Vulnerability-Lookup

RHSA-2024:9943

Vulnerability from csaf_redhat - Published: 2024-11-19 00:46 - Updated: 2026-03-18 02:47

Summary

Red Hat Security Advisory: kernel-rt security update

Notes

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671) * kernel: iommu: Fix potential use-after-free during probe (CVE-2022-48796) * kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671)\n\n* kernel: iommu: Fix potential use-after-free during probe (CVE-2022-48796)\n\n* kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:9943",
        "url": "https://access.redhat.com/errata/RHSA-2024:9943"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2272811",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272811"
      },
      {
        "category": "external",
        "summary": "2298132",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298132"
      },
      {
        "category": "external",
        "summary": "2315210",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315210"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9943.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security update",
    "tracking": {
      "current_release_date": "2026-03-18T02:47:00+00:00",
      "generator": {
        "date": "2026-03-18T02:47:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2024:9943",
      "initial_release_date": "2024-11-19T00:46:19+00:00",
      "revision_history": [
        {
          "date": "2024-11-19T00:46:19+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-11-19T00:46:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T02:47:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                "product": {
                  "name": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                  "product_id": "NFV-9.0.0.Z.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                "product": {
                  "name": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                  "product_id": "RT-9.0.0.Z.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_e4s:9.0::realtime"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
                "product": {
                  "name": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
                  "product_id": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@5.14.0-70.121.1.rt21.193.el9_0?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-core@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-core@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-kvm@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@5.14.0-70.121.1.rt21.193.el9_0?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src"
        },
        "product_reference": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src"
        },
        "product_reference": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-48796",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2024-07-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2298132"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the Linux kernel\u0027s IOMMU driver, where the dev_iommu_free function can lead to a use-after-free error. This occurs when a device probe fails while simultaneously accessing dev-\u003eiommu-\u003efwspec in the of_iommu_configure path. As a result, this vulnerability can potentially cause system instability or crashes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: iommu: Fix potential use-after-free during probe",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
          "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
          "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-48796"
        },
        {
          "category": "external",
          "summary": "RHBZ#2298132",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298132"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-48796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-48796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48796"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024071642-CVE-2022-48796-8474@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024071642-CVE-2022-48796-8474@gregkh/T"
        }
      ],
      "release_date": "2024-07-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-19T00:46:19+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:9943"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: iommu: Fix potential use-after-free during probe"
    },
    {
      "cve": "CVE-2024-26671",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "discovery_date": "2024-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272811"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A possible IO hang from sbitmap wakeup race was found in the Linux kernel. This may lead to compromised Availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: blk-mq: fix IO hang from sbitmap wakeup race",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is fixed in RHEL-9.4 and above (including RHEL 8.10)\n~~~\na7f97b4cae32 (in rhel-9.4, rhel-9.5) blk-mq: fix IO hang from sbitmap wakeup race \n098ab94a5112 (in rhel-8.10) blk-mq: fix IO hang from sbitmap wakeup race\n~~~\n\nPlease note that while RHEL-9 kernel-rt still appears as affected, it has been fixed in the same RHSA as RHEL-9 kernel. This is because from RHEL-9.3 onwards, the kernel and kernel-rt fixes are bundled together in a single errata.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
          "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
          "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-26671"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272811",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272811"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-26671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26671"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26671",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26671"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024040219-CVE-2024-26671-2543@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024040219-CVE-2024-26671-2543@gregkh/T"
        }
      ],
      "release_date": "2024-04-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-19T00:46:19+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:9943"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: blk-mq: fix IO hang from sbitmap wakeup race"
    },
    {
      "cve": "CVE-2024-46858",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2024-09-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2315210"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free flaw was found in the Linux kernel\u2019s Multipath TCP (MPTCP) subsystem. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: mptcp: pm: Fix uaf in __timer_delete_sync",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Actual only for latest version of Red Hat Enterprise Linux 9 and latest version of Red Hat Enterprise Linux 8.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
          "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
          "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-46858"
        },
        {
          "category": "external",
          "summary": "RHBZ#2315210",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315210"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-46858",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-46858",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46858"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T"
        }
      ],
      "release_date": "2024-09-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-19T00:46:19+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:9943"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.src",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.121.1.rt21.193.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: mptcp: pm: Fix uaf in __timer_delete_sync"
    }
  ]
}

