race\n\nIn blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered\nwith the following blk_mq_get_driver_tag() in case of getting driver\ntag failure.\n\nThen in __sbitmap_queue_wake_up(), waitqueue_active() may not observe\nthe added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime\nblk_mq_mark_tag_wait() can\u0027t get driver tag successfully.\n\nThis issue can be reproduced by running the following test in loop, and\nfio hang can be observed in \u003c 30min when running it on my test VM\nin laptop.\n\n\tmodprobe -r scsi_debug\n\tmodprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4\n\tdev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename`\n\tfio --filename=/dev/\"$dev\" --direct=1 --rw=randrw --bs=4k --iodepth=1 \\\n       \t\t--runtime=100 --numjobs=40 --time_based --name=test \\\n        \t--ioengine=libaio\n\nFix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which\nis just fine in case of running out of tag."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:53:36.352Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676"
        },
        {
          "url": "https://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10"
        },
        {
          "url": "https://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed"
        }
      ],
      "title": "blk-mq: fix IO hang from sbitmap wakeup race",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26671",
    "datePublished": "2024-04-02T06:49:13.834Z",
    "dateReserved": "2024-02-19T14:20:24.150Z",
    "dateUpdated": "2025-05-04T08:53:36.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42152 (GCVE-0-2024-42152)

Vulnerability from cvelistv5

Published

2024-07-30 07:46

Modified

2025-06-19 12:56

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we know that a ctrl was allocated (in the admin connect request handler) and we need to release pending AERs, clear ctrl->sqs and sq->ctrl (for nvme-loop primarily), and drop the final reference on the ctrl. However, a small window is possible where nvmet_sq_destroy starts (as a result of the client giving up and disconnecting) concurrently with the nvme admin connect cmd (which may be in an early stage). But *before* kill_and_confirm of sq->ref (i.e. the admin connect managed to get an sq live reference). In this case, sq->ctrl was allocated however after it was captured in a local variable in nvmet_sq_destroy. This prevented the final reference drop on the ctrl. Solve this by re-capturing the sq->ctrl after all inflight request has completed, where for sure sq->ctrl reference is final, and move forward based on that. This issue was observed in an environment with many hosts connecting multiple ctrls simoutanuosly, creating a delay in allocating a ctrl leading up to this race window.

References

►

URL

Tags

	https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa
	https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5
	https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da
	https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1
	https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33
	https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4

Impacted products

Vendor

Product

Version

►

Linux

Version: 0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a
Version: 0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a
Version: 0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a
Version: 0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a
Version: 0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a
Version: 0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a

Linux

Version: 5.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42152",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:15:21.603444Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:34.451Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvme/target/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2f3c22b1d3d7e86712253244797a651998c141fa",
              "status": "affected",
              "version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a",
              "versionType": "git"
            },
            {
              "lessThan": "b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5",
              "status": "affected",
              "version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a",
              "versionType": "git"
            },
            {
              "lessThan": "940a71f08ef153ef807f751310b0648d1fa5d0da",
              "status": "affected",
              "version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a",
              "versionType": "git"
            },
            {
              "lessThan": "5502c1f1d0d7472706cc1f201aecf1c935d302d1",
              "status": "affected",
              "version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a",
              "versionType": "git"
            },
            {
              "lessThan": "818004f2a380420c19872171be716174d4985e33",
              "status": "affected",
              "version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a",
              "versionType": "git"
            },
            {
              "lessThan": "c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4",
              "status": "affected",
              "version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvme/target/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a possible leak when destroy a ctrl during qp establishment\n\nIn nvmet_sq_destroy we capture sq-\u003ectrl early and if it is non-NULL we\nknow that a ctrl was allocated (in the admin connect request handler)\nand we need to release pending AERs, clear ctrl-\u003esqs and sq-\u003ectrl\n(for nvme-loop primarily), and drop the final reference on the ctrl.\n\nHowever, a small window is possible where nvmet_sq_destroy starts (as\na result of the client giving up and disconnecting) concurrently with\nthe nvme admin connect cmd (which may be in an early stage). But *before*\nkill_and_confirm of sq-\u003eref (i.e. the admin connect managed to get an sq\nlive reference). In this case, sq-\u003ectrl was allocated however after it was\ncaptured in a local variable in nvmet_sq_destroy.\nThis prevented the final reference drop on the ctrl.\n\nSolve this by re-capturing the sq-\u003ectrl after all inflight request has\ncompleted, where for sure sq-\u003ectrl reference is final, and move forward\nbased on that.\n\nThis issue was observed in an environment with many hosts connecting\nmultiple ctrls simoutanuosly, creating a delay in allocating a ctrl\nleading up to this race window."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:56:36.697Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5"
        },
        {
          "url": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da"
        },
        {
          "url": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33"
        },
        {
          "url": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4"
        }
      ],
      "title": "nvmet: fix a possible leak when destroy a ctrl during qp establishment",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42152",
    "datePublished": "2024-07-30T07:46:44.795Z",
    "dateReserved": "2024-07-29T15:50:41.193Z",
    "dateUpdated": "2025-06-19T12:56:36.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40960 (GCVE-0-2024-40960)

