SUSE-SU-2024:0483-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20240483-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:0483-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:0483-1
Related
Published
2024-02-15T12:49:30Z
Modified
2024-02-15T12:49:30Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
  • CVE-2023-51780: Fixed a use-after-free in dovccioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
  • CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
  • CVE-2021-33631: Fixed an integer overflow in ext4writeinlinedataend() (bsc#1219412).
  • CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
  • CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
  • CVE-2024-0775: Fixed use-after-free in _ext4remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
  • CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within nf_tables_newtable function (bsc#1218752).
  • CVE-2023-51782: Fixed use-after-free in roseioctl in net/rose/afrose.c because of a rose_accept race condition (bsc#1218757).
  • CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhostnewmsg() (bsc#1218689).
  • CVE-2023-51042: Fixed use-after-free in amdgpucswaitallfences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).

The following non-security bugs were fixed:

  • Store the old kernel changelog entries in kernel-docs package (bsc#1218713)
  • 9p: missing chunk of 'fs/9p: Do not update file type when updating file attributes' (git-fixes).
  • ACPICA: Avoid cache flush inside virtual machines (git-fixes).
  • GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads (git-fixes).
  • KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1219022).
  • UAPI: ndctl: Fix g++-unsupported initialisation in headers (git-fixes).
  • USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
  • USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
  • USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
  • USB: serial: option: fix FM101R-GL defines (git-fixes).
  • acpi/nfit: Require opt-in for read-only label configurations (git-fixes).
  • acpi/nfit: improve bounds checking for 'func' (git-fixes).
  • affs: fix basic permission bits to actually work (git-fixes).
  • aio: fix mremap after fork null-deref (git-fixes).
  • asix: Add check for usbnetgetendpoints (git-fixes).
  • bnxt_en: Log unknown link speed appropriately (git-fixes).
  • ceph: fix incorrect revoked caps assert in cephfillfile_size() (bsc#1219445).
  • chardev: fix error handling in cdevdeviceadd() (git-fixes).
  • configfs: fix a deadlock in configfs_symlink() (git-fixes).
  • configfs: fix a race in configfs{,un}registersubsystem() (git-fixes).
  • configfs: fix a use-after-free in _configfsopen_file (git-fixes).
  • configfs: fix configitem refcnt leak in configfsrmdir() (git-fixes).
  • configfs: fix memleak in configfsreleasebin_file (git-fixes).
  • configfs: new object reprsenting tree fragments (git-fixes).
  • configfs: provide exclusion between IO and removals (git-fixes).
  • configfs: stash the data we need into configfs_buffer at open time (git-fixes).
  • ext4: Avoid freeing inodes on dirty list (bsc#1216989).
  • ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
  • fat: add ratelimit to fat*entbread() (git-fixes).
  • fs/exofs: fix potential memory leak in mount option parsing (git-fixes).
  • fs/fat/fatent.c: add condresched() to fatcountfreeclusters() (git-fixes).
  • fs/fat/file.c: issue flush after the writeback of FAT (git-fixes).
  • fs/file.c: initialize initfiles.resizewait (git-fixes).
  • fs: do not audit the capability check in simplexattrlist() (git-fixes).
  • fs: ocfs2: namei: check return value of ocfs2addentry() (git-fixes).
  • fs: orangefs: fix error return code of orangefsrevalidatelookup() (git-fixes).
  • fs: ratelimit _findgetblockslow() failure message (git-fixes).
  • fs: warn about impending deprecation of mandatory locks (git-fixes).
  • gfs2: Allow lock_nolock mount to specify jid=X (git-fixes).
  • gfs2: Check sbbsizeshift after reading superblock (git-fixes).
  • gfs2: Do not call dlm after protocol is unmounted (git-fixes).
  • gfs2: Do not set GFS2RDFUPTODATE when the lvb is updated (git-fixes).
  • gfs2: Do not skip dlm unlock if glock had an lvb (git-fixes).
  • gfs2: Fix inode height consistency check (git-fixes).
  • gfs2: Fix lru_count going negative (git-fixes).
