VIR Vulnerability Intelligence Relay

CVE-2024-26643

medium
Published 2024-05-23 · Modified 2024-06-05
💬 Discuss on Community ✚ Propose mitigation
CVSS v3
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS v4 NEW
not yet in upstream
VIR risk
5.5

Description

RHSA-2024:3627: kernel-rt security and bug fix update (Moderate)

Predictions

Exploit likelihood
55%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Red Hat statement Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible. CVSS v3: 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases…

Workaround

exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

Description

kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout

Red Hat statement

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

CVSS v3: 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10RHSA-2024:36272024-06-05T00:00:00Z
Red Hat Enterprise Linux 8kernel-0:4.18.0-553.5.1.el8_10RHSA-2024:36182024-06-05T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-427.18.1.el9_4RHSA-2024:33062024-05-23T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-427.18.1.el9_4RHSA-2024:33062024-05-23T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Supportkernel-0:5.14.0-284.67.1.el9_2RHSA-2024:34612024-05-29T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Supportkernel-rt-0:5.14.0-284.67.1.rt14.352.el9_2RHSA-2024:34602024-05-29T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 9kernel-rtAffected

Apply commands

bash fix
Apply RHSA-2024:3627 for Red Hat Enterprise Linux 8
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 6Not affected
redhatRed Hat Enterprise Linux 9Affected

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
rockylinux rocky8fixed
suse slesaffected
debian debianbookwormfixed6.1.85-1
debian debianbullseyefixed5.10.216-1
debian debianforkyfixed6.7.12-1
debian debiansidfixed6.7.12-1
debian debiantrixiefixed6.7.12-1
linux linux-kernelaffected5.4.274
debian debian10.0affected
almalinux almalinux8fixedkernel-abi-stablelists-4.18.0-553.5.1.el8_10.noarch.rpm
almalinux almalinux9fixedrv-5.14.0-427.18.1.el9_4.aarch64.rpm
redhat rhel8fixed

References

CWEs

CWE-667

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.