tuned bug fix and enhancement update

RLBA-2022:8321 tuned bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 None

An update is available for tuned. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section. rocky-linux-9-x86-64-rt-rpms tuned-profiles-realtime-2.19.0-1.el9.noarch.rpm fb0dbba6e33e15cead237638bb3ba2217f1f97dad6d226fbf28ddc5b6f256016 RLBA-2022:7934 rteval bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 None

An update is available for rteval. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section. rocky-linux-9-x86-64-rt-rpms rteval-3.4-1.el9.noarch.rpm 779ef99730b0722c8085dd7bfeb5caa7c3fc469c860fe8070cc6f73ba2ae964c RLBA-2022:7936 realtime-setup bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 None

An update is available for realtime-setup. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section. rocky-linux-9-x86-64-rt-rpms realtime-setup-2.2-6.el9.x86_64.rpm 09d1e8c58237d226f48dcd7ea1859255908739b2bd44891cb9c2200a7737ac18 RLBA-2022:7939 rteval-loads bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 None

An update is available for rteval-loads. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section. rocky-linux-9-x86-64-rt-rpms rteval-loads-1.6-1.el9.noarch.rpm d90521c5eadf3f090373ef007bc30c919b714cf597c400efd189542cc7de73bb RLSA-2023:0300 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077) * kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * DELL EMC: System is not booting into RT Kernel with perc12 [kernel-rt] (BZ#2139863) * kernel-rt: update RT source tree to the latest Rocky Linux-9.1.z1 Batch (BZ#2141817) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Important

An update is available for kernel-rt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077) * kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * DELL EMC: System is not booting into RT Kernel with perc12 [kernel-rt] (BZ#2139863) * kernel-rt: update RT source tree to the latest Rocky Linux-9.1.z1 Batch (BZ#2141817) rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm a7e1f3a73355138f0b833a118d6b89658f74d299cfa39c77f8a259395a7330c3 kernel-rt-core-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm 5b68b98ea60d1532352676df69dd5f01bb4091a19159f80b4987be94ad3f9d5e kernel-rt-debug-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm b3a01fa3e91d415b63e0da93758d281b8f25a549dc982bb9cad82a17be557220 kernel-rt-debug-core-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm 46b42686c27706db3766e029fe5b849642652dd85ca7f4c7e8ccffb8ee5ad4c4 kernel-rt-debug-devel-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm 3f1d53fb45a4edb3c5a2ae633202b7d9637faa9fb0c6d6cc8f4247124264c836 kernel-rt-debug-modules-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm 1090f4e8d8356909d3e656f774eb05ac4b44af0bc3e9bb37ed084eb42bd15f79 kernel-rt-debug-modules-extra-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm 9988382bde8954cac0c0b91da17ce38b528b25465fb25b642aa9a029fd577d49 kernel-rt-devel-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm 1c5864022ae27f7f2f238959bbf5eb754d939c3064c782c20e02325a514c68c5 kernel-rt-modules-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm c8fcbfdcf00d9e0b594bb22083bcfea58004e2009c316e66b776657e9bd58831 kernel-rt-modules-extra-5.14.0-162.12.1.rt21.175.el9_1.x86_64.rpm faa845cb72002e6899eee20b282e5859dfb66fd9180e99f0287e3a39a914bb30 RLSA-2023:0979 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379) * kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-9.1.z2 Batch (BZ#2160463) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379) * kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-9.1.z2 Batch (BZ#2160463) rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm 7b3306e40d0eb276b81736e5b4d0a090b32e7428669108e3a9b5e9e6aaad5464 kernel-rt-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm d982083ee4ad4d679065f00f97454fe4d98fa099b0c48fe7b43f336383a843f1 kernel-rt-debug-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm 604d8762e724e8a645b855749d0e0e9356fece859c97bf6465dfb24c4bc2ef00 kernel-rt-debug-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm 2bae5de2733341e8ae12f4f0ee969fac2d108d977898196276c97acef486a544 kernel-rt-debug-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm 0659314a6f21c051ddc70aaac21c744c84bbd3ee79324d9cd8f63d68b43a90d1 kernel-rt-debug-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm 7a2333a7b531b60da3f5bccf06897798f67f859911183f627c994ca49d0d74f0 kernel-rt-debug-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm c3011279e4e4898e4cfc91e5c0dda8b355f934a49d40275bd757e97faa2c87e8 kernel-rt-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm 2a65d0b572d8b1c5d785424854a314aa0106e65d52e57f327be144ceb1fb955c kernel-rt-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm c785118454a0725cad5b48f0163e8f67e6015d1fe8b75d4ee0000473779c8810 kernel-rt-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm 1f580e31f2eabb98c9c86eaa7afd295e34d4c2b9ae448672fb17633b7bac9cfa RLSA-2023:1469 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744) * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) * kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-9.1.z3 Batch (BZ#2170460) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744) * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) * kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-9.1.z3 Batch (BZ#2170460) rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm 568dd09bab56394023fe0306b75bd37ea022a6d953d67a0a684d0e3c09a062eb kernel-rt-core-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm dfabf38ea0e692f2e9e79032718f856947f6c79322302ba7b3e71da432b89a43 kernel-rt-debug-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm e1262ce076bfef2e64439348d0994b007be9dca1826f412e41ef1ae0ad9a65be kernel-rt-debug-core-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm 68994eab42c1b61e40fb586c0db25b9e1e0120c20ef4cda336eed835530e3750 kernel-rt-debug-devel-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm feeb3cbbbb86b394efd4f1c725cf5196c615e5d95da7d65ac35df62e428f9c09 kernel-rt-debug-modules-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm 16b5584dc7bfa322f30bb2365392e97001f24356dd5550f329c994c5e13157d4 kernel-rt-debug-modules-extra-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm 7ee7488f2e287486a29fef3c09b5ee84f602f58a61cea14ced64f4c07483bb99 kernel-rt-devel-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm 557f3f925cb9019b8d559ef7d0c76d910b62d338d424a57306781e6985118e7d kernel-rt-modules-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm 2825674e7d7e26a5e1d90766a5094258be1f1cfb5e3ff2360f0786df2c25c919 kernel-rt-modules-extra-5.14.0-162.22.2.rt21.186.el9_1.x86_64.rpm 5df494c468c21ba95a1e5d4330dfcf63dbcbb2d36f140cba6541b812c3f7ab5b RLBA-2023:2149 rteval bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 9.2 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 None

