SUSE-SU-2024:1647-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20241647-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1647-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:1647-1
Related
Published
2024-05-14T14:30:56Z
Modified
2024-05-14T14:30:56Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
  • CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
  • CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
  • CVE-2024-23848: Fixed media/cec for possible use-after-free in cecqueuemsg_fh (bsc#1219104).
  • CVE-2022-48662: Fixed a general protection fault (GPF) in i915perfopen_ioctl (bsc#1223505).
  • CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
  • CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpiecinit (bsc#1221612).
  • CVE-2024-26816: Fixed relocations in .notes section when building with CONFIGXENPV=y by ignoring them (bsc#1222624).
  • CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
  • CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
  • CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
  • CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
  • CVE-2024-26764: Fixed IOCBAIORW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
  • CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4mbtrybestfound() (bsc#1222618).
  • CVE-2024-26766: Fixed SDMA off-by-one error in padsdmatxdescs() (bsc#1222726).
  • CVE-2024-26689: Fixed a use-after-free in encodecapmsg() (bsc#1222503).
  • CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
  • CVE-2023-52500: Fixed information leaking when processing OPCINBSETCONTROLLERCONFIG command (bsc#1220883).
  • CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
  • CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
  • CVE-2023-7192: Fixed a memory leak problem in ctnetlinkcreateconntrack in net/netfilter/nfconntracknetlink.c (bsc#1218479).
  • CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
  • CVE-2023-52607: Fixed NULL pointer dereference in pgtablecacheadd kasprintf() (bsc#1221061).
  • CVE-2023-7042: Fixed a null-pointer-dereference in ath10kwmitlvoppullmgmttxcomplev() (bsc#1218336).
  • CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).

The following non-security bugs were fixed:

  • Call flushdelayedfput() from nfsd main-loop (bsc#1223380).
  • ibmvfc: make 'max_sectors' a module option (bsc#1216223).
  • scsi: Update maxhwsectors on rescan (bsc#1216223).
References

Affected packages

SUSE:Linux Enterprise Micro 5.3 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.79.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.79.1",
            "kernel-rt": "5.14.21-150400.15.79.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.79.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.79.1",
            "kernel-rt": "5.14.21-150400.15.79.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.79.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.79.1",
            "kernel-rt": "5.14.21-150400.15.79.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.79.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.79.1",
            "kernel-rt": "5.14.21-150400.15.79.1"
        }
    ]
}

openSUSE:Leap Micro 5.3 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.79.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.14.21-150400.15.79.1"
        }
    ]
}

openSUSE:Leap Micro 5.4 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.79.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.14.21-150400.15.79.1"
        }
    ]
}