  • gfs2: Fix marking bitmaps non-full (git-fixes).
  • gfs2: Fix possible data races in gfs2showoptions() (git-fixes).
  • gfs2: Fix sign extension bug in gfs2updatestats (git-fixes).
  • gfs2: Fix use-after-free in gfs2glockshrink_scan (git-fixes).
  • gfs2: Free rdbits later in gfs2clear_rgrpd to fix use-after-free (git-fixes).
  • gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes).
  • gfs2: Special-case rindex for gfs2_grow (git-fixes).
  • gfs2: Wake up when sdglockdisposal becomes zero (git-fixes).
  • gfs2: add validation checks for size of superblock (git-fixes).
  • gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
  • gfs2: check for empty rgrp tree in gfs2riupdate (git-fixes).
  • gfs2: check for live vs. read-only file system in gfs2_fitrim (git-fixes).
  • gfs2: clear bufintr when ending a transaction in sweepbhfor_rgrps (git-fixes).
  • gfs2: fix use-after-free on transaction ail lists (git-fixes).
  • gfs2: ignore negated quota changes (git-fixes).
  • gfs2: initialize transaction trailXlists earlier (git-fixes).
  • gfs2: report 'already frozen/thawed' errors (git-fixes).
  • gfs2: take jdata unstuff into account in do_grow (git-fixes).
  • gfs2atomicopen(): fix OEXCL|OCREAT handling on cold dcache (git-fixes).
  • gtp: change NETUDPTUNNEL dependency to select (git-fixes).
  • help_next should increase position index (git-fixes).
  • iomap: sub-block dio needs to zeroout beyond EOF (git-fixes).
  • kernfs: Separate kernfsprcontbuf and renamelock (git-fixes).
  • kernfs: bring names in comments in line with code (git-fixes).
  • kernfs: fix use-after-free in _kernfsremove (git-fixes).
  • libceph: use kernel_connect() (bsc#1219446).
  • libnvdimm/btt: Fix LBA masking during 'free list' population (git-fixes).
  • libnvdimm/btt: Fix a kmemdup failure check (git-fixes).
  • libnvdimm/btt: Remove unnecessary code in bttfreelistinit (git-fixes).
  • libnvdimm/btt: fix variable 'rc' set but not used (git-fixes).
  • libnvdimm/namespace: Fix a potential NULL pointer dereference (git-fixes).
  • libnvdimm/ofpmem: Use devmkstrdup instead of kstrdup and check its return value (git-fixes).
  • libnvdimm/pmem: Delete include of nd-core.h (git-fixes).
  • libnvdimm/pmem: fix a possible OOB access when read and write pmem (git-fixes).
  • libnvdimm/region: Fix label activation vs errors (git-fixes).
  • libnvdimm: Fix compilation warnings with W=1 (git-fixes).
  • libnvdimm: Out of bounds read in _ndioctl() (git-fixes).
  • libnvdimm: Validate command family indices (git-fixes).
  • libnvdimm: cover up changes in struct nvdimmbusdescriptor (git-fixes).
  • locks: print a warning when mount fails due to lack of 'mand' support (git-fixes).
  • mce: fix setmcenospec to always unmap the whole page (git-fixes).
  • mkspec: Include constraints for both multibuild and plain package always There is no need to check for multibuild flag, the constraints can be always generated for both cases.
  • mlx4: handle non-napi callers to napi_poll (git-fixes).
  • mlxsw: spectrum: Avoid -Wformat-truncation warnings (git-fixes).
  • mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG (git-fixes).
  • mlxsw: spectrum: Set LAG port collector only when active (git-fixes).
  • mm,mremap: bail out earlier in mremap_to under map pressure (bsc#1123986).
  • net/mlx5: Do not call timecounter cyc2time directly from 1PPS flow (git-fixes).
  • net: (cpts) fix a missing check of clk_prepare (git-fixes).
  • net: dsa: bcmsf2: Propagate error value from mdiowrite (git-fixes).
  • net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 (git-fixes).
  • net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0 (git-fixed).