Vulnerability from cvelistv5

Published

2024-07-12 12:32

Modified

2025-05-04 09:18

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f] CPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline] RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758 Code: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19 RSP: 0018:ffffc900034af070 EFLAGS: 00010203 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000 RDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c RBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a R13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000 FS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784 nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496 __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825 find_rr_leaf net/ipv6/route.c:853 [inline] rt6_select net/ipv6/route.c:897 [inline] fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195 ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231 pol_lookup_func include/net/ip6_fib.h:616 [inline] fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121 ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline] ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651 ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147 ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250 rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898 inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_write_iter+0x4b8/0x5c0 net/socket.c:1160 new_sync_write fs/read_write.c:497 [inline] vfs_write+0x6b6/0x1140 fs/read_write.c:590 ksys_write+0x1f8/0x260 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

References

►

URL

Tags

	https://git.kernel.org/stable/c/f0cda984e4e634b221dbf9642b8ecc5b4806b41e
	https://git.kernel.org/stable/c/d66fc4826127c82f99c4033380f8e93833d331c7
	https://git.kernel.org/stable/c/1ed9849fdf9a1a617129346b11d2094ca26828dc
	https://git.kernel.org/stable/c/569c9d9ea6648d099187527b93982f406ddcebc0
	https://git.kernel.org/stable/c/51ee2f7c30790799d0ec30c0ce0c743e58f046f2
	https://git.kernel.org/stable/c/73e7c8ca6ad76f29b2c99c20845a6f3b203ff0c6
	https://git.kernel.org/stable/c/6eed6d3cd19ff3cfa83aeceed86da14abaf7417b
	https://git.kernel.org/stable/c/b86762dbe19a62e785c189f313cda5b989931f37

Impacted products

Vendor

Product

Version

►

Linux

Version: 52e1635631b342803aecaf81a362c1464e3da2e5
Version: 52e1635631b342803aecaf81a362c1464e3da2e5
Version: 52e1635631b342803aecaf81a362c1464e3da2e5
Version: 52e1635631b342803aecaf81a362c1464e3da2e5
Version: 52e1635631b342803aecaf81a362c1464e3da2e5
Version: 52e1635631b342803aecaf81a362c1464e3da2e5
Version: 52e1635631b342803aecaf81a362c1464e3da2e5
Version: 52e1635631b342803aecaf81a362c1464e3da2e5

