INFSA-2025:2474: kernel-rt security update
Information about definition
Identificator: INFSA-2025:2474
Type: security
Release date: 2025-03-17 13:26:40 UTC
Information about package
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Vulnerabilities description
- CVE-2024-50302
A vulnerability was found in the Linux kernel's driver for Human Interface Devices. This flaw allows an attacker to use a malicious input device to read information from the report buffer. This could be used to leak kernel memory, enabling the exploitation of additional vulnerabilities.
- CVE-2024-53197
A vulnerability was found in the Linux kernel's USB Audio driver. This flaw allows an attacker with physical access to the system to use a malicious USB device to gain additional access. This is possible by manipulating system memory, potentially escalating privileges, or executing arbitrary code.
- CVE-2024-57807
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock.
- CVE-2024-57979
In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-50302
|
no information | 6.1 | no information |
|
NIST — CVE-2024-53197
|
no information | 5.8 | no information |
|
NIST — CVE-2024-57807
|
no information | 4.1 | no information |
|
NIST — CVE-2024-57979
|
no information | 6.4 | no information |
Updated packages