CVE-2022-48796 (GCVE-0-2022-48796)

Vulnerability from cvelistv5 – Published: 2024-07-16 11:43 – Updated: 2025-05-21 08:43

Title

iommu: Fix potential use-after-free during probe

Summary

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential use-after-free during probe Kasan has reported the following use after free on dev->iommu. when a device probe fails and it is in process of freeing dev->iommu in dev_iommu_free function, a deferred_probe_work_func runs in parallel and tries to access dev->iommu->fwspec in of_iommu_configure path thus causing use after free. BUG: KASAN: use-after-free in of_iommu_configure+0xb4/0x4a4 Read of size 8 at addr ffffff87a2f1acb8 by task kworker/u16:2/153 Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace+0x0/0x33c show_stack+0x18/0x24 dump_stack_lvl+0x16c/0x1e0 print_address_description+0x84/0x39c __kasan_report+0x184/0x308 kasan_report+0x50/0x78 __asan_load8+0xc0/0xc4 of_iommu_configure+0xb4/0x4a4 of_dma_configure_id+0x2fc/0x4d4 platform_dma_configure+0x40/0x5c really_probe+0x1b4/0xb74 driver_probe_device+0x11c/0x228 __device_attach_driver+0x14c/0x304 bus_for_each_drv+0x124/0x1b0 __device_attach+0x25c/0x334 device_initial_probe+0x24/0x34 bus_probe_device+0x78/0x134 deferred_probe_work_func+0x130/0x1a8 process_one_work+0x4c8/0x970 worker_thread+0x5c8/0xaec kthread+0x1f8/0x220 ret_from_fork+0x10/0x18 Allocated by task 1: ____kasan_kmalloc+0xd4/0x114 __kasan_kmalloc+0x10/0x1c kmem_cache_alloc_trace+0xe4/0x3d4 __iommu_probe_device+0x90/0x394 probe_iommu_group+0x70/0x9c bus_for_each_dev+0x11c/0x19c bus_iommu_probe+0xb8/0x7d4 bus_set_iommu+0xcc/0x13c arm_smmu_bus_init+0x44/0x130 [arm_smmu] arm_smmu_device_probe+0xb88/0xc54 [arm_smmu] platform_drv_probe+0xe4/0x13c really_probe+0x2c8/0xb74 driver_probe_device+0x11c/0x228 device_driver_attach+0xf0/0x16c __driver_attach+0x80/0x320 bus_for_each_dev+0x11c/0x19c driver_attach+0x38/0x48 bus_add_driver+0x1dc/0x3a4 driver_register+0x18c/0x244 __platform_driver_register+0x88/0x9c init_module+0x64/0xff4 [arm_smmu] do_one_initcall+0x17c/0x2f0 do_init_module+0xe8/0x378 load_module+0x3f80/0x4a40 __se_sys_finit_module+0x1a0/0x1e4 __arm64_sys_finit_module+0x44/0x58 el0_svc_common+0x100/0x264 do_el0_svc+0x38/0xa4 el0_svc+0x20/0x30 el0_sync_handler+0x68/0xac el0_sync+0x160/0x180 Freed by task 1: kasan_set_track+0x4c/0x84 kasan_set_free_info+0x28/0x4c ____kasan_slab_free+0x120/0x15c __kasan_slab_free+0x18/0x28 slab_free_freelist_hook+0x204/0x2fc kfree+0xfc/0x3a4 __iommu_probe_device+0x284/0x394 probe_iommu_group+0x70/0x9c bus_for_each_dev+0x11c/0x19c bus_iommu_probe+0xb8/0x7d4 bus_set_iommu+0xcc/0x13c arm_smmu_bus_init+0x44/0x130 [arm_smmu] arm_smmu_device_probe+0xb88/0xc54 [arm_smmu] platform_drv_probe+0xe4/0x13c really_probe+0x2c8/0xb74 driver_probe_device+0x11c/0x228 device_driver_attach+0xf0/0x16c __driver_attach+0x80/0x320 bus_for_each_dev+0x11c/0x19c driver_attach+0x38/0x48 bus_add_driver+0x1dc/0x3a4 driver_register+0x18c/0x244 __platform_driver_register+0x88/0x9c init_module+0x64/0xff4 [arm_smmu] do_one_initcall+0x17c/0x2f0 do_init_module+0xe8/0x378 load_module+0x3f80/0x4a40 __se_sys_finit_module+0x1a0/0x1e4 __arm64_sys_finit_module+0x44/0x58 el0_svc_common+0x100/0x264 do_el0_svc+0x38/0xa4 el0_svc+0x20/0x30 el0_sync_handler+0x68/0xac el0_sync+0x160/0x180 Fix this by setting dev->iommu to NULL first and then freeing dev_iommu structure in dev_iommu_free function.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cb86e511e78e796de…
	https://git.kernel.org/stable/c/65ab30f6a6952fa9e…
	https://git.kernel.org/stable/c/f74fc4b5bd533ea3d…
	https://git.kernel.org/stable/c/b54240ad494300ff0…

