tuned bug fix and enhancement update

RLBA-2022:7747 tuned bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for tuned. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms tuned-profiles-nfv-2.19.0-1.el8.noarch.rpm 86ca34a82e732f2ef50e28549a9759a26a57fcec4da513121a75b5c56b1528ea tuned-profiles-nfv-guest-2.19.0-1.el8.noarch.rpm 36ad8702f7acdda780adde631e9ddf195cfa7d4e216beb9e8d1558e40af5e9e3 tuned-profiles-nfv-host-2.19.0-1.el8.noarch.rpm 7cf4000a586465fd298c2b8dd0d4be887221ff97ffd8ff78d7328cb679b6d661 tuned-profiles-realtime-2.19.0-1.el8.noarch.rpm efdca8c4da0e585989b713b26d1fe20cefcd4f576e5f42dacf6b50bf55674609 RLSA-2022:7444 Moderate: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) * Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558) * use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640) * Memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002) * smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168) * NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617) * swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854) * Uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016) * Race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055) * use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184) * NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852) * buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078) * nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586) * openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639) * use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938) * net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368) * possible to use the debugger to write zero into a location of choice (CVE-2022-21499) * Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * Memory leak in drivers/hid/hid-elo.c (CVE-2022-27950) * Double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390) * Use after free in SUNRPC subsystem (CVE-2022-28893) * use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581) * DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946) * nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) * Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558) * use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640) * Memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002) * smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168) * NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617) * swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854) * Uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016) * Race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055) * use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184) * NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852) * buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078) * nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586) * openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639) * use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938) * net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368) * possible to use the debugger to write zero into a location of choice (CVE-2022-21499) * Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * Memory leak in drivers/hid/hid-elo.c (CVE-2022-27950) * Double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390) * Use after free in SUNRPC subsystem (CVE-2022-28893) * use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581) * DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946) * nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm ac47b7b84a125e963c6eee8553303b58c12decafe9af2ace64a8db6a03f2d598 kernel-rt-core-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 5a50d0b2efae91f9161d4b74ad82acf22f82a51f8f6a1ba55c76e08f8981dada kernel-rt-debug-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 82f79eb68df1b991991d43d82076845c07a4f3dc5c89e1b2afc85707a2202b8b kernel-rt-debug-core-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm cb1bdce926b21d79cb17ec390fb3fc6cf985184effa06b804efbf6c52b05cd01 kernel-rt-debug-devel-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 54752dc97e8b9a6464688730cf3b964a143b2276ce378648c07e288eccc5cccf kernel-rt-debuginfo-common-x86_64-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm a6042a61e450115260c0136f300d7ad0372f7dfa4928ef2df2d233c79cdf5b48 kernel-rt-debug-kvm-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm a42f755741f9f40ea5d314ada223602a3a3fd9fb8b34ca56bbb92d18ca45d614 kernel-rt-debug-modules-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm f8bdfcc81e1660a90415fa3bfa6ab580f7bf2414f0bcfeef36f4696d1cc86ec1 kernel-rt-debug-modules-extra-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm db78b923643a96642b20b51994234175bffe2fc24f528edfee3cd825012ffda9 kernel-rt-devel-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 840d8b2c07bfd25ed9d0c6620eb11387fc606e04aa4097b293c74b94bc148cfa kernel-rt-kvm-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 268179f85d0f67cfc7d0e0d3fca536e3a15d7cfb1f4a180e6aaa97fdd0d74f33 kernel-rt-modules-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 52ee49b34ec4de2a5b3c9943d6bd95a5a58787f104ee8c9e12bed53c3324b957 kernel-rt-modules-extra-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm 47790e8e3fbc64355aca26f537c0e8c5e34bf462d4cc7f29d158fb671773f562 RLBA-2022:7446 rt-setup bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for rt-setup. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms rt-setup-2.1-4.el8.x86_64.rpm 1a7e073aaba75a6adf07c8a7ea2b3b31e09ee6cd57f56a687e3ea08ae7cceac3 RLBA-2022:7451 rteval-loads bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for rteval-loads. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms rteval-loads-1.6-2.el8.noarch.rpm fd6a359b49d57b464d5d601ce9b70b700c39336cb00346b391866c318c6527dc RLBA-2022:7452 rteval bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

An update is available for rteval. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms rteval-3.4-2.el8.noarch.rpm e555d4c62468eb8667f11fd720aeb5b38c527449ebe16ba27c4e23c2e8734924 RLSA-2023:0114 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The latest Rocky Linux 8.7.z1 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2137411) * [DELL EMC 8.6-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139867) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The latest Rocky Linux 8.7.z1 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2137411) * [DELL EMC 8.6-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139867) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 98837004fbf61990c3c258ca76621765340b070fb1bd7ac37fbddd49744d93bd kernel-rt-core-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 224da004e6aaf7dc7bd6cf5f2402bbddae5dda809f16df38930fb8c94f78fd29 kernel-rt-debug-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 009f0969a4f571b8944fbcfc0d8934f7c7660b2bb5d51ffb2c31d771db76eada kernel-rt-debug-core-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm a5e3c763edd5d21e3e50802a55125a3aa5e2263d0448a45bc19c4053206874f7 kernel-rt-debug-devel-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 29a5ca819c20ab5a9a73ef8ce13ffef39149c43bb8bfaf30724b85d426e9f11a kernel-rt-debuginfo-common-x86_64-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm fe4a8abeeb99a3bca57be9fbbda5a2c8763b27c82e00f8a7a10f4011f33edad6 kernel-rt-debug-kvm-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 86061e95640d926c5b07dacf7d683b7816fe5d84af428df0106f4814485ef907 kernel-rt-debug-modules-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm ed274022c1b74d6398b1c29f4b8319786750c160194699360e27dc53dc5e3707 kernel-rt-debug-modules-extra-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 0b4fa7b23831278421f4786ca058e45796e50f3c0dac645b22b1968117691cf9 kernel-rt-devel-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm c7cc44181eb945a901256dd628ce8920dbdfcc0c6b28299a0b1c86389c1e00a2 kernel-rt-kvm-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm a138af746550b98f37ff2d961ecb148fa17646e25deb0450ae950244d91c247d kernel-rt-modules-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm a0ede768e0052c07cb523dfaaeaae6c2e986c5f6370f557882cda900417f1747 kernel-rt-modules-extra-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm 3a2442fb615e30a862cf7f234fb9eccb1027d3b89fdfc7f9d2802823e5e235ad RLSA-2023:0854 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rocky Linux8-RT: Backport use of a dedicate thread for timer wakeups (BZ#2127204) * SNO Crashed twice - kernel BUG at lib/list_debug.c:28 (BZ#2132062) * Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel [RT-8] (BZ#2139851) * scheduling while atomic in fpu_clone() -> fpu_inherit_perms() (BZ#2154469) * The latest Rocky Linux 8.7.z2 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2159806) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rocky Linux8-RT: Backport use of a dedicate thread for timer wakeups (BZ#2127204) * SNO Crashed twice - kernel BUG at lib/list_debug.c:28 (BZ#2132062) * Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel [RT-8] (BZ#2139851) * scheduling while atomic in fpu_clone() -> fpu_inherit_perms() (BZ#2154469) * The latest Rocky Linux 8.7.z2 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2159806) rocky-linux-8-x86-64-nfv-rpms kernel-rt-debug-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 55d2a52a1b9053b65f2887dddefc050bdd47a094ef0d45b4b52d76c75c926441 kernel-rt-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 66beae40fdd3d6eeb1ac78c9dfbd82c0c0662c95dc24e7cc040e65e85082020b kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 