Linux

Version: 2.6.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:55.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0cda984e4e634b221dbf9642b8ecc5b4806b41e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d66fc4826127c82f99c4033380f8e93833d331c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1ed9849fdf9a1a617129346b11d2094ca26828dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/569c9d9ea6648d099187527b93982f406ddcebc0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/51ee2f7c30790799d0ec30c0ce0c743e58f046f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73e7c8ca6ad76f29b2c99c20845a6f3b203ff0c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6eed6d3cd19ff3cfa83aeceed86da14abaf7417b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b86762dbe19a62e785c189f313cda5b989931f37"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40960",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:03:29.403653Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:23.694Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f0cda984e4e634b221dbf9642b8ecc5b4806b41e",
              "status": "affected",
              "version": "52e1635631b342803aecaf81a362c1464e3da2e5",
              "versionType": "git"
            },
            {
              "lessThan": "d66fc4826127c82f99c4033380f8e93833d331c7",
              "status": "affected",
              "version": "52e1635631b342803aecaf81a362c1464e3da2e5",
              "versionType": "git"
            },
            {
              "lessThan": "1ed9849fdf9a1a617129346b11d2094ca26828dc",
              "status": "affected",
              "version": "52e1635631b342803aecaf81a362c1464e3da2e5",
              "versionType": "git"
            },
            {
              "lessThan": "569c9d9ea6648d099187527b93982f406ddcebc0",
              "status": "affected",
              "version": "52e1635631b342803aecaf81a362c1464e3da2e5",
              "versionType": "git"
            },
            {
              "lessThan": "51ee2f7c30790799d0ec30c0ce0c743e58f046f2",
              "status": "affected",
              "version": "52e1635631b342803aecaf81a362c1464e3da2e5",
              "versionType": "git"
            },
            {
              "lessThan": "73e7c8ca6ad76f29b2c99c20845a6f3b203ff0c6",
              "status": "affected",
              "version": "52e1635631b342803aecaf81a362c1464e3da2e5",
              "versionType": "git"
            },
            {
              "lessThan": "6eed6d3cd19ff3cfa83aeceed86da14abaf7417b",
              "status": "affected",
              "version": "52e1635631b342803aecaf81a362c1464e3da2e5",
              "versionType": "git"
            },
            {
              "lessThan": "b86762dbe19a62e785c189f313cda5b989931f37",
              "status": "affected",
              "version": "52e1635631b342803aecaf81a362c1464e3da2e5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.17"
            },
            {
              "lessThan": "2.6.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL dereference in rt6_probe()\n\nsyzbot caught a NULL dereference in rt6_probe() [1]\n\nBail out if  __in6_dev_get() returns NULL.\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f]\nCPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline]\n RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758\nCode: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19\nRSP: 0018:ffffc900034af070 EFLAGS: 00010203\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000\nRDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c\nRBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a\nR13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000\nFS:  00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n  rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784\n  nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496\n  __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825\n  find_rr_leaf net/ipv6/route.c:853 [inline]\n  rt6_select net/ipv6/route.c:897 [inline]\n  fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195\n  ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231\n  pol_lookup_func include/net/ip6_fib.h:616 [inline]\n  fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121\n  ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline]\n  ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651\n  ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147\n  ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250\n  rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898\n  inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg net/socket.c:745 [inline]\n  sock_write_iter+0x4b8/0x5c0 net/socket.c:1160\n  new_sync_write fs/read_write.c:497 [inline]\n  vfs_write+0x6b6/0x1140 fs/read_write.c:590\n  ksys_write+0x1f8/0x260 fs/read_write.c:643\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:18:50.532Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f0cda984e4e634b221dbf9642b8ecc5b4806b41e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d66fc4826127c82f99c4033380f8e93833d331c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ed9849fdf9a1a617129346b11d2094ca26828dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/569c9d9ea6648d099187527b93982f406ddcebc0"
        },
        {
          "url": "https://git.kernel.org/stable/c/51ee2f7c30790799d0ec30c0ce0c743e58f046f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/73e7c8ca6ad76f29b2c99c20845a6f3b203ff0c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/6eed6d3cd19ff3cfa83aeceed86da14abaf7417b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b86762dbe19a62e785c189f313cda5b989931f37"
        }
      ],
      "title": "ipv6: prevent possible NULL dereference in rt6_probe()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40960",
    "datePublished": "2024-07-12T12:32:01.939Z",
    "dateReserved": "2024-07-12T12:17:45.594Z",
    "dateUpdated": "2025-05-04T09:18:50.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52489 (GCVE-0-2023-52489)

Vulnerability from cvelistv5

Published

2024-02-29 15:52

Modified

2025-05-04 07:37

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end pfn contains the device memory PFN's as well, the compaction triggered will try on the device memory PFN's too though they end up in NOP(because pfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When from other core, the section mappings are being removed for the ZONE_DEVICE region, that the PFN in question belongs to, on which compaction is currently being operated is resulting into the kernel crash with CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1]. compact_zone() memunmap_pages ------------- --------------- __pageblock_pfn_to_page ...... (a)pfn_valid(): valid_section()//return true (b)__remove_pages()-> sparse_remove_section()-> section_deactivate(): [Free the array ms->usage and set ms->usage = NULL] pfn_section_valid() [Access ms->usage which is NULL] NOTE: From the above it can be said that the race is reduced to between the pfn_valid()/pfn_section_valid() and the section deactivate with SPASEMEM_VMEMAP enabled. The commit b943f045a9af("mm/sparse: fix kernel crash with pfn_section_valid check") tried to address the same problem by clearing the SECTION_HAS_MEM_MAP with the expectation of valid_section() returns false thus ms->usage is not accessed. Fix this issue by the below steps: a) Clear SECTION_HAS_MEM_MAP before freeing the ->usage. b) RCU protected read side critical section will either return NULL when SECTION_HAS_MEM_MAP is cleared or can successfully access ->usage. c) Free the ->usage with kfree_rcu() and set ms->usage = NULL. No attempt will be made to access ->usage after this as the SECTION_HAS_MEM_MAP is cleared thus valid_section() return false. Thanks to David/Pavan for their inputs on this patch. [1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/ On Snapdragon SoC, with the mentioned memory configuration of PFN's as [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of issues daily while testing on a device farm. For this particular issue below is the log. Though the below log is not directly pointing to the pfn_section_valid(){ ms->usage;}, when we loaded this dump on T32 lauterbach tool, it is pointing. [ 540.578056] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 540.578068] Mem abort info: [ 540.578070] ESR = 0x0000000096000005 [ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits [ 540.578077] SET = 0, FnV = 0 [ 540.578080] EA = 0, S1PTW = 0 [ 540.578082] FSC = 0x05: level 1 translation fault [ 540.578085] Data abort info: [ 540.578086] ISV = 0, ISS = 0x00000005 [ 540.578088] CM = 0, WnR = 0 [ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--) [ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c [ 540.579454] lr : compact_zone+0x994/0x1058 [ 540.579460] sp : ffffffc03579b510 [ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c [ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640 [ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000 [ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140 [ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff [ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001 [ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440 [ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4 [ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000 ---truncated---

References

►

URL

Tags

	https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea
	https://git.kernel.org/stable/c/b448de2459b6d62a53892487ab18b7d823ff0529
	https://git.kernel.org/stable/c/68ed9e33324021e9d6b798e9db00ca3093d2012a
	https://git.kernel.org/stable/c/70064241f2229f7ba7b9599a98f68d9142e81a97
	https://git.kernel.org/stable/c/3a01daace71b521563c38bbbf874e14c3e58adb7
	https://git.kernel.org/stable/c/5ec8e8ea8b7783fab150cf86404fc38cb4db8800

Impacted products

Vendor

Product

Version

►

Linux

Version: f46edbd1b1516da1fb34c917775168d5df576f78
Version: f46edbd1b1516da1fb34c917775168d5df576f78
Version: f46edbd1b1516da1fb34c917775168d5df576f78
Version: f46edbd1b1516da1fb34c917775168d5df576f78
Version: f46edbd1b1516da1fb34c917775168d5df576f78
Version: f46edbd1b1516da1fb34c917775168d5df576f78