For detailed information on changes in this release, see the Rocky Linux 9.2 Release Notes linked from the References section. rocky-linux-9-x86-64-rt-rpms rteval-3.5-7.el9.noarch.rpm 04313b632c9cadc83f364224fade45c1340ef4995001f1f943d2be4b1ec5819f RLSA-2023:4378 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) * kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788) * kernel: KVM: x86/mmu: race condition in direct_page_fault() (CVE-2022-45869) * kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c (CVE-2023-0458) * kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rocky Linux9 rt: blktests block/024 failed (BZ#2209920) * Backport pinned timers RT specific behavior for FIFO tasks (BZ#2210071) * kernel-rt: update RT source tree to the Rocky Linux-9.2z2 source tree (BZ#2215122) * kernel-rt: update RT source tree to the Rocky Linux-9.2z2b source tree (BZ#2222796) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) * kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788) * kernel: KVM: x86/mmu: race condition in direct_page_fault() (CVE-2022-45869) * kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c (CVE-2023-0458) * kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Rocky Linux9 rt: blktests block/024 failed (BZ#2209920) * Backport pinned timers RT specific behavior for FIFO tasks (BZ#2210071) * kernel-rt: update RT source tree to the Rocky Linux-9.2z2 source tree (BZ#2215122) * kernel-rt: update RT source tree to the Rocky Linux-9.2z2b source tree (BZ#2222796) rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm d5d3e0ee745dfcbb9dbc6a773cfafbfd49c4e4c06db98f3b1cc381bffe7b5547 kernel-rt-core-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm 5f413a505a29ea03c4792323b3c27ac9fbafdfd0b1e2669909109b64b76c8660 kernel-rt-debug-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm a0c3bb9c922ec87c324c4df02011fabb0b8eaf2b8b4a324073c27d5fe278ab36 kernel-rt-debug-core-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm 8779a970a4895eac8324a6af97baa666e9d65db219632a3bc390017e03317bd0 kernel-rt-debug-devel-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm 0984051db85dcd3f4d9f079cf27fcbec7c44c9058880bde94d32ada3dc352243 kernel-rt-debug-modules-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm 68e66d8eb309b91153bbbbbef50355d764a918699f3ab8d54036f1bb7558e7b8 kernel-rt-debug-modules-core-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm 07e68a8d61796b63fa3a08eca1b8568a1db32ab531f5e50c9e6ab5b78371dff2 kernel-rt-debug-modules-extra-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm 1a0ca2666a8da6628db0d92f25a4a15e38c4c4550ca1fc7b1360b3c14203a4fe kernel-rt-devel-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm 29942eecd8c51d51404ef8b5da0374f4eaaa48cd7e3768aea3b3a540a1bd8e05 kernel-rt-modules-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm e0715d8df24665fba635bb39c814e94e065d3cabdff39ee50a1eb060cb62d028 kernel-rt-modules-core-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm 34d09150036730776d065f2d8ca52183df1499d4f22388d6c638b335ec00c3d7 kernel-rt-modules-extra-5.14.0-284.25.1.rt14.310.el9_2.x86_64.rpm fc759ca2882b77c70138837d16791c0c4c023136c041173400214819488c57fa RLSA-2023:5091 Important: kernel-rt security and bug fix update The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390) * kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610) * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776) * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004) * kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147) * kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248) * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001) * kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) * kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-9.2.z3 Batch (BZ#2228482) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Important

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390) * kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610) * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776) * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004) * kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147) * kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248) * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001) * kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) * kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-9.2.z3 Batch (BZ#2228482) rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm 6bbae94a9d3b7b50a9927f8d04442e4b3ad95af1f60ce0ca7d2f0634080c0e25 kernel-rt-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm 3b36f33d29499faa4e10c53ccc5d18a9dbe56db9b75c7b053fd503766db64900 kernel-rt-debug-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm 0d01c283085f35a114b9fad6c72941fba5e639bf8a41a4ec72a8bd46d54a84bd kernel-rt-debug-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm 3e7c3c19b117f12f28168bd280f3ca79634906dc6cf5c97160795e7985c4e1d0 kernel-rt-debug-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm 6ee1c9e5759c9489594284e8327083dccd23f9351084cc57fe73ede3c9133b71 kernel-rt-debug-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm 7ae835a36bf956fec17589f6cec94b4e765cf6d4d1f5cedbeccff61243c31710 kernel-rt-debug-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm 1ea91fb66ee5a733a890d48fb5da533238f15a3f9c4a6142be7baada8ea7d1d1 kernel-rt-debug-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm 9c944317b361a3fe0460d1102a7a2eb8114a85f690c60787ee294f1205e094ae kernel-rt-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm 2a69de78cf5788c599917bd6ea7eff236f65ebfd27de94baf4e1553f49b97ebd kernel-rt-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm 32887b9b7d12b840cd9188d5694f38e5d2cd51201e06ae01597bf3b7a16b60e9 kernel-rt-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm ea66c9ddaa5f9ce44221bdc2019eedf032b692a3cad971f2e752872d6d72c568 kernel-rt-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm e30eee6cd4b640cdd6c8907048f3ee3065bb2f96a341a2d6aa65f3b8795b539e RLBA-2024:2111 rteval bug fix and enhancement update For detailed information on changes in this release, see the Rocky Linux 9.4 Release Notes linked from the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 None

For detailed information on changes in this release, see the Rocky Linux 9.4 Release Notes linked from the References section. rocky-linux-9-x86-64-rt-rpms rteval-3.7-7.el9.noarch.rpm 18d4e61ed3779f3bd43d908cd4e6619ee94ca8b8acd15d1e69e6f27ef97c47e5 RLSA-2024:2758 Moderate: kernel security and bug fix update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-SN-3008,CVE-2024-25742,CVE-2024-25743) Bug Fix(es): * ffdhe* algortihms introduced in 0a2e5b909023 as .fips_allowed=1 lack pairwise consistency tests (JIRA:Rocky Linux-27009) * mm/mglru: fix underprotected page cache (JIRA:Rocky Linux-29235) * [EMR] [TBOOT OS] SUT could not go to S3 state with Rocky Linux 9.2 Tboot OS One CPU return -16 running BUSY (JIRA:Rocky Linux-29673) * system hangs completely - NMI not possible (JIRA:Rocky Linux-30678) * ice 0000:6f:00.0: PTP failed to get time (JIRA:Rocky Linux-30110) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Moderate

