SUSE-SU-2024:1983-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1983-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:1983-1
Related
Published
2024-06-11T10:56:58Z
Modified
2024-06-11T10:56:58Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
  • CVE-2022-48686: Fix UAF when detecting digest errors (bsc#1223948).
  • CVE-2021-47074: Fixed memory leak in nvmeloopcreate_ctrl() (bsc#1220854).
  • CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201).
  • CVE-2022-48697: Fix a use-after-free (bsc#1223922).
  • CVE-2024-26846: Do not wait in vain when unloading module (bsc#1223023).
  • CVE-2021-47496: Fix flipped sign in tlserrabort() calls (bsc#1225354)
  • CVE-2023-42755: Check user supplied offsets (bsc#1215702).
  • CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747).
  • CVE-2023-52796: Add ipvlanroutev6_outbound() helper (bsc#1224930).
  • CVE-2021-47246: Fix page reclaim for dead peer hairpin (bsc#1224831).
  • CVE-2023-52732: Blocklist the kclient when receiving corrupted snap trace (bsc#1225222).
  • CVE-2024-35936: Add missing mutexunlock in btrfsrelocatesyschunks() (bsc#1224644)
  • CVE-2021-47548: Fixed a possible array out-of-bounds (bsc#1225506)
  • CVE-2024-36029: Pervent access to suspended controller (bsc#1225708)
  • CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
  • CVE-2021-47352: Add validation for used length (bsc#1225124).
  • CVE-2023-52698: Fixed memory leak in netlblcalipsoadd_pass() (bsc#1224621)
  • CVE-2021-47431: Fix gart.bo pin_count leak (bsc#1225390).
  • CVE-2024-35935: Handle path ref underflow in header iterateinoderef() (bsc#1224645)
  • CVE-2024-26828: Fixed underflow in parseserverinterfaces() (bsc#1223084).
  • CVE-2021-47423: Fix file release memory leak (bsc#1225366).
  • CVE-2022-48710: Fix a possible null pointer dereference (bsc#1225230).
  • CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355).
  • CVE-2024-35932: Do not check if plane->state->fb == state->fb (bsc#1224650).
  • CVE-2021-47500: Fixed trigger reference couting (bsc#1225360).
  • CVE-2024-35809: Drain runtime-idle callbacks before driver removal (bsc#1224738).
  • CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208).
  • CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411).
  • CVE-2021-47509: Limit the period size to 16MB (bsc#1225409).
  • CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525).
  • CVE-2024-35982: Avoid infinite loop trying to resize local TT (bsc#1224566)
  • CVE-2024-35969: Fixed race condition between ipv6getifaddr and ipv6deladdr (bsc#1224580).
  • CVE-2021-47277: Avoid speculation-based attacks from out-of-range memslot accesses (bsc#1224960).
  • CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svmregisterenc_region() (bsc#1224725).
  • CVE-2021-47401: Fix stack information leak (bsc#1225242).
  • CVE-2023-52867: Fix possible buffer overflow (bsc#1225009).
  • CVE-2023-52821: Fix a possible null pointer dereference (bsc#1225022).
  • CVE-2021-47265: Verify port when creating flow rule (bsc#1224957)
  • CVE-2021-47362: Update intermediate power state for SI (bsc#1225153).
  • CVE-2021-47361: Fix error handling in mcballocbus() (bsc#1225151).
  • CVE-2023-52864: Fix opening of char device (bsc#1225132).
  • CVE-2022-48708: Fix potential NULL dereference (bsc#1224942).
  • CVE-2024-35944: Fixed memcpy() run-time warning in dgdispatchas_host() (bsc#1224648).
  • CVE-2021-47238: Fix memory leak in ipmcadd1_src (bsc#1224847)
  • CVE-2023-52730: Fix possible resource leaks in some error paths (bsc#1224956).
  • CVE-2021-47355: Fix possible use-after-free in nicstar_cleanup() (bsc#1225141).
  • CVE-2021-47245: Fix out of bounds when parsing TCP options (bsc#1224838)
  • CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671).
  • CVE-2023-52747: Restore allocated resources on failed copyout (bsc#1224931)
  • CVE-2021-47249: Fix memory leak in rds_recvmsg (bsc#1224880)
  • CVE-2021-47397: Break out if skbheaderpointer returns NULL in sctprcvootb (bsc#1225082)
  • CVE-2021-47250: Fix memory leak in netlblcipsov4add_std (bsc#1224827)
  • CVE-2024-35849: Fix information leak in btrfsioctllogicaltoino() (bsc#1224733).