Linux

Version: 5.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T14:56:15.828991Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:22:46.560Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:20.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b448de2459b6d62a53892487ab18b7d823ff0529"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68ed9e33324021e9d6b798e9db00ca3093d2012a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/70064241f2229f7ba7b9599a98f68d9142e81a97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a01daace71b521563c38bbbf874e14c3e58adb7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ec8e8ea8b7783fab150cf86404fc38cb4db8800"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/mmzone.h",
            "mm/sparse.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "90ad17575d26874287271127d43ef3c2af876cea",
              "status": "affected",
              "version": "f46edbd1b1516da1fb34c917775168d5df576f78",
              "versionType": "git"
            },
            {
              "lessThan": "b448de2459b6d62a53892487ab18b7d823ff0529",
              "status": "affected",
              "version": "f46edbd1b1516da1fb34c917775168d5df576f78",
              "versionType": "git"
            },
            {
              "lessThan": "68ed9e33324021e9d6b798e9db00ca3093d2012a",
              "status": "affected",
              "version": "f46edbd1b1516da1fb34c917775168d5df576f78",
              "versionType": "git"
            },
            {
              "lessThan": "70064241f2229f7ba7b9599a98f68d9142e81a97",
              "status": "affected",
              "version": "f46edbd1b1516da1fb34c917775168d5df576f78",
              "versionType": "git"
            },
            {
              "lessThan": "3a01daace71b521563c38bbbf874e14c3e58adb7",
              "status": "affected",
              "version": "f46edbd1b1516da1fb34c917775168d5df576f78",
              "versionType": "git"
            },
            {
              "lessThan": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800",
              "status": "affected",
              "version": "f46edbd1b1516da1fb34c917775168d5df576f78",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/mmzone.h",
            "mm/sparse.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.76",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/sparsemem: fix race in accessing memory_section-\u003eusage\n\nThe below race is observed on a PFN which falls into the device memory\nregion with the system memory configuration where PFN\u0027s are such that\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL].  Since normal zone start and end\npfn contains the device memory PFN\u0027s as well, the compaction triggered\nwill try on the device memory PFN\u0027s too though they end up in NOP(because\npfn_to_online_page() returns NULL for ZONE_DEVICE memory sections).  When\nfrom other core, the section mappings are being removed for the\nZONE_DEVICE region, that the PFN in question belongs to, on which\ncompaction is currently being operated is resulting into the kernel crash\nwith CONFIG_SPASEMEM_VMEMAP enabled.  The crash logs can be seen at [1].\n\ncompact_zone()\t\t\tmemunmap_pages\n-------------\t\t\t---------------\n__pageblock_pfn_to_page\n   ......\n (a)pfn_valid():\n     valid_section()//return true\n\t\t\t      (b)__remove_pages()-\u003e\n\t\t\t\t  sparse_remove_section()-\u003e\n\t\t\t\t    section_deactivate():\n\t\t\t\t    [Free the array ms-\u003eusage and set\n\t\t\t\t     ms-\u003eusage = NULL]\n     pfn_section_valid()\n     [Access ms-\u003eusage which\n     is NULL]\n\nNOTE: From the above it can be said that the race is reduced to between\nthe pfn_valid()/pfn_section_valid() and the section deactivate with\nSPASEMEM_VMEMAP enabled.\n\nThe commit b943f045a9af(\"mm/sparse: fix kernel crash with\npfn_section_valid check\") tried to address the same problem by clearing\nthe SECTION_HAS_MEM_MAP with the expectation of valid_section() returns\nfalse thus ms-\u003eusage is not accessed.\n\nFix this issue by the below steps:\n\na) Clear SECTION_HAS_MEM_MAP before freeing the -\u003eusage.\n\nb) RCU protected read side critical section will either return NULL\n   when SECTION_HAS_MEM_MAP is cleared or can successfully access -\u003eusage.\n\nc) Free the -\u003eusage with kfree_rcu() and set ms-\u003eusage = NULL.  No\n   attempt will be made to access -\u003eusage after this as the\n   SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.\n\nThanks to David/Pavan for their inputs on this patch.\n\n[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/\n\nOn Snapdragon SoC, with the mentioned memory configuration of PFN\u0027s as\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of\nissues daily while testing on a device farm.\n\nFor this particular issue below is the log.  Though the below log is\nnot directly pointing to the pfn_section_valid(){ ms-\u003eusage;}, when we\nloaded this dump on T32 lauterbach tool, it is pointing.\n\n[  540.578056] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\n[  540.578068] Mem abort info:\n[  540.578070]   ESR = 0x0000000096000005\n[  540.578073]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  540.578077]   SET = 0, FnV = 0\n[  540.578080]   EA = 0, S1PTW = 0\n[  540.578082]   FSC = 0x05: level 1 translation fault\n[  540.578085] Data abort info:\n[  540.578086]   ISV = 0, ISS = 0x00000005\n[  540.578088]   CM = 0, WnR = 0\n[  540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)\n[  540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c\n[  540.579454] lr : compact_zone+0x994/0x1058\n[  540.579460] sp : ffffffc03579b510\n[  540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c\n[  540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640\n[  540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000\n[  540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140\n[  540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff\n[  540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001\n[  540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440\n[  540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4\n[  540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:37:51.825Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea"
        },
        {
          "url": "https://git.kernel.org/stable/c/b448de2459b6d62a53892487ab18b7d823ff0529"
        },
        {
          "url": "https://git.kernel.org/stable/c/68ed9e33324021e9d6b798e9db00ca3093d2012a"
        },
        {
          "url": "https://git.kernel.org/stable/c/70064241f2229f7ba7b9599a98f68d9142e81a97"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a01daace71b521563c38bbbf874e14c3e58adb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ec8e8ea8b7783fab150cf86404fc38cb4db8800"
        }
      ],
      "title": "mm/sparsemem: fix race in accessing memory_section-\u003eusage",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52489",
    "datePublished": "2024-02-29T15:52:08.718Z",
    "dateReserved": "2024-02-20T12:30:33.302Z",
    "dateUpdated": "2025-05-04T07:37:51.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1252 (GCVE-0-2023-1252)