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-SN-3008,CVE-2024-25742,CVE-2024-25743) Bug Fix(es): * ffdhe* algortihms introduced in 0a2e5b909023 as .fips_allowed=1 lack pairwise consistency tests (JIRA:Rocky Linux-27009) * mm/mglru: fix underprotected page cache (JIRA:Rocky Linux-29235) * [EMR] [TBOOT OS] SUT could not go to S3 state with Rocky Linux 9.2 Tboot OS One CPU return -16 running BUSY (JIRA:Rocky Linux-29673) * system hangs completely - NMI not possible (JIRA:Rocky Linux-30678) * ice 0000:6f:00.0: PTP failed to get time (JIRA:Rocky Linux-30110) rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-427.16.1.el9_4.x86_64.rpm 70d80881dded2b5c0c29b2e275198e56d7d90778a29d6e8e80c3a1f9d49baa78 kernel-rt-core-5.14.0-427.16.1.el9_4.x86_64.rpm 4d3229f8d3cda4d33fdca9db011aecb1d98188cfff90c67c3033b24583476944 kernel-rt-debug-5.14.0-427.16.1.el9_4.x86_64.rpm 4e359e17e5c1504dd9b3636da82becf748bb9547a4337ed965ba34d89f2ef516 kernel-rt-debug-core-5.14.0-427.16.1.el9_4.x86_64.rpm 6f6ed98c2a4d659ecdf3828b67596bc25738554244eecaa46be4e6eb919fd335 kernel-rt-debug-devel-5.14.0-427.16.1.el9_4.x86_64.rpm 7e654bdc342f15d6b2d2010b9b7cbf4f518f7dfbdfecf676a817a1cfe9e01120 kernel-rt-debug-modules-5.14.0-427.16.1.el9_4.x86_64.rpm d3a47c7ea53e2f560bd4edff5197731dbd09f5b06044e82ccb88a7f0b8544bde kernel-rt-debug-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm 222c5f116b1d0ffd47ca4ed99cb52d3f25627d0f65a9d795413de86ebce3cd57 kernel-rt-debug-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm c5052c437baec8ccf49155185727ef2e31a44da27c02d685a18aa42459cdd3fb kernel-rt-devel-5.14.0-427.16.1.el9_4.x86_64.rpm 34a2d319e68ce70e54bc4466c59604838c32ca2350ce2a5fc9afbdb0e1f6cfab kernel-rt-modules-5.14.0-427.16.1.el9_4.x86_64.rpm d29393987377e172a291c42585d37a322efa398bcccf6becc18a9a11a617ec3c kernel-rt-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm 67e01bf2fbb18eccb8074dc1f56b414b9b474be3cb5a0ae9954020bfe71ced46 kernel-rt-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm 94e8a947c96bdbe305e9a2cb815e0e3b6c9ae777872a0f1c26ab4313d7115c0c RLSA-2024:3619 Moderate: kernel security and bug fix update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) * kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Moderate

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) * kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-427.20.1.el9_4.x86_64.rpm d92231ce316aeb6bdf33786809b6bcecfe8c3699a2a45be24845e72b17e62390 kernel-rt-core-5.14.0-427.20.1.el9_4.x86_64.rpm 90be14197200f67342e8a922cc648f98e879d5534644d620c4f3eb09bbbd063a kernel-rt-debug-5.14.0-427.20.1.el9_4.x86_64.rpm 0b52e1dd9e8ae3bd2f22e7d91c32363beac455ecf9c9d9b58cb94407c9e6f88f kernel-rt-debug-core-5.14.0-427.20.1.el9_4.x86_64.rpm 9d9eb3ae53f5600a27d9ffbf7ff96a085a754432afbc9adc844986e5c171e0a0 kernel-rt-debug-devel-5.14.0-427.20.1.el9_4.x86_64.rpm c755d28b0edff995e62a5c512d669bad1f1357767d7d4e125069648520424610 kernel-rt-debug-modules-5.14.0-427.20.1.el9_4.x86_64.rpm 37dfa3970d6b6c842798864c48b8faa9b078d538882aff16514045e161c016af kernel-rt-debug-modules-core-5.14.0-427.20.1.el9_4.x86_64.rpm ff4e281020412bbcb919fc44fb75b5a30458938279238d4315bd49755fcada85 kernel-rt-debug-modules-extra-5.14.0-427.20.1.el9_4.x86_64.rpm 079b63845682699ca37cd6147b7b4aae2fd15820c0aa470f576363f6bf03f7bd kernel-rt-devel-5.14.0-427.20.1.el9_4.x86_64.rpm dba23feb84368132ec94a1a021a8ca0c068dda334c67c366a50cd5bd1306260c kernel-rt-modules-5.14.0-427.20.1.el9_4.x86_64.rpm d7d2c81c0a721b09cb8c07d0449ea6e2bb77ef08ca603c69a73781f5709483c0 kernel-rt-modules-core-5.14.0-427.20.1.el9_4.x86_64.rpm 06143ab57e8f4302ea5cb196debf9433e65801613115cc4106c2c22fd423c691 kernel-rt-modules-extra-5.14.0-427.20.1.el9_4.x86_64.rpm ed6954567202825fb678edeeec58675575320efcf6172c9ea98ad09d2bbc75cb RLBA-2024:3983 kernel bug fix update The kernel packages contain the Linux kernel, the core of any Linux operating system. Bug Fix(es): * [DELL 9.4 BUG] - Screen shows garbage sometimes [rhel-9.4.z] (JIRA:Rocky Linux-36534) * cifs - Unable to mount CIFS shares after upgrading to Rocky Linux9.4 (JIRA:Rocky Linux-36743) * [Azure][Rocky Linux-9][MANA]System crash at skbuff when set mtu=100 [rhel-9.4.z] (JIRA:Rocky Linux-37622) * selective backport from perf upstream v6.8 to fix AmpereOne and Nvidia support [rhel-9.4.z] (JIRA:Rocky Linux-34991) * [Intel 9.5 FEAT] [SRF] performance: hwmon: (coretemp) Fix core count limitation [rhel-9.4.z] (JIRA:Rocky Linux-35447) * CNB95: dpll: rebase DPLL to upstream v6.8 [rhel-9.4.z] (JIRA:Rocky Linux-36572) * ice: IRQs being moved to isolated CPUs and causing latency issues [rhel-9.4.z] (JIRA:Rocky Linux-38512) * Bluetooth device disappears from the device list after a few minutes with AX211 [rhel-9.4.z] (JIRA:Rocky Linux-38524) * deadlock on dfs_cache_refresh [rhel-9.4.z] (JIRA:Rocky Linux-38904) * [DELL 9.3 BUG]Unexpected message "integrity: Problem loading X.509 certificate -126" occurred on boot screen. [rhel-9.4.z] (JIRA:Rocky Linux-39933) * [rhel9-rt-debug] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 ( clocksource_mark_unstable) (JIRA:Rocky Linux-9296) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 None