8deee5253fd69d6bba5b9dae8ad04b067ba8448c676aa7f662a423945180ecdf kernel-rt-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 2d9357435ac92d399bd7e45fd84a6fdac410a10eed12719eac21911820e0af02 kernel-rt-debug-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm e95ab30ddb98c3a067f4eb95f3ef47b87c5eb19c52b36665d0931705b63d3072 kernel-rt-debug-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 3a835595e101239b195de8dee8e3e3705d1c7c81114100942156d876b0575a46 kernel-rt-debug-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 4952b7809aac5cb08b1384faa98323765b4de5cd98bdc2064485557e380fd524 kernel-rt-debuginfo-common-x86_64-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 4bf16fd0892c83afe0916ba53d442705612f957f084210c9301e24c29fd55bcb kernel-rt-debug-kvm-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm ffaa40a00d274b396d86ea38a51ccde60274447c57175de78902082572596b14 kernel-rt-debug-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm a89780ec403bc35d02245126d9f1401250d1d031d0658a21da67842a96d5a8fb kernel-rt-kvm-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 15dcae4095d1ec7757c346b72639217a15dc9f8d68712cf19d9b14a55f6f460a kernel-rt-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm b5b5d680e48da72ac6d3b6880c6b8c4281fdd31ae984b4eb28c6d5b4ea950ff2 kernel-rt-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm 43c89c09b51f0ebb311f3f11ed722bd4cbce453263e3c798d0f28f786655a899 RLSA-2023:1584 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) * kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386) * kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Lazy irq_work does not raise softirq on PREEMPT_RT [rhel-8] (BZ#2172163) * The latest Rocky Linux 8.7.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2172278) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) * kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386) * kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Lazy irq_work does not raise softirq on PREEMPT_RT [rhel-8] (BZ#2172163) * The latest Rocky Linux 8.7.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2172278) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 7e964af3b334e7871de46b265616fceae25ef4d05c0dc476a190fc6dda3c549e kernel-rt-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 16d16895a6cfec9c58d2acc60cb3a3f3d76ac146a1f44f9fd3a34d9664f668c3 kernel-rt-debug-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 26fca3a909b586ffccfad0072d9c09fc98ce2643cfb50bd4fba6224acc4f6cb2 kernel-rt-debug-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 41e93ad64385756dd514f9d40d3fe5344b10708cf15f835bf9ed1078a3dfc4d8 kernel-rt-debug-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 729df8c4a17459d7e195fb7d098c8bd75f6ba5356d32b4088fdea023d3e71274 kernel-rt-debuginfo-common-x86_64-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm b1bff356f7b4cd88ff00ab88e511c338c6de13180a52e633903667e3d5666b26 kernel-rt-debug-kvm-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm cd705a46d4b640260822b3e97caa1c335863ba63bf23c5ecddaad4ff97434208 kernel-rt-debug-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 38a0b8d18a1a2619d3fc5394ca810c1b8ab03cbd73c6ffd9069c3521a39ffff6 kernel-rt-debug-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm a7078a38162abe34d88e60aefdacfaf5e394fa1a21af124db6e563a1fd82bcd8 kernel-rt-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 6e586e11e590985563dc555b4e19649fc82e09e03f62cbb4e59dd08ef34c9b5e kernel-rt-kvm-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 332f46f24394803cd09f3b821fc7ef2017238bd297efebf76113673e0bd52665 kernel-rt-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm 6ff2d97ff03d015f08f4bd9b56e43a7a2d7247b3712f2929df4c8c5bd16dd27a kernel-rt-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm e1d6967409817f9f608afe9c1a27221fca489db4f9e0a4f670844f3d42a8d23d RLBA-2023:2737 rteval bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms rteval-3.5-4.el8.noarch.rpm 43c5eb5d7b03af48421271da71487de2933198fcf819ac34ccbf0c10d8a78e90 RLSA-2023:3350 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * smpboot: Scheduler frequency invariance went wobbly, disabling! (BZ#2188316) * Crash: kernel BUG at kernel/locking/rtmutex.c:1338! (BZ#2188722) * kernel-rt: update RT source tree to the Rocky Linux-8.8.z0 source tree. (BZ#2196667) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * smpboot: Scheduler frequency invariance went wobbly, disabling! (BZ#2188316) * Crash: kernel BUG at kernel/locking/rtmutex.c:1338! (BZ#2188722) * kernel-rt: update RT source tree to the Rocky Linux-8.8.z0 source tree. (BZ#2196667) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 2d44a0f05a2c1a559a044443dae2c838a739376e55dec109801d27fb4e8afcad kernel-rt-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 