Red Hat (AV24-098), an important update for kpatch-patch has been released to address security vulnerabilities in the kernel for Red Hat Enterprise Linux 8.6 Extended Update Support. The security impact is rated as “Important,” with a detailed Common Vulnerability Scoring System (CVSS) base score provided for each vulnerability, focusing on CVE-2023-4921 and CVE-2024-0646. These vulnerabilities include a use-after-free flaw in the sch_qfq network scheduler and a ktls-related issue overwriting readonly memory pages.
The advisory recommends users to apply the update promptly, providing a solution link for detailed instructions. Affected products include Red Hat Enterprise Linux for x86_64, Power (little endian), and various server editions. Each vulnerability is linked to corresponding Bugzilla entries for detailed tracking. Additionally, Red Hat Insights patch analysis is highlighted, allowing users to identify and remediate affected systems efficiently.
A similar security advisory is also available for Red Hat Enterprise Linux 9.2 Extended Update Support, emphasizing the importance of applying the update promptly due to the critical nature of the vulnerabilities. The advisory follows a standardized format, providing information on the affected products, fixes, and references for further details.
Reference:
