SUSE-SU-2024:1465-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1465-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:1465-1
Related
Published
2024-04-29T12:57:44Z
Modified
2024-04-29T12:57:44Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2020-36780: Fixed a reference leak when pmruntimeget_sync fails in i2c (bsc#1220556).
  • CVE-2020-36781: Fixed reference leak when pmruntimeget_sync fails in i2c/imx (bsc#1220557).
  • CVE-2020-36782: Fixed a reference leak when pmruntimeget_sync fails in i2c imx-lpi2c (bsc#1220560).
  • CVE-2020-36783: Fixed a reference leak when pmruntimeget_sync fails in i2c img-scb (bsc#1220561).
  • CVE-2021-46908: Fixed incorrect permission flag for mixed signed bounds arithmetic in bpf (bsc#1220425).
  • CVE-2021-46909: Fixed a PCI interrupt mapping in ARM footbridge (bsc#1220442).
  • CVE-2021-46911: Fixed kernel panic (bsc#1220400).
  • CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pcidisabledevice() (bsc#1220465).
  • CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432).
  • CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429).
  • CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414).
  • CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426).
  • CVE-2021-46921: Fixed ordering in queuedwritelock_slowpath (bsc#1220468).
  • CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475).
  • CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
  • CVE-2021-46931: Fixed wrong type casting in mlx5etxreporterdumpsq() (bsc#1220486).
  • CVE-2021-46933: Fixed possible underflow in ffsdataclear() (bsc#1220487).
  • CVE-2021-46938: Fixed a double free of blkmqtag_set in dev remove after table load fails in dm rq (bsc#1220554).
  • CVE-2021-46939: Fixed a denial of service in traceclockglobal() in tracing (bsc#1220580).
  • CVE-2021-46943: Fixed an oops in set_fmt error handling in media: staging/intel-ipu3 (bsc#1220583).
  • CVE-2021-46944: Fixed a memory leak in imu_fmt in media staging/intel-ipu3 (bsc#1220566).
  • CVE-2021-46950: Fixed a data corruption bug in raid1 arrays using bitmaps in md/raid1 (bsc#1220662).
  • CVE-2021-46951: Fixed an integer underflow of efitpmfinallogsize in tpmreadlog_efi in tpm efi (bsc#1220615).
  • CVE-2021-46956: Fixed memory leak in virtiofsprobe() (bsc#1220516).
  • CVE-2021-46958: Fixed a race between transaction aborts and fsyncs leading to use-after-free in btrfs (bsc#1220521).
  • CVE-2021-46959: Fixed use-after-free with devmspialloc_* (bsc#1220734).
  • CVE-2021-46960: Fixed a warning on smb2getenc_key in cifs (bsc#1220528).
  • CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529).
  • CVE-2021-46962: Fixed a resource leak in the remove function in mmc uniphier-sd (bsc#1220532).
  • CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand() (bsc#1220536).
  • CVE-2021-46971: Fixed unconditional securitylockeddown() call (bsc#1220697).
  • CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621).
  • CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663).
  • CVE-2021-46981: Fixed a NULL pointer in flush_workqueue in nbd (bsc#1220611).
  • CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639).
  • CVE-2021-46984: Fixed an out of bounds access in kyberbiomerge() in kyber (bsc#1220631).
  • CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706).
  • CVE-2021-46990: Fixed a denial of service when toggling entry flush barrier in powerpc/64s (bsc#1220743).
  • CVE-2021-46991: Fixed a use-after-free in i40eclientsubtask (bsc#1220575).
  • CVE-2021-46992: Fixed a bug to avoid overflows in nfthashbuckets (bsc#1220638).
  • CVE-2021-46998: Fixed an use after free bug in enichardstart_xmit in ethernet/enic (bsc#1220625).
  • CVE-2021-47000: Fixed an inode leak on getattr error in _fhto_dentry in ceph (bsc#1220669).
  • CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670).
  • CVE-2021-47003: Fixed potential null dereference on pointer status in idxdcmdexec (bsc#1220677).
  • CVE-2021-47006: Fixed wrong check in overflowhandler hook in ARM 9064/1 hwbreakpoint (bsc#1220751).
  • CVE-2021-47009: Fixed memory leak on object td (bsc#1220733).
  • CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630).
  • CVE-2021-47015: Fixed a RX consumer index logic in the error path in bnxtrxpkt() in bnxt_en (bsc#1220794).
  • CVE-2021-47017: Fixed use after free in ath10khtcsend_bundle (bsc#1220678).