  • net: dsa: qca8k: Enable delay for RGMII_ID mode (git-fixes).
  • net: ethernet: ti: fix possible object reference leak (git-fixes).
  • net: fec: Do not use netdev messages too early (git-fixes).
  • net: ks8851: Delay requesting IRQ until opened (git-fixes).
  • net: ks8851: Reassert reset pin if chip ID check fails (git-fixes).
  • net: ks8851: Set initial carrier state to down (git-fixes).
  • net: macb: Add null check for PCLK and HCLK (git-fixed).
  • net: mv643xxeth: disable clk on error path in mv643xxethsharedprobe() (git-fixes).
  • net: mvneta: fix double free of txq->buf (git-fixes).
  • net: phy: sfp: warn the user when no tx_disable pin is available (git-fixes).
  • net: phylink: avoid resolving link state too early (git-fixes).
  • net: sfp: do not probe SFP module before we're attached (git-fixes).
  • net: stmmac: Disable EEE mode earlier in XMIT callback (git-fixes).
  • net: stmmac: Fallback to Platform Data clock in Watchdog conversion (git-fixes).
  • net: stmmac: do not overwrite discard_frame status (git-fixes).
  • net: stmmac: dwmac-rk: fix error handling in rkgmacpowerup() (git-fixes).
  • net: stmmac: dwmac1000: Clear unused address entries (git-fixed).
  • net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting (git-fixes).
  • net: stmmac: dwmac4/5: Clear unused address entries (git-fixes).
  • net: systemport: Fix reception of BPDUs (git-fixes).
  • net: xilinx: fix possible object reference leak (git-fixed).
  • nfsd: drop stmutex and rpmutex before calling movetoclose_lru() (bsc#1217525).
  • nvdimm/btt: do not call del_gendisk() if not needed (git-fixes).
  • nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).
  • nvdimm: Fix badblocks clear off-by-one error (git-fixes).
  • nvmet-tcp: fix a crash in nvmetreqcomplete() (git-fixes).
  • orangefs: Fix kmemleak in orangefspreparedebugfshelpstring() (git-fixes).
  • orangefs: Fix sysfs not cleanup when dev init failed (git-fixes).
  • orangefs: fix orangefs df output (git-fixes).
  • orangefs: rate limit the client not running info message (git-fixes).
  • powerpc/powernv: Add a null pointer check in opaleventinit() (bsc#1065729).
  • powerpc/powernv: Add a null pointer check in opalpowercapinit() (bsc#1181674 ltc#189159 git-fixes).
  • powerpc/pseries/memhotplug: Quieten some DLPAR operations (bsc#1065729).
  • powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).
  • powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1065729).
  • preserve KABI for struct platstmmacenetdata (git-fixes).
  • preserve KABI for struct sfpsocketops (git-fixes).
  • proc: fix /proc/*/map_files lookup (git-fixes).
  • pstore/ram: Check start of empty przs during init (git-fixes).
  • pstore/ram: Fix error return code in ramoops_probe() (git-fixes).
  • pstore/ram: Run without kernel crash dump region (git-fixes).
  • pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes).
  • pstore: ramcore: fix possible overflow in persistentraminitecc() (git-fixes).
  • r8169: fix data corruption issue on RTL8402 (git-fixes).
  • reiserfs: Check the return value from __getblk() (git-fixes).
  • reiserfs: Replace 1-element array with C99 style flex-array (git-fixes).
  • s390/dasd: fix double module refcount decrement (bsc#1141539).
  • scsi: qedf: fcrportpriv reference counting fixes (bsc#1212152).
  • scsi: qla0xxx: Fix system crash due to bad pointer access (git-fixes).
  • sfc: initialise found bitmap in efxef10mtd_probe (git-fixes).
  • statfs: enforce statfs[64] structure initialization (git-fixes).
  • tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes).
  • usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
  • veth: Fixing transmit return status for dropped packets (git-fixes).
  • vfs: make freezesuper abort when syncfilesystem returns error (git-fixes).
  • writeback: Export inodeiolist_del() (bsc#1216989).
  • x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
  • x86/alternatives: Sync core before enabling interrupts (git-fixes).
  • x86/asm: Ensure asm/proto.h can be included stand-alone (git-fixes).
  • x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
  • x86/build: Treat R386PLT32 relocation as R386PC32 (git-fixes).
  • x86/build: Turn off -fcf-protection for realmode targets (git-fixes).
  • x86/cpu/hygon: Fix the CPU topology evaluation for real (git-fixes).
  • x86/cpu: Add another Alder Lake CPU to the Intel family (git-fixes).
  • x86/fpu: Use Alignof to avoid undefined behavior in TYPEALIGN (git-fixes).
  • x86/kvm/lapic: always disable MMIO interface in x2APIC mode (git-fixes).
  • x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
  • x86/lib: Fix overflow when counting digits (git-fixes).
  • x86/mce: relocate set{clear}mcenospec() functions (git-fixes).
  • x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
  • x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).
  • x86/mm: Add a x86haspat_wp() helper (git-fixes).
  • x86/pat: Fix x86haspat_wp() (git-fixes).
  • x86/pat: Pass valid address to sanitize_phys() (git-fixes).
  • x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
  • x86/pm: Fix false positive kmemleak report in msrbuildcontext() (git-fixes).
  • x86/purgatory: Do not generate debug info for purgatory.ro (git-fixes).
  • x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
  • x86/topology: Fix duplicated core ID within a package (git-fixes).
  • x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
  • x86/unwind/orc: Fix unreliable stack dump with gcov (git-fixes).
  • x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
  • x86: Clear .brk area at early boot (git-fixes).
  • x86: Fix _getwchan() for !STACKTRACE (git-fixes).
  • x86: Fix get_wchan() to support the ORC unwinder (git-fixes).
  • x86: Mark stopthiscpu() __noreturn (git-fixes).
  • x86: Pin task-stack in _getwchan() (git-fixes).
  • x86: _alwaysinline __{rd,wr}msr() (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Server 12 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.168.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.168.1",
            "kernel-azure-devel": "4.12.14-16.168.1",
            "kernel-devel-azure": "4.12.14-16.168.1",
            "kernel-syms-azure": "4.12.14-16.168.1",
            "kernel-azure-base": "4.12.14-16.168.1",
            "kernel-source-azure": "4.12.14-16.168.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.168.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.168.1",
            "kernel-azure-devel": "4.12.14-16.168.1",
            "kernel-devel-azure": "4.12.14-16.168.1",
            "kernel-syms-azure": "4.12.14-16.168.1",
            "kernel-azure-base": "4.12.14-16.168.1",
            "kernel-source-azure": "4.12.14-16.168.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.168.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.168.1",
            "kernel-azure-devel": "4.12.14-16.168.1",
            "kernel-devel-azure": "4.12.14-16.168.1",
            "kernel-syms-azure": "4.12.14-16.168.1",
            "kernel-azure-base": "4.12.14-16.168.1",
            "kernel-source-azure": "4.12.14-16.168.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.168.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.168.1",
            "kernel-azure-devel": "4.12.14-16.168.1",
            "kernel-devel-azure": "4.12.14-16.168.1",
            "kernel-syms-azure": "4.12.14-16.168.1",
            "kernel-azure-base": "4.12.14-16.168.1",
            "kernel-source-azure": "4.12.14-16.168.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.168.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.168.1",
            "kernel-azure-devel": "4.12.14-16.168.1",
            "kernel-devel-azure": "4.12.14-16.168.1",
            "kernel-syms-azure": "4.12.14-16.168.1",
            "kernel-azure-base": "4.12.14-16.168.1",
            "kernel-source-azure": "4.12.14-16.168.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.168.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.168.1",
            "kernel-azure-devel": "4.12.14-16.168.1",
            "kernel-devel-azure": "4.12.14-16.168.1",
            "kernel-syms-azure": "4.12.14-16.168.1",
            "kernel-azure-base": "4.12.14-16.168.1",
            "kernel-source-azure": "4.12.14-16.168.1"
        }
    ]
}