Impacted products

Vendor

Product

Version

Linux

Affected: 0c830e6b32826311fc2b9ea1f4679be0f4ef0933 , < cb86e511e78e796de6947b8f3acca1b7c76fb2ff (git)
Affected: 0c830e6b32826311fc2b9ea1f4679be0f4ef0933 , < 65ab30f6a6952fa9ee13009862736cf8d110e6e5 (git)
Affected: 0c830e6b32826311fc2b9ea1f4679be0f4ef0933 , < f74fc4b5bd533ea3d30ce47cccb8ef8d21fda85a (git)
Affected: 0c830e6b32826311fc2b9ea1f4679be0f4ef0933 , < b54240ad494300ff0994c4539a531727874381f4 (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.10.101 , ≤ 5.10.* (semver)
Unaffected: 5.15.24 , ≤ 5.15.* (semver)
Unaffected: 5.16.10 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.525Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb86e511e78e796de6947b8f3acca1b7c76fb2ff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/65ab30f6a6952fa9ee13009862736cf8d110e6e5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f74fc4b5bd533ea3d30ce47cccb8ef8d21fda85a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b54240ad494300ff0994c4539a531727874381f4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:59:19.404709Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:14.954Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/iommu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cb86e511e78e796de6947b8f3acca1b7c76fb2ff",
              "status": "affected",
              "version": "0c830e6b32826311fc2b9ea1f4679be0f4ef0933",
              "versionType": "git"
            },
            {
              "lessThan": "65ab30f6a6952fa9ee13009862736cf8d110e6e5",
              "status": "affected",
              "version": "0c830e6b32826311fc2b9ea1f4679be0f4ef0933",
              "versionType": "git"
            },
            {
              "lessThan": "f74fc4b5bd533ea3d30ce47cccb8ef8d21fda85a",
              "status": "affected",
              "version": "0c830e6b32826311fc2b9ea1f4679be0f4ef0933",
              "versionType": "git"
            },
            {
              "lessThan": "b54240ad494300ff0994c4539a531727874381f4",
              "status": "affected",
              "version": "0c830e6b32826311fc2b9ea1f4679be0f4ef0933",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/iommu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.101",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.24",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.10",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Fix potential use-after-free during probe\n\nKasan has reported the following use after free on dev-\u003eiommu.\nwhen a device probe fails and it is in process of freeing dev-\u003eiommu\nin dev_iommu_free function, a deferred_probe_work_func runs in parallel\nand tries to access dev-\u003eiommu-\u003efwspec in of_iommu_configure path thus\ncausing use after free.\n\nBUG: KASAN: use-after-free in of_iommu_configure+0xb4/0x4a4\nRead of size 8 at addr ffffff87a2f1acb8 by task kworker/u16:2/153\n\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n dump_backtrace+0x0/0x33c\n show_stack+0x18/0x24\n dump_stack_lvl+0x16c/0x1e0\n print_address_description+0x84/0x39c\n __kasan_report+0x184/0x308\n kasan_report+0x50/0x78\n __asan_load8+0xc0/0xc4\n of_iommu_configure+0xb4/0x4a4\n of_dma_configure_id+0x2fc/0x4d4\n platform_dma_configure+0x40/0x5c\n really_probe+0x1b4/0xb74\n