Hello Rocky Linux Community,
I am currently facing an urgent security issue on a Rocky Linux 9.2 server operating within an air-gapped (offline) internal network.
Current System Details:
- Operating System: Rocky Linux 9.2
- Kernel Version: 5.14.0-284.11.1.el9_2.x86_64
Vulnerabilities Requiring Action:
- CVE-2024-53197 (Out-of-Bounds Memory Access in USB Audio Driver)
- CVE-2024-53150 (Out-of-Bounds Reads in USB Audio Driver Clock Descriptor Traversal)
As these are critical vulnerabilities, and my system is offline, I cannot perform a standard dnf update
to upgrade to Rocky Linux 9.6. I understand that Rocky Linux 9.2 is EOL, and that the comprehensive fix for these CVEs would be to update to the latest Rocky Linux 9.6 kernel (e.g., 5.14.0-570.17.1.el9_6).
However, due to the offline nature and specific organizational constraints, a full upgrade to Rocky Linux 9.6 is currently not feasible. My primary goal is to apply the specific patches for CVE-2024-53197 and CVE-2024-53150 to my existing Rocky Linux 9.2 (5.14.0-284.11.1.el9_2) kernel or obtain an RPM for a patched 5.14.x kernel that is compatible with RL 9.2.
Could anyone please advise on the following:
- Do specific patch RPMs for these two CVEs exist for the 5.14.x kernel series that can be manually applied to Rocky Linux 9.2?
- If so, could you please provide a direct URL to download these specific RPM packages (e.g.,
kernel-core
,kernel-modules
,kernel-devel
,kernel-headers
) that contain the fixes for CVE-2024-53197 and CVE-2024-53150, and are compatible with the Rocky Linux 9.x architecture, even if they are from a later 9.x minor release (like 9.3, 9.4, 9.5, or 9.6)? I need the specific files to transfer via USB.
I understand that a full upgrade to 9.6 is ideal, but I am looking for the most direct and least disruptive way to address these critical vulnerabilities in my current offline 9.2 environment. Any guidance or links to the relevant RPMs would be immensely appreciated.
Thank you for your time and help.