23857a3b1afe803bba7353650a56a348c0735162876d82bc4bfc20322238ae13 kernel-rt-debug-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm b42c757bcd61e1af663a6bb9544477aa4a58582f17a447cd8c8a009cddd983df kernel-rt-debug-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 74fe95880861c25a4ab7700838f4cd945917bd7fb98ffeefcf618ce78e3d9021 kernel-rt-debug-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm bac46a90a97c28aae36caec7a42e4e8b4828422c76b9f2426f5530fc7a595d55 kernel-rt-debuginfo-common-x86_64-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 84135da094ee70e4aedc54c2fe1e9313dfc71b480cbe00a06c0abe061f8a4949 kernel-rt-debug-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 18bf49f180cc1798610a6db203ccd5821674139e5ca3bcd48f189be48e20361a kernel-rt-debug-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 325ca335098d840eab695f800772a88de2f07b5d4233ab76ea1ba659f7d34a95 kernel-rt-debug-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 29ee95a669b0f4b5e1f6ef197454dcfec78f07be64200b25f3625030be41f0d2 kernel-rt-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm 03790343af8b3b3509fa613a4de922c1f9b92c4d9bb5153f0656d30acd34326b kernel-rt-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm bd0a517dc2dfdce2eb129836b777985cee8dae5a3dd4cf4dad8418f4b7ee0f0e kernel-rt-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm a21baf5e3655503afa097c501a9d1192743aa72cebd6a5d8dde75e851039077f kernel-rt-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm e3588eda0958c08663fdc2b2b70c98d646bea869a530690750c690d74af6f9d4 RLSA-2023:3819 Moderate: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the Rocky Linux-8.8.z1 source tree. (BZ#2210299) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Moderate

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the Rocky Linux-8.8.z1 source tree. (BZ#2210299) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm d24fc773437547a64dfd3d36db425eeb175b0489c6d7f88e3051ab82235afa5d kernel-rt-core-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm c1ac0eca67a90af2da6f4005c11e0bdbe2e5faa43eacce83cdcabc4e26a665af kernel-rt-debug-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 67423ebbb480d8603c784cc67c4d27b5803e28d9f13dd98d2d49bdb428edc1c6 kernel-rt-debug-core-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm d1ec8217ce82d8080633d8776837fb6fe19cee6e48221a57d41352fed844fae4 kernel-rt-debug-devel-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 9e636971a242782198130b71d12240c8fcfb50bc55e7bfd5caa9f8d0c6816202 kernel-rt-debuginfo-common-x86_64-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm acc482e3ebb05f16b3e61ac85cd2ec0e162da4b16d7af2e7a151d2a44ba76cbe kernel-rt-debug-kvm-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 2a297326cc41502f04ee049df73ca0379968178ddd31397a12ad5f559bbf5a54 kernel-rt-debug-modules-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 4743bec3da0524d6757bfa641b76f95c6d8a5aed11272349f040084330f6a80e kernel-rt-debug-modules-extra-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 60c2920288f89fbdc8631ae475b44498f6f82e9899eb79fabcc012416938df0c kernel-rt-devel-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 4448a067af1ce7ed90954a00da74546a99a59acda696d30a2d141029081f6817 kernel-rt-kvm-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm a281aa10f9e73a08f3796bc3ffd79ac49ab6c14280b9455e8595b8f9114d3c91 kernel-rt-modules-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm f0d363491715bfa792e0263f27a26f5f94a83e158f0a762ca78f4b0bbab71748 kernel-rt-modules-extra-4.18.0-477.15.1.rt7.278.el8_8.x86_64.rpm 55773582e5cd7a056cdd8cee503a9bdc7591b6a361dea695b4ba89fd95da4183 RLSA-2023:4541 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896) * kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281) * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829) * kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235) * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124) * kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Addding the building of i915 driver to 8.8 (BZ#2208276) * kernel-rt: update RT source tree to the Rocky Linux-8.8.z2 source tree (BZ#2215026) Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896) * kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281) * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829) * kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235) * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124) * kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Addding the building of i915 driver to 8.8 (BZ#2208276) * kernel-rt: update RT source tree to the Rocky Linux-8.8.z2 source tree (BZ#2215026) rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm b78833168c9dc6bd30806094cf8ca50b297e35a6b06776939792cf79e93a743c kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 33af774ca40fe5dd838ba0e0446f52d1f51c36585f1c5bb679f3a5da10e4abc2 kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 48d0cc9c2dadb2f4d7abeb3389dfce1ae3a179203cd572b0085ef550589b141d kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm ba8c040837bd475430ddc7c504061537ad1ccb5e16daf97a34daf25ae9878705 kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 25367a3b62df9760649b88dd6ad75122c2d17fb46ca3ba91a029ba15280b4525 kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 370c86a878367b48d8b36e7b135f79b771109353dcfa64d14aee28f620044bc1 kernel-rt-debug-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 2da539b476fa34bd1569e01fb2ad3677ada5ec85ccb9ca16fe98df2930291b67 kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 55797a7004b8c5dec8786d20ee784df66067e27a23a6f55716afef9e596a5777 kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm fb8682c84d10dccc7329849ce5eb26cf575b3b4cd54d30912ce96216cc273709 kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm a2c54243a3be2ef32460177afa685e01180c3f1e1ab6e36cb502b3f0bb18206a kernel-rt-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 34327d84cc21239954dfbd52ee667775967ef567bc37ccfaf2126250708661a5 kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm d2b3e1d2773e1c4b762e58db28a3e2acba6bc2c5cb5fa773f0fadc8af5459ed3 kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm 0e3d1913711124eb45c459eb863a458a6dcdc7c30c78d7a337328c4233e1e570 RLBA-2023:7182 tuned bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 None

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section. rocky-linux-8-x86-64-nfv-rpms tuned-profiles-nfv-2.21.0-1.el8_9.noarch.rpm ad21e4d53dd001d26ed1423b5031623c2ac01a4fa3dc90eeed3b42774c319cbd tuned-profiles-nfv-guest-2.21.0-1.el8_9.noarch.rpm 678f59c6dc23b13a9a503da1079f1699d690e48fedea5ec3c7dd57715d298b22 tuned-profiles-nfv-host-2.21.0-1.el8_9.noarch.rpm aad0405021e2739c352a78bb4a92f34c9c88dbc41a8e25dbee2e9a1a93f8e82f tuned-profiles-realtime-2.21.0-1.el8_9.noarch.rpm a5f7e7f0a38942418d58d3187c5e416f9fc8b9a1ddc72134afa055e0c5d03779 RLSA-2023:7548 Important: kernel-rt security update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163) * kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812) * kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178) * kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884) * kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886) * kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919) * kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2024 Rocky Enterprise Software Foundation Rocky Linux 8 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163) * kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812) * kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178) * kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884) * kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886) * kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919) * kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-8-x86-64-nfv-rpms kernel-rt-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm e135b78cc5d5b1951441bf0da72bb9ddfa5049b2056e67ddaf45a5d105053d34 kernel-rt-core-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 6248b2e7f7efdde134d59320f2b98c6aea884739b4a34e3eaa9c7f4b308ba1a9 kernel-rt-debug-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 7f79f10e9714918974cdbdf0a1f994998d6fb9f4cc75c7c3bc3c46818069fe01 kernel-rt-debug-core-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm fa4aaca964c04a4c1903d8f597684f9dbe72e2e1babe6b5b23bff2dfbd95623e kernel-rt-debug-devel-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm a7fe83a2de5545023a10ff0fbd0b571b389fc2090dae50027d976646b9b42f8c kernel-rt-debuginfo-common-x86_64-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm ffc551782cf5548bd7188a92741c306e35dfb72a4e4d6626b9d7cfeb6b6dd3ff kernel-rt-debug-kvm-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm baa07d609c281f7b7c71fb26d25d0267eb9a78b370f5d19bc3c50a9623990078 kernel-rt-debug-modules-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 140e0c56c2594723d38e3909b4beb112cc46795a50f42e9906987d93021b12e1 kernel-rt-debug-modules-extra-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 9b463fb7e6f36d497f89ab3269c7fb6112857432eec1774fb233091d942523e8 kernel-rt-devel-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 50bbc409e41eebb0c29565ca7f3e9dc791f01b9e8dc50f06137c1b5cf3b3ea7a kernel-rt-kvm-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 272756e8b3bc6953603869e6b6ea39f8d77c1a1426d49857305e61c5cfec1b4b kernel-rt-modules-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 0692a90c35f0cdccf32586bf835151b42be3ebcb5d6953a139eedfa4a56ad024 kernel-rt-modules-extra-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm 06aa39a027d0d7b0fe5ec8e8b5529eda35880fce49480012fb2c10642997e125