driver_probe_device+0x11c/0x228\n __device_attach_driver+0x14c/0x304\n bus_for_each_drv+0x124/0x1b0\n __device_attach+0x25c/0x334\n device_initial_probe+0x24/0x34\n bus_probe_device+0x78/0x134\n deferred_probe_work_func+0x130/0x1a8\n process_one_work+0x4c8/0x970\n worker_thread+0x5c8/0xaec\n kthread+0x1f8/0x220\n ret_from_fork+0x10/0x18\n\nAllocated by task 1:\n ____kasan_kmalloc+0xd4/0x114\n __kasan_kmalloc+0x10/0x1c\n kmem_cache_alloc_trace+0xe4/0x3d4\n __iommu_probe_device+0x90/0x394\n probe_iommu_group+0x70/0x9c\n bus_for_each_dev+0x11c/0x19c\n bus_iommu_probe+0xb8/0x7d4\n bus_set_iommu+0xcc/0x13c\n arm_smmu_bus_init+0x44/0x130 [arm_smmu]\n arm_smmu_device_probe+0xb88/0xc54 [arm_smmu]\n platform_drv_probe+0xe4/0x13c\n really_probe+0x2c8/0xb74\n driver_probe_device+0x11c/0x228\n device_driver_attach+0xf0/0x16c\n __driver_attach+0x80/0x320\n bus_for_each_dev+0x11c/0x19c\n driver_attach+0x38/0x48\n bus_add_driver+0x1dc/0x3a4\n driver_register+0x18c/0x244\n __platform_driver_register+0x88/0x9c\n init_module+0x64/0xff4 [arm_smmu]\n do_one_initcall+0x17c/0x2f0\n do_init_module+0xe8/0x378\n load_module+0x3f80/0x4a40\n __se_sys_finit_module+0x1a0/0x1e4\n __arm64_sys_finit_module+0x44/0x58\n el0_svc_common+0x100/0x264\n do_el0_svc+0x38/0xa4\n el0_svc+0x20/0x30\n el0_sync_handler+0x68/0xac\n el0_sync+0x160/0x180\n\nFreed by task 1:\n kasan_set_track+0x4c/0x84\n kasan_set_free_info+0x28/0x4c\n ____kasan_slab_free+0x120/0x15c\n __kasan_slab_free+0x18/0x28\n slab_free_freelist_hook+0x204/0x2fc\n kfree+0xfc/0x3a4\n __iommu_probe_device+0x284/0x394\n probe_iommu_group+0x70/0x9c\n bus_for_each_dev+0x11c/0x19c\n bus_iommu_probe+0xb8/0x7d4\n bus_set_iommu+0xcc/0x13c\n arm_smmu_bus_init+0x44/0x130 [arm_smmu]\n arm_smmu_device_probe+0xb88/0xc54 [arm_smmu]\n platform_drv_probe+0xe4/0x13c\n really_probe+0x2c8/0xb74\n driver_probe_device+0x11c/0x228\n device_driver_attach+0xf0/0x16c\n __driver_attach+0x80/0x320\n bus_for_each_dev+0x11c/0x19c\n driver_attach+0x38/0x48\n bus_add_driver+0x1dc/0x3a4\n driver_register+0x18c/0x244\n __platform_driver_register+0x88/0x9c\n init_module+0x64/0xff4 [arm_smmu]\n do_one_initcall+0x17c/0x2f0\n do_init_module+0xe8/0x378\n load_module+0x3f80/0x4a40\n __se_sys_finit_module+0x1a0/0x1e4\n __arm64_sys_finit_module+0x44/0x58\n el0_svc_common+0x100/0x264\n do_el0_svc+0x38/0xa4\n el0_svc+0x20/0x30\n el0_sync_handler+0x68/0xac\n el0_sync+0x160/0x180\n\nFix this by setting dev-\u003eiommu to NULL first and\nthen freeing dev_iommu structure in dev_iommu_free\nfunction."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T08:43:57.695Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cb86e511e78e796de6947b8f3acca1b7c76fb2ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/65ab30f6a6952fa9ee13009862736cf8d110e6e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/f74fc4b5bd533ea3d30ce47cccb8ef8d21fda85a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b54240ad494300ff0994c4539a531727874381f4"
        }
      ],
      "title": "iommu: Fix potential use-after-free during probe",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48796",
    "datePublished": "2024-07-16T11:43:50.796Z",
    "dateReserved": "2024-07-16T11:38:08.895Z",
    "dateUpdated": "2025-05-21T08:43:57.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26671 (GCVE-0-2024-26671)