  • CVE-2024-27436: Stop parsing channels bits when all channels are found (bsc#1224803).
  • CVE-2021-47281: Fix race of sndseqtimer_open() (bsc#1224983).
  • CVE-2024-35789: Clear fast rx for non-4addr sta VLAN changes (bsc#1224749).
  • CVE-2024-35830: Register v4l2 async device only after successful setup (bsc#1224680).
  • CVE-2021-47334: Fix two use after free in ibmasminitone (bsc#1225112).
  • CVE-2021-47357: Fix possible use-after-free in iamoduleexit() (bsc#1225144).
  • CVE-2023-52875: Add check for mtkallocclk_data (bsc#1225096).
  • CVE-2023-52865: Add check for mtkallocclk_data (bsc#1225086).
  • CVE-2024-35887: Fix use-after-free bugs caused by ax25dsdel_timer (bzg#1224663)
  • CVE-2021-47483: Fixed possible double-free in regcacherbtreeexit() (bsc#1224907).
  • CVE-2024-26957: Fix reference counting on zcrypt card objects (bsc#1223666).
  • CVE-2023-52691: Fix a double-free in sidpminit (bsc#1224607).
  • CVE-2024-27398: Fixed use-after-free bugs caused by scosocktimeout (bsc#1224174).
  • CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081).
  • CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
  • CVE-2024-26984: Fix instmem race condition around ptr stores (bsc#1223633)
  • CVE-2021-46933: Fixed possible underflow in ffsdataclear() (bsc#1220487).
  • CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096).
  • CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
  • CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046).
  • CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181).
  • CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627).
  • CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653).
  • CVE-2022-48704: Add a force flush to delay work when radeon (bsc#1223932)
  • CVE-2021-47206: Check return value after calling platformgetresource() (bsc#1222894).
  • CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207)
  • CVE-2024-26996: Fix UAF ncm object at re-bind after usb ep transport error (bsc#1223752).
  • CVE-2024-26874: Fix a null pointer crash in mtkdrmcrtcfinishpage_flip (bsc#1223048)
  • CVE-2022-48702: Fix out of bounds access in sndemu10k1pcmchannelalloc() (bsc#1223923).
  • CVE-2022-48672: Fix off-by-one error in unflattendtnodes() (bsc#1223931).
  • CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543).
  • CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793)
  • CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545).
  • CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513).
  • CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctpautoasconf_init in net/sctp/socket.c (bsc#1218917).
  • CVE-2024-27008: Fix out of bounds access (bsc#1223802).
  • CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119).
  • CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).

The following non-security bugs were fixed:

  • afunix: annote lockless accesses to unixtotinflight & gcin_progress (bsc#1223384).
  • afunix: Do not use atomic ops for unixsk(sk)->inflight (bsc#1223384).
  • afunix: Replace BUGON() with WARNONONCE() (bsc#1223384).
  • ASoC: tracing: Export SNDSOCDAPMDIROUT to its value (git-fixes).
  • assocarray: Fix BUGON during garbage collect.
  • autofs: fix a leak in autofsexpireindirect() (git-fixes)
  • Bluetooth: btusb: Some Qualcomm Bluetooth adapters stop working (git-fixes).