The kernel packages contain the Linux kernel, the core of any Linux operating system. Bug Fix(es): * [DELL 9.4 BUG] - Screen shows garbage sometimes [rhel-9.4.z] (JIRA:Rocky Linux-36534) * cifs - Unable to mount CIFS shares after upgrading to Rocky Linux9.4 (JIRA:Rocky Linux-36743) * [Azure][Rocky Linux-9][MANA]System crash at skbuff when set mtu=100 [rhel-9.4.z] (JIRA:Rocky Linux-37622) * selective backport from perf upstream v6.8 to fix AmpereOne and Nvidia support [rhel-9.4.z] (JIRA:Rocky Linux-34991) * [Intel 9.5 FEAT] [SRF] performance: hwmon: (coretemp) Fix core count limitation [rhel-9.4.z] (JIRA:Rocky Linux-35447) * CNB95: dpll: rebase DPLL to upstream v6.8 [rhel-9.4.z] (JIRA:Rocky Linux-36572) * ice: IRQs being moved to isolated CPUs and causing latency issues [rhel-9.4.z] (JIRA:Rocky Linux-38512) * Bluetooth device disappears from the device list after a few minutes with AX211 [rhel-9.4.z] (JIRA:Rocky Linux-38524) * deadlock on dfs_cache_refresh [rhel-9.4.z] (JIRA:Rocky Linux-38904) * [DELL 9.3 BUG]Unexpected message "integrity: Problem loading X.509 certificate -126" occurred on boot screen. [rhel-9.4.z] (JIRA:Rocky Linux-39933) * [rhel9-rt-debug] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 ( clocksource_mark_unstable) (JIRA:Rocky Linux-9296) rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-427.22.1.el9_4.x86_64.rpm 25ca006830a2a4c84206093b7091c98e3139ac4007c51ca139d1c0189a60bf5d kernel-rt-core-5.14.0-427.22.1.el9_4.x86_64.rpm 301e65823f8caf28c89022205f76e0e5de20f0f9161123bbd8a3d46f9c0c46c2 kernel-rt-debug-5.14.0-427.22.1.el9_4.x86_64.rpm fefe6204602302f82f04ab3b999e7ec17c02a660f3e6dc1c3dd0370763791278 kernel-rt-debug-core-5.14.0-427.22.1.el9_4.x86_64.rpm 93a62e9eb1f66b2627941d81ac8cde4e9d58f4d8b8bb4824cd26ce4edf8d9c11 kernel-rt-debug-devel-5.14.0-427.22.1.el9_4.x86_64.rpm 1e2d275a9409cb676f2d4a1f4680d40c3b7ac21fe05066688586b46801d789f3 kernel-rt-debug-modules-5.14.0-427.22.1.el9_4.x86_64.rpm f00769dca2f72ddcc8bf793c4f56942f014d78615e899274d69b858c0b1ffeb9 kernel-rt-debug-modules-core-5.14.0-427.22.1.el9_4.x86_64.rpm b00fdec7a57dc8223d3d4994b030f19fa62579c25e285a91e83d929577f96e7b kernel-rt-debug-modules-extra-5.14.0-427.22.1.el9_4.x86_64.rpm 7b0ce75125b0ebcc0833b45e19f868e5ad05b9a6e978b8f71f982f31ba3deade kernel-rt-devel-5.14.0-427.22.1.el9_4.x86_64.rpm 0d2a7e5c3af56d3dc075b376e7a6a7b33b8a261349f85af6e6d0b73b23bcddb9 kernel-rt-modules-5.14.0-427.22.1.el9_4.x86_64.rpm 7f3cc86c2d07d077c1e660b1ec6db7a717a89a57ae1003dcfe6390e7160af58c kernel-rt-modules-core-5.14.0-427.22.1.el9_4.x86_64.rpm 786950035b982c0328b13f9f37a349ad6dee64727e175aa795d32767aeedc464 kernel-rt-modules-extra-5.14.0-427.22.1.el9_4.x86_64.rpm f1a2842ba043c2b75ae455330f684e421bf4a99040e6a17c04219bda29622a69 RLSA-2024:4349 Moderate: kernel security and bug fix update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (CVE-2023-52626) * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801) * kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974) * kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393) * kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667) * kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870) * kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960) * kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400) Bug Fix(es): * cifs - kernel panic with cifs_put_smb_ses (JIRA:Rocky Linux-28943) * BUG: unable to handle page fault for address: ff16bf752f593ff8 [rhel-9.4.z] (JIRA:Rocky Linux-35672) * [HPE 9.4 Bug] Request merge of AMD address translation library patch series [rhel-9.4.z] (JIRA:Rocky Linux-36220) * [Rocky Linux9] kernel BUG at lib/list_debug.c:51! [rhel-9.4.z] (JIRA:Rocky Linux-36687) * ice: DPLL-related fixes [rhel-9.4.z] (JIRA:Rocky Linux-36716) * CNB95: net/sched: update TC core to upstream v6.8 [rhel-9.4.z] (JIRA:Rocky Linux-37641) * IPv6: SR: backport fixes from upstream [rhel-9.4.z] (JIRA:Rocky Linux-37669) * [RFE] Backport tmpfs noswap mount option [rhel-9.4.z] (JIRA:Rocky Linux-38252) * Isolated cores causing issues on latest Rocky Linux9.4 kernel and not functioning as desired. [rhel-9.4.z] (JIRA:Rocky Linux-38595) * [ice] Add automatic VF reset on Tx MDD events [rhel-9.4.z] (JIRA:Rocky Linux-39083) * [HPEMC Rocky Linux 9.4 REGRESSION] turbostat: turbostat broken on 10+ sockets. [rhel-9.4.z] (JIRA:Rocky Linux-34953) * bnx2x: fix crashes in PCI error handling, resource leaks [rhel-9.4.z] (JIRA:Rocky Linux-43272) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Moderate

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (CVE-2023-52626) * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801) * kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974) * kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393) * kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667) * kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870) * kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960) * kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400) Bug Fix(es): * cifs - kernel panic with cifs_put_smb_ses (JIRA:Rocky Linux-28943) * BUG: unable to handle page fault for address: ff16bf752f593ff8 [rhel-9.4.z] (JIRA:Rocky Linux-35672) * [HPE 9.4 Bug] Request merge of AMD address translation library patch series [rhel-9.4.z] (JIRA:Rocky Linux-36220) * [Rocky Linux9] kernel BUG at lib/list_debug.c:51! [rhel-9.4.z] (JIRA:Rocky Linux-36687) * ice: DPLL-related fixes [rhel-9.4.z] (JIRA:Rocky Linux-36716) * CNB95: net/sched: update TC core to upstream v6.8 [rhel-9.4.z] (JIRA:Rocky Linux-37641) * IPv6: SR: backport fixes from upstream [rhel-9.4.z] (JIRA:Rocky Linux-37669) * [RFE] Backport tmpfs noswap mount option [rhel-9.4.z] (JIRA:Rocky Linux-38252) * Isolated cores causing issues on latest Rocky Linux9.4 kernel and not functioning as desired. [rhel-9.4.z] (JIRA:Rocky Linux-38595) * [ice] Add automatic VF reset on Tx MDD events [rhel-9.4.z] (JIRA:Rocky Linux-39083) * [HPEMC Rocky Linux 9.4 REGRESSION] turbostat: turbostat broken on 10+ sockets. [rhel-9.4.z] (JIRA:Rocky Linux-34953) * bnx2x: fix crashes in PCI error handling, resource leaks [rhel-9.4.z] (JIRA:Rocky Linux-43272) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-427.24.1.el9_4.x86_64.rpm a9174a0f528eb4d45aae21e8c8631b8694d0392b741d53015f2f69c3b709bbb7 kernel-rt-core-5.14.0-427.24.1.el9_4.x86_64.rpm 07e28e228ca42da8399586b0311b5b5744c0c33abd5f4ec49fd6f3472ba6a198 kernel-rt-debug-5.14.0-427.24.1.el9_4.x86_64.rpm 8d6f0caec0b845254c495dd7da16f18b5bdeeaab1c84c311c89062a941ec83ac kernel-rt-debug-core-5.14.0-427.24.1.el9_4.x86_64.rpm 58ca93f2f3f4c92055b5fcdab990c9b3a96c76eca1c985005157bf0258ec7e02 kernel-rt-debug-devel-5.14.0-427.24.1.el9_4.x86_64.rpm 99ed36d3a9d033ac86a0c63c067b53df69eb858d73bb47a24086ce4113765118 kernel-rt-debug-modules-5.14.0-427.24.1.el9_4.x86_64.rpm d75fcac15419efd90b5e41cc502067b853b832dc2eb9f8203636babf2f0d70a7 kernel-rt-debug-modules-core-5.14.0-427.24.1.el9_4.x86_64.rpm 29441c63826412ac7c8d5c569fbe17a73fbbf35792e4f63d9b57f6354272d66d kernel-rt-debug-modules-extra-5.14.0-427.24.1.el9_4.x86_64.rpm 40e6f1559547f31ce75a05a97a0996c8a05628b5ee2b5150486511819c281605 kernel-rt-devel-5.14.0-427.24.1.el9_4.x86_64.rpm 2a34f5676003bacbf326e669bf3c5c579b5f7bbe40a304da574dea7017cba57f kernel-rt-modules-5.14.0-427.24.1.el9_4.x86_64.rpm b0f0d1e53845396a45e98864ff722034a6a857b5db2524f8314ea2c3146838d2 kernel-rt-modules-core-5.14.0-427.24.1.el9_4.x86_64.rpm ba9979ae8abb1c2f4048d30ad50666ac51015dd9b63b5805d91b3a86b81abd36 kernel-rt-modules-extra-5.14.0-427.24.1.el9_4.x86_64.rpm 758d52ffd3762996472a39ab40d9397f5acf21b108448d19497b59c3f1baec67 RLSA-2024:4583 Important: kernel security update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886) * kernel: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (CVE-2021-47548) * kernel: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (CVE-2021-47596) * kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627) * kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (CVE-2023-52638) * kernel: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (CVE-2024-26783) * kernel: net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (CVE-2024-26858) * kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397) * kernel: nvme: fix reconnection fail due to reserved tag allocation (CVE-2024-27435) * kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958) * kernel: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (CVE-2024-36904) * kernel: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (CVE-2024-38543) * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586) * kernel: net: micrel: Fix receiving the timestamp in the frame for lan8841 (CVE-2024-38593) * kernel: netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270) * kernel: octeontx2-af: avoid off-by-one read from userspace (CVE-2024-36957) * kernel: blk-cgroup: fix list corruption from resetting io stat (CVE-2024-38663) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Important

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886) * kernel: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (CVE-2021-47548) * kernel: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (CVE-2021-47596) * kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627) * kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (CVE-2023-52638) * kernel: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (CVE-2024-26783) * kernel: net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (CVE-2024-26858) * kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397) * kernel: nvme: fix reconnection fail due to reserved tag allocation (CVE-2024-27435) * kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958) * kernel: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (CVE-2024-36904) * kernel: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (CVE-2024-38543) * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586) * kernel: net: micrel: Fix receiving the timestamp in the frame for lan8841 (CVE-2024-38593) * kernel: netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270) * kernel: octeontx2-af: avoid off-by-one read from userspace (CVE-2024-36957) * kernel: blk-cgroup: fix list corruption from resetting io stat (CVE-2024-38663) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-427.26.1.el9_4.x86_64.rpm 7f5d3c036e428cbb445de91afe41f0bcfa45fb61821355a30ba3c292dbbf4992 kernel-rt-core-5.14.0-427.26.1.el9_4.x86_64.rpm a95d4186fe85a446e33d2c2929b2a00e56a2a4eea7f71f112180fd47c44f3f08 kernel-rt-debug-5.14.0-427.26.1.el9_4.x86_64.rpm baacfb7ff8489abb8f778f2d3a387946074de99a51dee6a090b09ef00ed515c5 kernel-rt-debug-core-5.14.0-427.26.1.el9_4.x86_64.rpm b351d7ec491186a56aa51d343cdb755de7db3e54497ba80a9b8c178d8777b5b6 kernel-rt-debug-devel-5.14.0-427.26.1.el9_4.x86_64.rpm c943b88caf09a37adec94a93e2ff293de4e877685304d06ba6136f16355c9bcd kernel-rt-debug-modules-5.14.0-427.26.1.el9_4.x86_64.rpm 066321f33eff9258cf91ed85d693603f0115e3141f592921b7c844a0fb7fc580 kernel-rt-debug-modules-core-5.14.0-427.26.1.el9_4.x86_64.rpm 6629049e182ffd091d78fb74524be611b4cf765393e2685329bace66e8ebd4bd kernel-rt-debug-modules-extra-5.14.0-427.26.1.el9_4.x86_64.rpm 7a6f3b77e207a7e4b2e6987e5aab06f2eed7fa396d2769369a56cd88c96bc8cf kernel-rt-devel-5.14.0-427.26.1.el9_4.x86_64.rpm 5f71ee5057542ffe26d8fa134c8cb95b4f77db5b9fff1873bed2b4d6c3eb207e kernel-rt-modules-5.14.0-427.26.1.el9_4.x86_64.rpm 7676dbc7c56850d375bd4e59980e4889c183b87b1f7fa47d4f421e000fa4cd15 kernel-rt-modules-core-5.14.0-427.26.1.el9_4.x86_64.rpm 2eb4fa76976b5a6d7b530a59ce31b02cc226072e134b78dd95c860ab5b7489e1 kernel-rt-modules-extra-5.14.0-427.26.1.el9_4.x86_64.rpm b0524367e74887607d0b320457511d16794e0266dabf3d35c5bbe95479e4630b RLSA-2024:4928 Moderate: kernel security update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned (CVE-2023-52458) * kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (CVE-2024-26773) * kernel: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (CVE-2024-26737) * kernel: dm: call the resume method on internal suspend (CVE-2024-26880) * kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852) * kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) * kernel: nfp: flower: handle acti_netdevs allocation failure (CVE-2024-27046) * kernel: octeontx2-af: Use separate handlers for interrupts (CVE-2024-27030) * kernel: icmp: prevent possible NULL dereferences from icmp_build_probe() (CVE-2024-35857) * kernel: mlxbf_gige: call request_irq() after NAPI initialized (CVE-2024-35907) * kernel: mlxbf_gige: stop interface during shutdown (CVE-2024-35885) * kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (CVE-2023-52809) * kernel: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (CVE-2021-47459) * kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (CVE-2024-36924) * kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952) * kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743) * kernel: epoll: be better about file lifetimes (CVE-2024-38580) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Moderate

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned (CVE-2023-52458) * kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (CVE-2024-26773) * kernel: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (CVE-2024-26737) * kernel: dm: call the resume method on internal suspend (CVE-2024-26880) * kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852) * kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) * kernel: nfp: flower: handle acti_netdevs allocation failure (CVE-2024-27046) * kernel: octeontx2-af: Use separate handlers for interrupts (CVE-2024-27030) * kernel: icmp: prevent possible NULL dereferences from icmp_build_probe() (CVE-2024-35857) * kernel: mlxbf_gige: call request_irq() after NAPI initialized (CVE-2024-35907) * kernel: mlxbf_gige: stop interface during shutdown (CVE-2024-35885) * kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (CVE-2023-52809) * kernel: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (CVE-2021-47459) * kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (CVE-2024-36924) * kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952) * kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743) * kernel: epoll: be better about file lifetimes (CVE-2024-38580) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-427.28.1.el9_4.x86_64.rpm 6597acd529559ff0318c853933258424ef2c933ca4197c94b22d8db9a801a363 kernel-rt-core-5.14.0-427.28.1.el9_4.x86_64.rpm ee6d901d13863dfafe077c5813ce838d54fd63508c15350899b6dfb680567795 kernel-rt-debug-5.14.0-427.28.1.el9_4.x86_64.rpm 8347e4d55ee37bd50a6438b5f5670fd416428274616383497a70886228585642 kernel-rt-debug-core-5.14.0-427.28.1.el9_4.x86_64.rpm e85a0fdc620ce0b82d5df2063d2897814df1c3ac395b617e1b246d40a9637c11 kernel-rt-debug-devel-5.14.0-427.28.1.el9_4.x86_64.rpm bfcd78e3c238120fee226ad73f592d6edbadfb2476e7379ba42be1a45684a48d kernel-rt-debug-modules-5.14.0-427.28.1.el9_4.x86_64.rpm 468feeafd0791f035ec84788abd77ddfb0591f722a7b747c38f18746e8725b0e kernel-rt-debug-modules-core-5.14.0-427.28.1.el9_4.x86_64.rpm ceec0fe7ba5b8a9f6f1c1f0bd5cba2743d404f046c8b49d1257a9f41d98e0a11 kernel-rt-debug-modules-extra-5.14.0-427.28.1.el9_4.x86_64.rpm de5b73afe196f9df850867f536713e679290f1e75e731aa063a86444d42beeb0 kernel-rt-devel-5.14.0-427.28.1.el9_4.x86_64.rpm 305c377f41a7bb3d8830c302c9e2b786d7cb2a8ff72d772ba2a272f42ff7170b kernel-rt-modules-5.14.0-427.28.1.el9_4.x86_64.rpm ad4f43f652945d46557581000c331e2075f6a3215d39860be3deda5bd00c6b3a kernel-rt-modules-core-5.14.0-427.28.1.el9_4.x86_64.rpm fb0fec46408b828767322aefb4026da26bd8fd7a3d9d190dca6feb208f5f13d8 kernel-rt-modules-extra-5.14.0-427.28.1.el9_4.x86_64.rpm 80e5f9b471c0dd173d060a69a59de1ab5597d0fc54f1a232a5e9a68c1a04b9ac RLSA-2024:5363 Important: kernel security update Errata Tool Automation could not update the description because it is longer (4803) than ET limit of 4000 characters. (OSCI-6058) Please update the description manually. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Important

Errata Tool Automation could not update the description because it is longer (4803) than ET limit of 4000 characters. (OSCI-6058) Please update the description manually. rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-427.31.1.el9_4.x86_64.rpm 442c4e26f463b2d68f164c61bc39904edd9eefe6a41c497af86815ec5482b80b kernel-rt-core-5.14.0-427.31.1.el9_4.x86_64.rpm 42c9794f26351c47cc4b1e9dd139e2d8e894f2da06b9b1d978a0772b5f1962db kernel-rt-debug-5.14.0-427.31.1.el9_4.x86_64.rpm 7559f699bb154d6e25d07741d8b1638dcfb740e048a2547c38d0a97da6701f38 kernel-rt-debug-core-5.14.0-427.31.1.el9_4.x86_64.rpm 96e0bc3a76f35296bc3a97af4e942b13a69e72c9616aae0ca2fe3cfe0e98b8b3 kernel-rt-debug-devel-5.14.0-427.31.1.el9_4.x86_64.rpm 851859408cddc6523d7bf9ae93832bbaf4ce8fb139678c24fd6941e56b0c5f44 kernel-rt-debug-modules-5.14.0-427.31.1.el9_4.x86_64.rpm a02653173845bd7cbd3b90c5fc082f3fe8fdbfafecedaaf22a52309215cf400c kernel-rt-debug-modules-core-5.14.0-427.31.1.el9_4.x86_64.rpm ab16ba57529b003f7023fa7a853817f36e35d8ac9e3088cbb0a845bba140c27b kernel-rt-debug-modules-extra-5.14.0-427.31.1.el9_4.x86_64.rpm 2a309e1484f05559555407d1a411d677eda78c5701ab67767c1233d5d78d2634 kernel-rt-devel-5.14.0-427.31.1.el9_4.x86_64.rpm db08c3f2518d78ff1e31e271424fbdae70afea806413f2e158c3c705edceb87b kernel-rt-modules-5.14.0-427.31.1.el9_4.x86_64.rpm cdf7758dd5be74827a29201dfc06fdacfae32fa366b0cb808089fe30f86f1141 kernel-rt-modules-core-5.14.0-427.31.1.el9_4.x86_64.rpm b041df683c25879d32a9137873f57601061f3aabf2997ea9ab10ed4e0a3f0936 kernel-rt-modules-extra-5.14.0-427.31.1.el9_4.x86_64.rpm f40f3771cf1cd53e47619c6ca37ec0ca599014d51f9682b6c49daea70750dc0f RLBA-2024:6133 rteval bug fix update The rteval packages contain a utility for measuring realtime scheduler latency while under a heavy system load. Bug Fix(es): * Replace dmi information with info from execing dmidecode [rhel-9.4.z] (JIRA:Rocky Linux-34566) * rteval cyclictest command line arguments broken when called as a module [rhel-9.4.z] (JIRA:Rocky Linux-47154) * Replace deprecated optparse with argparse for rteval [rhel-9.4.z] (JIRA:Rocky Linux-47209) * Examine how to change rteval to automatically make use of isolcpus [rhel-9.4.z] (JIRA:Rocky Linux-47211) * Update rteval [rhel-9.4.0] to latest version upstream [rhel-9.4.z] (JIRA:Rocky Linux-47212) * Upgrade rteval to use linux-6.6.1 as the default kernel for loads [rhel-9.4.z] (JIRA:Rocky Linux-47213) * Remove upstream spec files from rteval [rhel-9.4.z] (JIRA:Rocky Linux-47214) * Add rpminspect.yaml file to rteval to omit permissions inspections [rhel-9.4.z] (JIRA:Rocky Linux-47215) * Remove dependency on python-dmidecode [rhel-9.4.z] (JIRA:Rocky Linux-47216) * Refine the user interface on rteval for isolcpus [rhel-9.4.z] (JIRA:Rocky Linux-47217) * rteval missing procps-ng dependency when installed in minimal environments [rhel-9.4.z] (JIRA:Rocky Linux-47240) Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 None

The rteval packages contain a utility for measuring realtime scheduler latency while under a heavy system load. Bug Fix(es): * Replace dmi information with info from execing dmidecode [rhel-9.4.z] (JIRA:Rocky Linux-34566) * rteval cyclictest command line arguments broken when called as a module [rhel-9.4.z] (JIRA:Rocky Linux-47154) * Replace deprecated optparse with argparse for rteval [rhel-9.4.z] (JIRA:Rocky Linux-47209) * Examine how to change rteval to automatically make use of isolcpus [rhel-9.4.z] (JIRA:Rocky Linux-47211) * Update rteval [rhel-9.4.0] to latest version upstream [rhel-9.4.z] (JIRA:Rocky Linux-47212) * Upgrade rteval to use linux-6.6.1 as the default kernel for loads [rhel-9.4.z] (JIRA:Rocky Linux-47213) * Remove upstream spec files from rteval [rhel-9.4.z] (JIRA:Rocky Linux-47214) * Add rpminspect.yaml file to rteval to omit permissions inspections [rhel-9.4.z] (JIRA:Rocky Linux-47215) * Remove dependency on python-dmidecode [rhel-9.4.z] (JIRA:Rocky Linux-47216) * Refine the user interface on rteval for isolcpus [rhel-9.4.z] (JIRA:Rocky Linux-47217) * rteval missing procps-ng dependency when installed in minimal environments [rhel-9.4.z] (JIRA:Rocky Linux-47240) rocky-linux-9-x86-64-rt-rpms rteval-3.7-10.el9_4.noarch.rpm 2d73209c70ca13b28731e4560c5eec02cc73d4625281774e7274f25266545c0f RLSA-2024:6567 Moderate: kernel security update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: nfsd: fix RELEASE_LOCKOWNER (CVE-2024-26629) * kernel: mm: cachestat: fix folio read-after-free in cache walk (CVE-2024-26630) * kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720) * kernel: Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886) * kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946) * kernel: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (CVE-2024-35791) * kernel: mm: cachestat: fix two shmem bugs (CVE-2024-35797) * kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875) * kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000) * kernel: iommufd: Fix missing update of domains_itree after splitting iopt_area (CVE-2023-52801) * kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883) * kernel: regmap: maple: Fix cache corruption in regcache_maple_drop() (CVE-2024-36019) * kernel: usb-storage: alauda: Check whether the media is initialized (CVE-2024-38619) * kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979) * kernel: scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559) * kernel: xhci: Handle TD clearing for multiple streams case (CVE-2024-40927) * kernel: cxl/region: Fix memregion leaks in devm_cxl_add_region() (CVE-2024-40936) * kernel: net/sched: Fix UAF when resolving a clash (CVE-2024-41040) * kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044) * kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055) * kernel: PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096) * kernel: xdp: Remove WARN() from __xdp_reg_mem_model() (CVE-2024-42082) * kernel: x86: stop playing stack games in profile_pc() (CVE-2024-42096) * kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102) * kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131) * kernel: nvme: avoid double free special payload (CVE-2024-41073) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Moderate

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: nfsd: fix RELEASE_LOCKOWNER (CVE-2024-26629) * kernel: mm: cachestat: fix folio read-after-free in cache walk (CVE-2024-26630) * kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720) * kernel: Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886) * kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946) * kernel: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (CVE-2024-35791) * kernel: mm: cachestat: fix two shmem bugs (CVE-2024-35797) * kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875) * kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000) * kernel: iommufd: Fix missing update of domains_itree after splitting iopt_area (CVE-2023-52801) * kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883) * kernel: regmap: maple: Fix cache corruption in regcache_maple_drop() (CVE-2024-36019) * kernel: usb-storage: alauda: Check whether the media is initialized (CVE-2024-38619) * kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979) * kernel: scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559) * kernel: xhci: Handle TD clearing for multiple streams case (CVE-2024-40927) * kernel: cxl/region: Fix memregion leaks in devm_cxl_add_region() (CVE-2024-40936) * kernel: net/sched: Fix UAF when resolving a clash (CVE-2024-41040) * kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044) * kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055) * kernel: PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096) * kernel: xdp: Remove WARN() from __xdp_reg_mem_model() (CVE-2024-42082) * kernel: x86: stop playing stack games in profile_pc() (CVE-2024-42096) * kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102) * kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131) * kernel: nvme: avoid double free special payload (CVE-2024-41073) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-427.35.1.el9_4.x86_64.rpm b0441d7dc998954f317e58d19a27a8aa0efea08eefe38f23b038b2b974c318f0 kernel-rt-core-5.14.0-427.35.1.el9_4.x86_64.rpm 1bb45a638c3a0ffc46b55c4b49230a74effa9a8c8e752a39dd69da2e31a9ed6a kernel-rt-debug-5.14.0-427.35.1.el9_4.x86_64.rpm 17674faa9f5ff9e8def916fb99c6eb3497321dfec7dd577699cfe8ffde16c9d0 kernel-rt-debug-core-5.14.0-427.35.1.el9_4.x86_64.rpm e6a1cdba584ee66646a5911a11e33bfbde715c49b078b019a6e4179e008b672e kernel-rt-debug-devel-5.14.0-427.35.1.el9_4.x86_64.rpm 8d289ca94947d14cc4627c108f5897eb74d31c2093e66ed8211a5b257241dfda kernel-rt-debug-modules-5.14.0-427.35.1.el9_4.x86_64.rpm 16cdf89927dabbd96d551fa9a20a8710fce54100805e9a38d0ad3635d1172d82 kernel-rt-debug-modules-core-5.14.0-427.35.1.el9_4.x86_64.rpm 83b5a6c881ff642b5953fcd8be1d111fe5d8937d7d939c5c14295d3adc8ffc24 kernel-rt-debug-modules-extra-5.14.0-427.35.1.el9_4.x86_64.rpm 47ac6c8cba80583aee0d0720f4d3b855c1a99685b7126eb892ef465b2ab6bb4c kernel-rt-devel-5.14.0-427.35.1.el9_4.x86_64.rpm 40b552d119a369972427fa4322f1a1266594b75f541ee2ade42a4b6b8310103f kernel-rt-modules-5.14.0-427.35.1.el9_4.x86_64.rpm 1e330f442cfbc1b4dd9edcb6739c28fdcd1eb8beaf0e7bdd9c6df865d436cc10 kernel-rt-modules-core-5.14.0-427.35.1.el9_4.x86_64.rpm 7d4f015e3b30fcb488e410da55ae8298818cad711f0d2c9be87b3e3ccf62ec83 kernel-rt-modules-extra-5.14.0-427.35.1.el9_4.x86_64.rpm 2edfa706cf36ba7262bdc7f905dc43147a7581744841ecc41830d9df236ce3b9 RLSA-2024:8162 Moderate: kernel security update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746) * kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403) * kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658) * kernel: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (CVE-2024-35989) * kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47385) * kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889) * kernel: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (CVE-2024-36978) * kernel: net/mlx5: Add a timeout to acquire the command queue semaphore (CVE-2024-38556) * kernel: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (CVE-2024-39483) * kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502) * kernel: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CVE-2024-40959) * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079) * kernel: sched: act_ct: take care of padding in struct zones_ht_key (CVE-2024-42272) * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Moderate

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746) * kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403) * kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658) * kernel: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (CVE-2024-35989) * kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47385) * kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889) * kernel: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (CVE-2024-36978) * kernel: net/mlx5: Add a timeout to acquire the command queue semaphore (CVE-2024-38556) * kernel: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (CVE-2024-39483) * kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502) * kernel: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CVE-2024-40959) * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079) * kernel: sched: act_ct: take care of padding in struct zones_ht_key (CVE-2024-42272) * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-427.40.1.el9_4.x86_64.rpm 753c5e51a16cb572a8402ad3c63de2dd7b43f7dedc46c02311d56bfff3fc5af6 kernel-rt-core-5.14.0-427.40.1.el9_4.x86_64.rpm 2aabd8b3521aa7c632a9eb71c6ab07015732dffef22c6a7537b11506c86044b3 kernel-rt-debug-5.14.0-427.40.1.el9_4.x86_64.rpm 02eba91b9bd50b32f70d7cc3565557e082f538bf3a3ddac3f0287e69334c4e43 kernel-rt-debug-core-5.14.0-427.40.1.el9_4.x86_64.rpm 62cbb68cf3a28a7928e220494d0e59ee44b743d7f8af9f6ec8e22e585fb1cb80 kernel-rt-debug-devel-5.14.0-427.40.1.el9_4.x86_64.rpm 7083cbf3a13838eba37947f06c50c9479610e2c671eba6974e2374cb5e3f8aa8 kernel-rt-debug-modules-5.14.0-427.40.1.el9_4.x86_64.rpm 7fd43301b06f2fcffb76db2e43c37cef9766f930587ad205b30478e77e93036c kernel-rt-debug-modules-core-5.14.0-427.40.1.el9_4.x86_64.rpm 702dd7b8aaad74ce888716521f0e7f7c48d3e27e3224d22b93fffb8571c134dd kernel-rt-debug-modules-extra-5.14.0-427.40.1.el9_4.x86_64.rpm 732675e3ea735bf2b8419c854fa462dccdae78d119fd4711a0cf48adb37bf31a kernel-rt-devel-5.14.0-427.40.1.el9_4.x86_64.rpm 405e0081bddb7c83be73737a929ad354e62541a9965eeb859075ab8747b9250a kernel-rt-modules-5.14.0-427.40.1.el9_4.x86_64.rpm 5d9e328b5ea7d271c7ae16feead7d1eba3080ff81708e0c388c8a0922d4b70fe kernel-rt-modules-core-5.14.0-427.40.1.el9_4.x86_64.rpm 85279efe779dfb13535f9967fc692d3c8464c72a2e3395f4d1236e5187269cda kernel-rt-modules-extra-5.14.0-427.40.1.el9_4.x86_64.rpm c27a417d61eafd2f3a74929edeae7d9afd699953f12c880fa0ff2775ab2dadaf RLSA-2024:8617 Moderate: kernel security update The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201) * kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640) * kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826) * kernel: af_unix: Fix garbage collector racing against connect() (CVE-2024-26923) * kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961) * kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935) * kernel: tty: Fix out-of-bound vmalloc access in imageblit (CVE-2021-47383) * kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244) * kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472) * kernel: netfilter: nft_inner: validate mandatory meta and payload (CVE-2024-39504) * kernel: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CVE-2024-40904) * kernel: mptcp: ensure snd_una is properly initialized on connect (CVE-2024-40931) * kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960) * kernel: ext4: do not create EA inode under buffer lock (CVE-2024-40972) * kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CVE-2024-40977) * kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995) * kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998) * kernel: netpoll: Fix race condition in netpoll_owner_active (CVE-2024-41005) * kernel: xfs: don't walk off the end of a directory data block (CVE-2024-41013) * kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014) * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854) * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 9 1 Moderate

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201) * kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640) * kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826) * kernel: af_unix: Fix garbage collector racing against connect() (CVE-2024-26923) * kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961) * kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935) * kernel: tty: Fix out-of-bound vmalloc access in imageblit (CVE-2021-47383) * kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244) * kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472) * kernel: netfilter: nft_inner: validate mandatory meta and payload (CVE-2024-39504) * kernel: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CVE-2024-40904) * kernel: mptcp: ensure snd_una is properly initialized on connect (CVE-2024-40931) * kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960) * kernel: ext4: do not create EA inode under buffer lock (CVE-2024-40972) * kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CVE-2024-40977) * kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995) * kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998) * kernel: netpoll: Fix race condition in netpoll_owner_active (CVE-2024-41005) * kernel: xfs: don't walk off the end of a directory data block (CVE-2024-41013) * kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014) * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854) * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-9-x86-64-rt-rpms kernel-rt-5.14.0-427.42.1.el9_4.x86_64.rpm 67fe35cde20c4f205005a5845d7a54ed9f52111c5dd09fbe534af861e842c717 kernel-rt-core-5.14.0-427.42.1.el9_4.x86_64.rpm f01426aebaa39a17841dcf2719fe82f20c1b844a934a199c5edb390aa48e4727 kernel-rt-debug-5.14.0-427.42.1.el9_4.x86_64.rpm 921256d9da44d29690febe431782aa8b911037bd31fb4c4b2ddb93e41dccd3bd kernel-rt-debug-core-5.14.0-427.42.1.el9_4.x86_64.rpm bc4d2b8eb31a4d26aa22120b797dc8e472ab612f08497c46e93ed36dbfef2ed6 kernel-rt-debug-devel-5.14.0-427.42.1.el9_4.x86_64.rpm 5814483e6caacb2175228953f29468f1c6fada67e66bd6a23f4a96dd541f6cba kernel-rt-debug-modules-5.14.0-427.42.1.el9_4.x86_64.rpm c83ed5a40c532f78040356d6b848ab5a64df0350e71e606a3058acbf115514e9 kernel-rt-debug-modules-core-5.14.0-427.42.1.el9_4.x86_64.rpm 0d583d28493d0eeb1a1f6dc9c10e4fd205e299dcf0930492e72ea548cdeeba7c kernel-rt-debug-modules-extra-5.14.0-427.42.1.el9_4.x86_64.rpm ac421de9c7d8eb3201e840cdf74a3c636aa62b34b064b21d0ab9400fe300d14c kernel-rt-devel-5.14.0-427.42.1.el9_4.x86_64.rpm 168cf240ef0f01394965afb8f06ff9fbbf4fbd97c4c4bf8b6ca7eaa525b38569 kernel-rt-modules-5.14.0-427.42.1.el9_4.x86_64.rpm 971f507ab8b39063d0a724f6d56b01be76498acfe4203ef8cd49c78438428af2 kernel-rt-modules-core-5.14.0-427.42.1.el9_4.x86_64.rpm ee11f03fa8dc892f7c94058220c14582e07d8e1fee27a1286d61f3e685bfcd90 kernel-rt-modules-extra-5.14.0-427.42.1.el9_4.x86_64.rpm d43667ae8e716193d6fa48803780a5b77bdfb3366493fbe1aff2f0ea31e79177