Vulnerability from cvelistv5 – Published: 2024-04-02 06:49 – Updated: 2026-01-05 10:34

Title

blk-mq: fix IO hang from sbitmap wakeup race

Summary

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_queue_wake_up(), waitqueue_active() may not observe the added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime blk_mq_mark_tag_wait() can't get driver tag successfully. This issue can be reproduced by running the following test in loop, and fio hang can be observed in < 30min when running it on my test VM in laptop. modprobe -r scsi_debug modprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4 dev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename` fio --filename=/dev/"$dev" --direct=1 --rw=randrw --bs=4k --iodepth=1 \ --runtime=100 --numjobs=40 --time_based --name=test \ --ioengine=libaio Fix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which is just fine in case of running out of tag.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9525b38180e2753f0…
	https://git.kernel.org/stable/c/ecd7744a1446eb02c…
	https://git.kernel.org/stable/c/7610ba1319253225a…
	https://git.kernel.org/stable/c/89e0e66682e1538ae…
	https://git.kernel.org/stable/c/1d9c777d3e70bdc57…
	https://git.kernel.org/stable/c/6d8b01624a2540336…
	https://git.kernel.org/stable/c/f1bc0d8163f8ee84a…
	https://git.kernel.org/stable/c/5266caaf5660529e3…