  • CVE-2021-47020: Fixed a memory leak in stream config error path in soundwire stream (bsc#1220785).
  • CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685).
  • CVE-2021-47034: Fixed a kernel memory fault for pte update on radix in powerpc/64s (bsc#1220687).
  • CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688).
  • CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753).
  • CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759).
  • CVE-2021-47045: Fixed a null pointer dereference in lpfcprepels_iocb() in scsi lpfc (bsc#1220640).
  • CVE-2021-47046: Fixed off by one in hdmi14process_transaction() (bsc#1220758).
  • CVE-2021-47049: Fixed an after free in _vmbusopen() in hv vmbus (bsc#1220692).
  • CVE-2021-47051: Fixed a PM reference leak in lpspipreparexfer_hardware() in spi fsl-lpspi (bsc#1220764).
  • CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
  • CVE-2021-47056: Fixed a user-memory-access error on vf2pf_lock in crypto (bsc#1220769).
  • CVE-2021-47058: Fixed a possible user-after-free in set debugfs_name in regmap (bsc#1220779).
  • CVE-2021-47063: Fixed a potential use-after-free during bridge detach in drm bridge/panel (bsc#1220777).
  • CVE-2021-47065: Fixed an array overrun in rtwgettxpowerparams() in rtw88 (bsc#1220749).
  • CVE-2021-47068: Fixed a use-after-free issue in llcpsockbind/connect (bsc#1220739).
  • CVE-2021-47070: Fixed memory leak in error handling paths in uiohvgeneric (bsc#1220829).
  • CVE-2021-47071: Fixed a memory leak in error handling paths in hvuiocleanup() in uiohvgeneric (bsc#1220846).
  • CVE-2021-47073: Fixed oops on rmmod dellsmbios initdellsmbioswmi() (bsc#1220850).
  • CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#1220861).
  • CVE-2021-47082: Fixed ouble free in tunfreenetdev() (bsc#1220969).
  • CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
  • CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
  • CVE-2021-47097: Fixed stack out of bound access in elantechchangereport_id() (bsc#1220982).
  • CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
  • CVE-2021-47101: Fixed uninit-value in asixmdioread() (bsc#1220987).
  • CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534).
  • CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221532).
  • CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221541).
  • CVE-2021-47114: Fixed a data corruption by fallocate in ocfs2 (bsc#1221548).
  • CVE-2021-47117: Fixed a crash in ext4escacheextent as ext4splitextentat failed in ext4 (bsc#1221575).
  • CVE-2021-47118: Fixed an use-after-free in init task's struct pid in pid (bsc#1221605).
  • CVE-2021-47119: Fixed a memory leak in ext4fillsuper in ext4 (bsc#1221608).
  • CVE-2021-47120: Fixed a NULL pointer dereference on disconnect in HID magicmouse (bsc#1221606).
  • CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552).
  • CVE-2021-47136: Fixed uninitialized memory access caused by allocation via zero-initialize tc skb extension in net (bsc#1221931).
  • CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932).
  • CVE-2021-47138: Fixed an out-of-bound memory access during clearing filters in cxgb4 (bsc#1221934).
  • CVE-2021-47139: Fixed a race condition that lead to oops in netdevice registration in net hns3 (bsc#1221935).
  • CVE-2021-47141: Fixed a null pointer dereference on priv->msix_vectors when driver is unloaded in gve (bsc#1221949).
  • CVE-2021-47142: Fixed an use-after-free on ttm->sg in drm/amdgpu (bsc#1221952).
  • CVE-2021-47144: Fixed a refcount leak in amdgpufb_create in drm/amd/amdgpu (bsc#1221989).
  • CVE-2021-47150: Fixed the potential memory leak in fecenetinit() (bsc#1221973).
  • CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 (bsc#1221969).
  • CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974).
  • CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe function in spi spi-fsl-dspi (bsc#1221966).
  • CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978).
  • CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson (bsc#1221965).
  • CVE-2021-47166: Fixed a data corruption of pgbyteswritten in nfsdorecoalesce() in nfs (bsc#1221998).
  • CVE-2021-47167: Fixed an oopsable condition in _nfspageioaddrequest() in nfs (bsc#1221991).
  • CVE-2021-47168: Fixed an incorrect limit in filelayoutdecodelayout() in nfs (bsc#1222002).
  • CVE-2021-47169: Fixed a NULL pointer dereference in rp2_probe in serial rp2 (bsc#1222000).
  • CVE-2021-47170: Fixed a WARN about excessively large memory allocations in usb usbfs (bsc#1222004).
  • CVE-2021-47171: Fixed a memory leak in smsc75xx_bind in net usb (bsc#1221994).
  • CVE-2021-47172: Fixed a potential overflow due to non sequential channel numbers in adc/ad7124 (bsc#1221992).
  • CVE-2021-47173: Fixed a memory leak in uss720_probe in misc/uss720 (bsc#1221993).
  • CVE-2021-47174: Fixed missing check in irqfpuusable() (bsc#1221990).
  • CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003).
  • CVE-2021-47176: Fixed crash with illegal operation exception in dasddevicetasklet in s390/dasd (bsc#1221996).
  • CVE-2021-47177: Fixed a sysfs leak in alloc_iommu() in iommu/vt-d (bsc#1221997).
  • CVE-2021-47179: Fixed a NULL pointer dereference in pnfsmarkmatchinglsegsreturn() in nfsv4 (bsc#1222001).
  • CVE-2021-47180: Fixed a memory leak in nciallocatedevice nfcmrvl_disconnect in nfc nci (bsc#1221999).
  • CVE-2021-47181: Fixed a null pointer dereference caused by calling platformgetresource() (bsc#1222660).
  • CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
  • CVE-2021-47185: Fixed a softlockup issue in flushtoldisc in tty tty_buffer (bsc#1222669).
  • CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
  • CVE-2021-47202: Fixed NULL pointer dereferences in ofthermal functions (bsc#1222878)
  • CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
  • CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
  • CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
  • CVE-2023-52469: Fixed a use-after-free in kvparsepower_table (bsc#1220411).
  • CVE-2023-52470: Fixed null-ptr-deref in radeoncrtcinit() (bsc#1220413).
  • CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
  • CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
  • CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
  • CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function _dmaasyncdevicechannel_register() (bsc#1221276).
  • CVE-2023-52500: Fixed information leaking when processing OPCINBSETCONTROLLERCONFIG command (bsc#1220883).
  • CVE-2023-52508: Fixed null pointer dereference in nvmefcio_getuuid() (bsc#1221015).
  • CVE-2023-52509: Fixed a use-after-free issue in ravbtxtimeout_work() (bsc#1220836).
  • CVE-2023-52572: Fixed UAF in cifsdemultiplexthread() in cifs (bsc#1220946).
  • CVE-2023-52575: Fixed SBPB enablement for specrstackoverflow=off (bsc#1220871).
  • CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
  • CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
  • CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
  • CVE-2023-52607: Fixed a null-pointer-dereference in pgtablecacheadd kasprintf() (bsc#1221061).
  • CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
  • CVE-2023-6270: Fixed a use-after-free issue in aoecmdcfgpkts (bsc#1218562).
  • CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamread_generic()on the socket that the SKB is queued on (bsc#1218447).
  • CVE-2023-7042: Fixed a null-pointer-dereference in ath10kwmitlvoppullmgmttxcomplev() (bsc#1218336).
  • CVE-2023-7192: Fixed a memory leak problem in ctnetlinkcreateconntrack in net/netfilter/nfconntracknetlink.c (bsc#1218479).
  • CVE-2024-22099: Fixed a null-pointer-dereference in rfcommchecksecurity (bsc#1219170).
  • CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
  • CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
  • CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
  • CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
  • CVE-2024-26733: Fixed an overflow in arpreqget() in arp (bsc#1222585).

The following non-security bugs were fixed:

  • doc/README.SUSE: Update information about module support status (jsc#PED-5759)
  • fs,hugetlb: fix NULL pointer dereference in hugetlbsfillsuper (bsc#1219264).
  • group-source-files.pl: Quote filenames (boo#1221077).
  • mm: fix guppudrange (bsc#1220824).
  • tty: ngsm: require CAPNETADMIN to attach NGSM0710 ldisc (bsc#1222619).
  • usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes). Altered because 5.3 does not do SSP
References

Affected packages

SUSE:Linux Enterprise Micro 5.1 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.166.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.3.18-150300.166.1",
            "kernel-rt": "5.3.18-150300.166.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.1 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.166.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.3.18-150300.166.1",
            "kernel-rt": "5.3.18-150300.166.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.166.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.3.18-150300.166.1",
            "kernel-rt": "5.3.18-150300.166.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.166.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.3.18-150300.166.1",
            "kernel-rt": "5.3.18-150300.166.1"
        }
    ]
}