Vulnerability from cvelistv5

Published

2023-03-23 00:00

Modified

2025-04-23 16:23

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416

Summary

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.

References

►

URL

Tags

	https://lore.kernel.org/lkml/20211115165433.449951285%40linuxfoundation.org/
	https://security.netapp.com/advisory/ntap-20230505-0005/

Impacted products

	Vendor	Product	Version
	n/a	Kernel	Version: Linux kernel 5.16-rc1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:40:59.849Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/lkml/20211115165433.449951285%40linuxfoundation.org/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230505-0005/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-1252",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:28:47.799798Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:23:30.792Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel 5.16-rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free flaw was found in the Linux kernel\u2019s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 (\"ovl: fix use after free in struct ovl_aio_req\") not applied yet, the kernel could be affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-05T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://lore.kernel.org/lkml/20211115165433.449951285%40linuxfoundation.org/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230505-0005/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-1252",
    "datePublished": "2023-03-23T00:00:00.000Z",
    "dateReserved": "2023-03-07T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:23:30.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-47384 (GCVE-0-2021-47384)

Vulnerability from cvelistv5

Published

2024-05-21 15:03

Modified

2025-06-19 12:56

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field If driver read tmp value sufficient for (tmp & 0x08) && (!(tmp & 0x80)) && ((tmp & 0x7) == ((tmp >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients(). The patch fixes possible NULL pointer dereference by removing lm75[]. Found by Linux Driver Verification project (linuxtesting.org). [groeck: Dropped unnecessary continuation lines, fixed multi-line alignments]

References

►

URL

Tags

	https://git.kernel.org/stable/c/6cb01fe630eaffc5a2c3f7364436caddba286623
	https://git.kernel.org/stable/c/7c4fd5de39f273626a2b0f3a446d2cc85cd47616
	https://git.kernel.org/stable/c/746011193f44f97f8784edcf8327c587946745fc
	https://git.kernel.org/stable/c/dd4d747ef05addab887dc8ff0d6ab9860bbcd783

Impacted products

Vendor

Product

Version

►

Linux

Version: cf48d17623281c2b3185030ed23f148bd47e15de
Version: cf48d17623281c2b3185030ed23f148bd47e15de
Version: cf48d17623281c2b3185030ed23f148bd47e15de
Version: cf48d17623281c2b3185030ed23f148bd47e15de