Impacted products

Vendor

Product

Version

Linux

Affected: da55f2cc78418dee88400aafbbaed19d7ac8188e , < 9525b38180e2753f0daa1a522b7767a2aa969676 (git)
Affected: da55f2cc78418dee88400aafbbaed19d7ac8188e , < ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10 (git)
Affected: da55f2cc78418dee88400aafbbaed19d7ac8188e , < 7610ba1319253225a9ba8a9d28d472fc883b4e2f (git)
Affected: da55f2cc78418dee88400aafbbaed19d7ac8188e , < 89e0e66682e1538aeeaa3109503473663cd24c8b (git)
Affected: da55f2cc78418dee88400aafbbaed19d7ac8188e , < 1d9c777d3e70bdc57dddf7a14a80059d65919e56 (git)
Affected: da55f2cc78418dee88400aafbbaed19d7ac8188e , < 6d8b01624a2540336a32be91f25187a433af53a0 (git)
Affected: da55f2cc78418dee88400aafbbaed19d7ac8188e , < f1bc0d8163f8ee84a8d5affdf624cfad657df1d2 (git)
Affected: da55f2cc78418dee88400aafbbaed19d7ac8188e , < 5266caaf5660529e3da53004b8b7174cab6374ed (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26671",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:53:32.693372Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:37.992Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/blk-mq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9525b38180e2753f0daa1a522b7767a2aa969676",
              "status": "affected",
              "version": "da55f2cc78418dee88400aafbbaed19d7ac8188e",
              "versionType": "git"
            },
            {
              "lessThan": "ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10",
              "status": "affected",
              "version": "da55f2cc78418dee88400aafbbaed19d7ac8188e",
              "versionType": "git"
            },
            {
              "lessThan": "7610ba1319253225a9ba8a9d28d472fc883b4e2f",
              "status": "affected",
              "version": "da55f2cc78418dee88400aafbbaed19d7ac8188e",
              "versionType": "git"
            },
            {
              "lessThan": "89e0e66682e1538aeeaa3109503473663cd24c8b",
              "status": "affected",
              "version": "da55f2cc78418dee88400aafbbaed19d7ac8188e",
              "versionType": "git"
            },
            {
              "lessThan": "1d9c777d3e70bdc57dddf7a14a80059d65919e56",
              "status": "affected",
              "version": "da55f2cc78418dee88400aafbbaed19d7ac8188e",
              "versionType": "git"
            },
            {
              "lessThan": "6d8b01624a2540336a32be91f25187a433af53a0",
              "status": "affected",
              "version": "da55f2cc78418dee88400aafbbaed19d7ac8188e",
              "versionType": "git"
            },
            {
              "lessThan": "f1bc0d8163f8ee84a8d5affdf624cfad657df1d2",
              "status": "affected",
              "version": "da55f2cc78418dee88400aafbbaed19d7ac8188e",
              "versionType": "git"
            },
            {
              "lessThan": "5266caaf5660529e3da53004b8b7174cab6374ed",
              "status": "affected",
              "version": "da55f2cc78418dee88400aafbbaed19d7ac8188e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/blk-mq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix IO hang from sbitmap wakeup race\n\nIn blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered\nwith the following blk_mq_get_driver_tag() in case of getting driver\ntag failure.\n\nThen in __sbitmap_queue_wake_up(), waitqueue_active() may not observe\nthe added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime\nblk_mq_mark_tag_wait() can\u0027t get driver tag successfully.\n\nThis issue can be reproduced by running the following test in loop, and\nfio hang can be observed in \u003c 30min when running it on my test VM\nin laptop.\n\n\tmodprobe -r scsi_debug\n\tmodprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4\n\tdev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename`\n\tfio --filename=/dev/\"$dev\" --direct=1 --rw=randrw --bs=4k --iodepth=1 \\\n       \t\t--runtime=100 --numjobs=40 --time_based --name=test \\\n        \t--ioengine=libaio\n\nFix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which\nis just fine in case of running out of tag."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:13.085Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676"
        },
        {
          "url": "https://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10"
        },
        {
          "url": "https://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed"
        }
      ],
      "title": "blk-mq: fix IO hang from sbitmap wakeup race",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26671",
    "datePublished": "2024-04-02T06:49:13.834Z",
    "dateReserved": "2024-02-19T14:20:24.150Z",
    "dateUpdated": "2026-01-05T10:34:13.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46858 (GCVE-0-2024-46858)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:42 – Updated: 2025-12-24 13:21

Title

mptcp: pm: Fix uaf in __timer_delete_sync

Summary

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action napi_poll netlink_sendmsg __napi_poll netlink_unicast process_backlog netlink_unicast_kernel __netif_receive_skb genl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOK genl_rcv_msg ip_local_deliver_finish genl_family_rcv_msg ip_protocol_deliver_rcu genl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcv mptcp_nl_remove_addrs_list tcp_rcv_established mptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_list_by_saddr mptcp_incoming_options mptcp_pm_del_add_timer mptcp_pm_del_add_timer kfree(entry) In remove_anno_list_by_saddr(running on CPU2), after leaving the critical zone protected by "pm.lock", the entry will be released, which leads to the occurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1). Keeping a reference to add_timer inside the lock, and calling sk_stop_timer_sync() with this reference, instead of "entry->add_timer". Move list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock, do not directly access any members of the entry outside the pm lock, which can avoid similar "entry->x" uaf.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0e7814b028cd50b3f…
	https://git.kernel.org/stable/c/3554482f4691571fc…
	https://git.kernel.org/stable/c/67409b358500c7163…
	https://git.kernel.org/stable/c/6452b162549c7f9ef…
	https://git.kernel.org/stable/c/12134a652b0a10064…
	https://git.kernel.org/stable/c/b4cd80b0338945a94…