  • btrfs: avoid null pointer dereference on fsinfo when calling btrfscrit (git-fixes)
  • btrfs: check if root is readonly while setting security xattr (git-fixes)
  • btrfs: defrag: use btrfsmodoutstandingextents in clusterpagesfordefrag (git-fixes)
  • btrfs: do not get an EINTR during drop_snapshot for reloc (git-fixes)
  • btrfs: do not stop integrity writeback too early (git-fixes)
  • btrfs: Explicitly handle btrfsupdateroot failure (git-fixes)
  • btrfs: fail mount when sb flag is not in BTRFSSUPERFLAG_SUPP (git-fixes)
  • btrfs: fix btrfsprevleaf() to not return the same key twice (git-fixes)
  • btrfs: fix deadlock when writing out space cache (git-fixes)
  • Btrfs: fix incorrect {node,sector}size endianness from BTRFSIOCFS_INFO (git-fixes)
  • btrfs: fix lockdep splat and potential deadlock after failure running delayed items (git-fixes)
  • btrfs: fix lost error handling when looking up extended ref on log replay (git-fixes)
  • btrfs: Fix NULL pointer exception in findbiostripe (git-fixes)
  • btrfs: Fix out of bounds access in btrfssearchslot (git-fixes)
  • btrfs: fix race when deleting quota root from the dirty cow roots list (git-fixes)
  • btrfs: fix rangeend calculation in extentwritelockedrange (git-fixes)
  • btrfs: fix return value mixup in btrfsgetextent (git-fixes)
  • btrfs: fix unaligned access in readdir (git-fixes)
  • btrfs: limit device extents to the device size (git-fixes)
  • btrfs: prevent to set invalid default subvolid (git-fixes)
  • btrfs: record delayed inode root in transaction (git-fixes)
  • btrfs: scrub: reject unsupported scrub flags (git-fixes)
  • btrfs: send: ensure send_fd is writable (git-fixes)
  • btrfs: send: in case of IO error log it (git-fixes)
  • btrfs: send: limit number of clones and allocated memory size (git-fixes)
  • btrfs: sysfs: use NOFS for device creation (git-fixes) Adjustment: add #include
  • btrfs: tree-checker: add missing return after error in root_item (git-fixes)
  • btrfs: tree-checker: add missing returns after data_ref alignment checks (git-fixes)
  • btrfs: tree-checker: do not error out if extent ref hash does not match (git-fixes)
  • btrfs: tree-checker: fix inline ref size in error messages (git-fixes)
  • btrfs: tree-checker: Fix misleading group system information (git-fixes)
  • btrfs: undo writable superblocke when sprouting fails (git-fixes)
  • btrfs: validate qgroup inherit for SNAPCREATEV2 ioctl (git-fixes)
  • ecryptfs: fix a memory leak bug in ecryptfsinitmessaging() (git-fixes)
  • ecryptfs: fix a memory leak bug in parsetag1_packet() (git-fixes)
  • ecryptfs: fix kernel panic with null dev_name (git-fixes)
  • ecryptfs: Fix typo in message (git-fixes)
  • epcreatewakeup_source(): dentry name can change under you (git-fixes)
  • exportfsdecodefh(): negative pinned may become positive without the parent locked (git-fixes)
  • fs/proc/procsysctl.c: fix the default values of iuid/i_gid on /proc/sys inodes (git-fixes)
  • fscrypt: clean up some BUG_ON()s in block encryption/decryption (git-fixes)
  • ila: do not generate empty messages in ilaxlatnlcmdget_mapping() (git-fixes).
  • ipv4, ipv6: Fix handling of transhdrlen in _ip{,6}append_data() (git-fixes).
  • kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes).
  • KVM: s390: Check kvm pointer when testing KVMCAPS390HPAGE1M (git-fixes bsc#1225059).
  • l2tp: pass correct message length to ip6appenddata (git-fixes).
  • lib/mpi: use kcalloc in mpi_resize (git-fixes).
  • list: fix a data-race around ep->rdllist (git-fixes).
  • net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes).
  • net: tcp: fix unexcepted socket die when snd_wnd is 0 (git-fixes).
  • net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes).
  • net: usb: smsc95xx: stop lying about skb->truesize (git-fixes).
  • net: usb: sr9700: stop lying about skb->truesize (git-fixes).
  • net: vmxnet3: Fix NULL pointer dereference in vmxnet3rqrx_complete() (bsc#1223360).
  • net/smc: fix fallback failed while sendmsg with fastopen (git-fixes).
  • net/tls: Remove the context from the list in tlsdevicedown (bsc#1221545).
  • netfilter: nfqueue: augment nfqacfg_policy (git-fixes).
  • netfilter: nft_compat: explicitly reject ERROR and standard target (git-fixes).
  • netfilter: x_tables: set module owner for icmp(6) matches (git-fixes).
  • nfc: change order inside nfcseio error path (git-fixes).
  • powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes).
  • ppdev: Add an error check in register_device (git-fixes).
  • printk: Disable passing console lock owner completely during panic() (bsc#1197894).
  • printk: Update @consolemayschedule in consoletrylockspinning() (bsc#1223969).
  • rds: avoid unenecessary cong_update in loop transport (git-fixes).
  • rds: ib: Fix missing call to rdsibdevput in rdsibsetupqp (git-fixes).
  • ring-buffer: Clean ringbufferpoll_wait() error return (git-fixes).
  • ring-buffer: Fix a race between readers and resize checks (bsc#1222893).
  • rxrpc: Do not put crypto buffers on the stack (git-fixes).
  • rxrpc: Fix a memory leak in rxkadverifyresponse() (git-fixes).
  • rxrpc: Provide a different lockdep key for call->user_mutex for kernel calls (git-fixes).
  • rxrpc: The mutex lock returned by rxrpcacceptcall() needs releasing (git-fixes).
  • rxrpc: Work around usercopy check (git-fixes).
  • s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224347).
  • s390/pci: fix max size calculation in zpcimemcpytoio() (git-fixes bsc#1225062).
  • tcp: tcpmakesynack() can be called from process context (git-fixes).
  • tls: Fix context leak on tlsdevicedown (bsc#1221545).
  • tracing: Fix blocked reader of snapshot buffer (git-fixes).
  • tracing: hide unused ftraceeventid_fops (git-fixes).
  • tracing: Use .flush() call to wake up readers (git-fixes).
  • tracing: Use strncpy instead of memcpy when copying comm in trace.c (git-fixes).
  • tty/sysrq: replace smpprocessorid() with get_cpu() (bsc#1223540).
  • usb: aqc111: stop lying about skb->truesize (git-fixes).
  • wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
  • wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.188.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.188.1",
            "dlm-kmp-rt": "4.12.14-10.188.1",
            "gfs2-kmp-rt": "4.12.14-10.188.1",
            "kernel-rt_debug": "4.12.14-10.188.1",
            "kernel-rt-devel": "4.12.14-10.188.1",
            "cluster-md-kmp-rt": "4.12.14-10.188.1",
            "kernel-rt_debug-devel": "4.12.14-10.188.1",
            "kernel-source-rt": "4.12.14-10.188.1",
            "kernel-rt": "4.12.14-10.188.1",
            "ocfs2-kmp-rt": "4.12.14-10.188.1",
            "kernel-syms-rt": "4.12.14-10.188.1",
            "kernel-rt-base": "4.12.14-10.188.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
purl:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.188.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.188.1",
            "dlm-kmp-rt": "4.12.14-10.188.1",
            "gfs2-kmp-rt": "4.12.14-10.188.1",
            "kernel-rt_debug": "4.12.14-10.188.1",
            "kernel-rt-devel": "4.12.14-10.188.1",
            "cluster-md-kmp-rt": "4.12.14-10.188.1",
            "kernel-rt_debug-devel": "4.12.14-10.188.1",
            "kernel-source-rt": "4.12.14-10.188.1",
            "kernel-rt": "4.12.14-10.188.1",
            "ocfs2-kmp-rt": "4.12.14-10.188.1",
            "kernel-syms-rt": "4.12.14-10.188.1",
            "kernel-rt-base": "4.12.14-10.188.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.188.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.188.1",
            "dlm-kmp-rt": "4.12.14-10.188.1",
            "gfs2-kmp-rt": "4.12.14-10.188.1",
            "kernel-rt_debug": "4.12.14-10.188.1",
            "kernel-rt-devel": "4.12.14-10.188.1",
            "cluster-md-kmp-rt": "4.12.14-10.188.1",
            "kernel-rt_debug-devel": "4.12.14-10.188.1",
            "kernel-source-rt": "4.12.14-10.188.1",
            "kernel-rt": "4.12.14-10.188.1",
            "ocfs2-kmp-rt": "4.12.14-10.188.1",
            "kernel-syms-rt": "4.12.14-10.188.1",
            "kernel-rt-base": "4.12.14-10.188.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
purl:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.188.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.188.1",
            "dlm-kmp-rt": "4.12.14-10.188.1",
            "gfs2-kmp-rt": "4.12.14-10.188.1",
            "kernel-rt_debug": "4.12.14-10.188.1",
            "kernel-rt-devel": "4.12.14-10.188.1",
            "cluster-md-kmp-rt": "4.12.14-10.188.1",
            "kernel-rt_debug-devel": "4.12.14-10.188.1",
            "kernel-source-rt": "4.12.14-10.188.1",
            "kernel-rt": "4.12.14-10.188.1",
            "ocfs2-kmp-rt": "4.12.14-10.188.1",
            "kernel-syms-rt": "4.12.14-10.188.1",
            "kernel-rt-base": "4.12.14-10.188.1"
        }
    ]
}