Linux

Version: 5.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47384",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T18:21:42.087450Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T18:44:47.091Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6cb01fe630eaffc5a2c3f7364436caddba286623"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7c4fd5de39f273626a2b0f3a446d2cc85cd47616"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/746011193f44f97f8784edcf8327c587946745fc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd4d747ef05addab887dc8ff0d6ab9860bbcd783"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hwmon/w83793.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6cb01fe630eaffc5a2c3f7364436caddba286623",
              "status": "affected",
              "version": "cf48d17623281c2b3185030ed23f148bd47e15de",
              "versionType": "git"
            },
            {
              "lessThan": "7c4fd5de39f273626a2b0f3a446d2cc85cd47616",
              "status": "affected",
              "version": "cf48d17623281c2b3185030ed23f148bd47e15de",
              "versionType": "git"
            },
            {
              "lessThan": "746011193f44f97f8784edcf8327c587946745fc",
              "status": "affected",
              "version": "cf48d17623281c2b3185030ed23f148bd47e15de",
              "versionType": "git"
            },
            {
              "lessThan": "dd4d747ef05addab887dc8ff0d6ab9860bbcd783",
              "status": "affected",
              "version": "cf48d17623281c2b3185030ed23f148bd47e15de",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hwmon/w83793.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.71",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.14.*",
              "status": "unaffected",
              "version": "5.14.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.151",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.71",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.14.10",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field\n\nIf driver read tmp value sufficient for\n(tmp \u0026 0x08) \u0026\u0026 (!(tmp \u0026 0x80)) \u0026\u0026 ((tmp \u0026 0x7) == ((tmp \u003e\u003e 4) \u0026 0x7))\nfrom device then Null pointer dereference occurs.\n(It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers)\nAlso lm75[] does not serve a purpose anymore after switching to\ndevm_i2c_new_dummy_device() in w83791d_detect_subclients().\n\nThe patch fixes possible NULL pointer dereference by removing lm75[].\n\nFound by Linux Driver Verification project (linuxtesting.org).\n\n[groeck: Dropped unnecessary continuation lines, fixed multi-line alignments]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:56:03.919Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6cb01fe630eaffc5a2c3f7364436caddba286623"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c4fd5de39f273626a2b0f3a446d2cc85cd47616"
        },
        {
          "url": "https://git.kernel.org/stable/c/746011193f44f97f8784edcf8327c587946745fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd4d747ef05addab887dc8ff0d6ab9860bbcd783"
        }
      ],
      "title": "hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47384",
    "datePublished": "2024-05-21T15:03:44.955Z",
    "dateReserved": "2024-05-21T14:58:30.812Z",
    "dateUpdated": "2025-06-19T12:56:03.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2024:8614

Vulnerability from csaf_redhat

CVE-2024-26826 (GCVE-0-2024-26826)

Vulnerability from cvelistv5

CVE-2024-40998 (GCVE-0-2024-40998)

Vulnerability from cvelistv5

CVE-2024-41055 (GCVE-0-2024-41055)

Vulnerability from cvelistv5

CVE-2024-26686 (GCVE-0-2024-26686)

Vulnerability from cvelistv5

CVE-2024-36889 (GCVE-0-2024-36889)

Vulnerability from cvelistv5

CVE-2024-2201 (GCVE-0-2024-2201)

Vulnerability from cvelistv5

CVE-2024-26961 (GCVE-0-2024-26961)

Vulnerability from cvelistv5

CVE-2024-41049 (GCVE-0-2024-41049)

Vulnerability from cvelistv5

CVE-2024-26671 (GCVE-0-2024-26671)

Vulnerability from cvelistv5

CVE-2024-42152 (GCVE-0-2024-42152)

Vulnerability from cvelistv5

CVE-2024-40960 (GCVE-0-2024-40960)

Vulnerability from cvelistv5

CVE-2023-52489 (GCVE-0-2023-52489)

Vulnerability from cvelistv5

CVE-2023-1252 (GCVE-0-2023-1252)

Vulnerability from cvelistv5

CVE-2021-47384 (GCVE-0-2021-47384)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature