CVE-2024-21823
high
CVSS v3
β
CVSS v4 NEW
β
VIR risk
8.0
Description
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access
Predictions
Exploit likelihood
20%
Patch ETA
β
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata β Red Hat Inc. Β· View original β Β· Open-Errata-API
Description kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application CVSS v3: 6.4 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:51022024-08-08T00:00:00Z Red Hat Enterprise Linuxβ¦
Description
kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application
CVSS v3: 6.4 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10 | RHSA-2024:5102 | 2024-08-08T00:00:00Z |
| Red Hat Enterprise Linux 8 | kernel-0:4.18.0-553.16.1.el8_10 | RHSA-2024:5101 | 2024-08-08T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | kernel-0:4.18.0-305.134.1.el8_4 | RHSA-2024:4731 | 2024-07-23T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | kernel-rt-0:4.18.0-305.134.1.rt7.210.el8_4 | RHSA-2024:4729 | 2024-07-23T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | kernel-0:4.18.0-305.134.1.el8_4 | RHSA-2024:4731 | 2024-07-23T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | kernel-0:4.18.0-305.134.1.el8_4 | RHSA-2024:4731 | 2024-07-23T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | kernel-0:4.18.0-372.118.1.el8_6 | RHSA-2024:5281 | 2024-08-13T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | kernel-0:4.18.0-372.118.1.el8_6 | RHSA-2024:5281 | 2024-08-13T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | kernel-0:4.18.0-372.118.1.el8_6 | RHSA-2024:5281 | 2024-08-13T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Extended Update Support | kernel-0:4.18.0-477.70.1.el8_8 | RHSA-2024:6206 | 2024-09-03T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-427.31.1.el9_4 | RHSA-2024:5363 | 2024-08-15T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-427.31.1.el9_4 | RHSA-2024:5363 | 2024-08-15T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | kernel-0:5.14.0-70.112.1.el9_0 | RHSA-2024:5257 | 2024-08-13T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | kernel-rt-0:5.14.0-70.112.1.rt21.184.el9_0 | RHSA-2024:5256 | 2024-08-13T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Extended Update Support | kernel-0:5.14.0-284.79.1.el9_2 | RHSA-2024:5364 | 2024-08-14T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Extended Update Support | kernel-rt-0:5.14.0-284.79.1.rt14.364.el9_2 | RHSA-2024:5365 | 2024-08-14T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Not affected |
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected |
| Red Hat Enterprise Linux 9 | kernel-rt | Affected |
Apply commands
Apply RHSA-2024:5102 for Red Hat Enterprise Linux 8
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rtAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 10 | Not affected |
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Affected |
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
Debian Mixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.8.11-1 |
| sid | Fixed | 6.8.11-1 |
| forky | Fixed | 6.8.11-1 |
| bullseye | Affected | β |
| bookworm | Fixed | 6.1.94-1 |
AlmaLinux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | kernel-headers-5.14.0-427.31.1.el9_4.aarch64.rpm |
| 8 | Fixed | kernel-doc-4.18.0-553.16.1.el8_10.noarch.rpm |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2024:5363
- https://errata.rockylinux.org/RXSA-2024:5101
- https://errata.rockylinux.org/RLSA-2024:5102
- https://errata.rockylinux.org/RLSA-2024:5101
- https://www.suse.com/security/cve/CVE-2024-21823.html
- https://errata.rockylinux.org/RLSA-2024:5363
- https://security-tracker.debian.org/tracker/CVE-2024-21823
- https://access.redhat.com/errata/RHSA-2024:5101
- https://bugzilla.redhat.com/2263879
- https://bugzilla.redhat.com/2265645
- https://bugzilla.redhat.com/2265650
- https://bugzilla.redhat.com/2265797
- https://bugzilla.redhat.com/2266341
- https://bugzilla.redhat.com/2266347
- https://bugzilla.redhat.com/2266497
- https://bugzilla.redhat.com/2266594
- https://bugzilla.redhat.com/2267787
- https://bugzilla.redhat.com/2268118
- https://bugzilla.redhat.com/2269070
- https://bugzilla.redhat.com/2269211
- https://bugzilla.redhat.com/2270084
- https://bugzilla.redhat.com/2270100
- https://bugzilla.redhat.com/2270700
- https://bugzilla.redhat.com/2271686
- https://bugzilla.redhat.com/2271688
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.