RHSA-2024:6994

Description

Red Hat Security Advisory: kernel security update

CVSS Metrics

• v3.1•MEDIUM•Score: 4.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Systems

• redhat•bpftool

  < 0:3.10.0-1160.125.1.el7

• redhat•bpftool-debuginfo

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-abi-whitelists

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-bootwrapper

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-debug

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-debug-debuginfo

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-debug-devel

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-debuginfo

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-debuginfo-common-ppc64

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-debuginfo-common-ppc64le

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-debuginfo-common-s390x

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-debuginfo-common-x86_64

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-devel

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-doc

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-kdump

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-kdump-debuginfo

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-kdump-devel

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-tools

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-tools-debuginfo

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-tools-libs

  < 0:3.10.0-1160.125.1.el7

• redhat•kernel-tools-libs-devel

  < 0:3.10.0-1160.125.1.el7

• redhat•perf

  < 0:3.10.0-1160.125.1.el7

• redhat•perf-debuginfo

  < 0:3.10.0-1160.125.1.el7

• redhat•python-perf

  < 0:3.10.0-1160.125.1.el7

• redhat•python-perf-debuginfo

  < 0:3.10.0-1160.125.1.el7

References (16)

• https://access.redhat.com/errata/RHSA-2024:6994
• https://access.redhat.com/security/updates/classification/#important
• https://bugzilla.redhat.com/show_bug.cgi?id=2268118
• https://bugzilla.redhat.com/show_bug.cgi?id=2300448
• https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6994.json
• https://access.redhat.com/security/cve/CVE-2024-2201
• https://www.cve.org/CVERecord?id=CVE-2024-2201
• https://nvd.nist.gov/vuln/detail/CVE-2024-2201
• https://download.vusec.net/papers/inspectre_sec24.pdf
• https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html#inpage-nav-8
• https://www.openwall.com/lists/oss-security/2024/04/09/15
• https://www.vusec.net/projects/native-bhi/
• https://access.redhat.com/security/cve/CVE-2024-41071
• https://www.cve.org/CVERecord?id=CVE-2024-41071
• https://nvd.nist.gov/vuln/detail/CVE-2024-41071
• https://lore.kernel.org/linux-cve-announce/2024072909-CVE-2024-41071-4eb6@gregkh/T