Impacted products

Vendor

Product

Version

Linux

Affected: 00cfd77b9063dcdf3628a7087faba60de85a9cc8 , < 0e7814b028cd50b3ff79659d23dfa9da6a1e75e1 (git)
Affected: 00cfd77b9063dcdf3628a7087faba60de85a9cc8 , < 3554482f4691571fc4b5490c17ae26896e62171c (git)
Affected: 00cfd77b9063dcdf3628a7087faba60de85a9cc8 , < 67409b358500c71632116356a0b065f112d7b707 (git)
Affected: 00cfd77b9063dcdf3628a7087faba60de85a9cc8 , < 6452b162549c7f9ef54655d3fb9977b9192e6e5b (git)
Affected: 00cfd77b9063dcdf3628a7087faba60de85a9cc8 , < 12134a652b0a10064844ea235173e70246eba6dc (git)
Affected: 00cfd77b9063dcdf3628a7087faba60de85a9cc8 , < b4cd80b0338945a94972ac3ed54f8338d2da2076 (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.111 , ≤ 6.1.* (semver)
Unaffected: 6.6.52 , ≤ 6.6.* (semver)
Unaffected: 6.10.11 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46858",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T13:57:46.692938Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T13:57:52.178Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:19:44.734Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/pm_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0e7814b028cd50b3ff79659d23dfa9da6a1e75e1",
              "status": "affected",
              "version": "00cfd77b9063dcdf3628a7087faba60de85a9cc8",
              "versionType": "git"
            },
            {
              "lessThan": "3554482f4691571fc4b5490c17ae26896e62171c",
              "status": "affected",
              "version": "00cfd77b9063dcdf3628a7087faba60de85a9cc8",
              "versionType": "git"
            },
            {
              "lessThan": "67409b358500c71632116356a0b065f112d7b707",
              "status": "affected",
              "version": "00cfd77b9063dcdf3628a7087faba60de85a9cc8",
              "versionType": "git"
            },
            {
              "lessThan": "6452b162549c7f9ef54655d3fb9977b9192e6e5b",
              "status": "affected",
              "version": "00cfd77b9063dcdf3628a7087faba60de85a9cc8",
              "versionType": "git"
            },
            {
              "lessThan": "12134a652b0a10064844ea235173e70246eba6dc",
              "status": "affected",
              "version": "00cfd77b9063dcdf3628a7087faba60de85a9cc8",
              "versionType": "git"
            },
            {
              "lessThan": "b4cd80b0338945a94972ac3ed54f8338d2da2076",
              "status": "affected",
              "version": "00cfd77b9063dcdf3628a7087faba60de85a9cc8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/pm_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.111",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.52",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.111",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.52",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.11",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T13:21:35.775Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c"
        },
        {
          "url": "https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707"
        },
        {
          "url": "https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076"
        }
      ],
      "title": "mptcp: pm: Fix uaf in __timer_delete_sync",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46858",
    "datePublished": "2024-09-27T12:42:49.167Z",
    "dateReserved": "2024-09-11T15:12:18.291Z",
    "dateUpdated": "2025-12-24T13:21:35.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2024:9943

CVE-2022-48796 (GCVE-0-2022-48796)

CVE-2024-26671 (GCVE-0-2024-26671)

CVE-2024-46858 (GCVE-0-2024-46858)

Tags

Sightings

Nomenclature