SUSE-SU-2024:2360-1

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
• CVE-2021-47191: Fix out-of-bound read in resp_readcap16() (bsc#1222866).
• CVE-2021-47267: usb: fix various gadget panics on 10gbps cabling (bsc#1224993).
• CVE-2021-47270: usb: fix various gadgets null ptr deref on 10gbps cabling (bsc#1224997).
• CVE-2021-47293: net/sched: act_skbmod: Skip non-Ethernet packets (bsc#1224978).
• CVE-2021-47294: netrom: Decrease sock refcount when sock timers expire (bsc#1224977).
• CVE-2021-47297: net: fix uninit-value in caifseqpktsendmsg (bsc#1224976).
• CVE-2021-47309: net: validate lwtstate->data before returning from skbtunnelinfo() (bsc#1224967).
• CVE-2021-47354: drm/sched: Avoid data corruptions (bsc#1225140)
• CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
• CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
• CVE-2021-47407: KVM: x86: Handle SRCU initialization failure during page track init (bsc#1225306).
• CVE-2021-47418: netsched: fix NULL deref in fifoset_limit() (bsc#1225337).
• CVE-2021-47434: xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1225232).
• CVE-2021-47445: drm/msm: Fix null pointer dereference on pointer edp (bsc#1225261)
• CVE-2021-47518: nfc: fix potential NULL pointer deref in nfcgenldumpsesdone (bsc#1225372).
• CVE-2021-47544: tcp: fix page frag corruption on page fault (bsc#1225463).
• CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
• CVE-2021-47571: staging: rtl8192e: Fix use after free in rtl92epci_disconnect() (bsc#1225518).
• CVE-2021-47587: net: systemport: Add global locking for descriptor lifecycle (bsc#1226567).
• CVE-2021-47602: mac80211: track only QoS data frames for admission control (bsc#1226554).
• CVE-2021-47609: firmware: arm_scpi: Fix string overflow in SCPI genpd driver (bsc#1226562)
• CVE-2022-48732: drm/nouveau: fix off by one in BIOS boundary checking (bsc#1226716)
• CVE-2022-48733: btrfs: fix use-after-free after failure to create a snapshot (bsc#1226718).
• CVE-2022-48740: selinux: fix double free of cond_list on error paths (bsc#1226699).
• CVE-2022-48743: net: amd-xgbe: Fix skb data length underflow (bsc#1226705).
• CVE-2022-48756: drm/msm/dsi: invalid parameter check in msmdsiphy_enable (bsc#1226698)
• CVE-2022-48759: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (bsc#1226711).
• CVE-2022-48761: usb: xhci-plat: fix crash when suspend if remote wake enable (bsc#1226701).
• CVE-2022-48772: media: lgdt3306a: Add a check against null-pointer-def (bsc#1226976).
• CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
• CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in updateeventsin_group() (bsc#1224504).
• CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
• CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow() (bsc#1225487).
• CVE-2023-52754: media: imon: fix access to invalid resource for the second interface (bsc#1225490).
• CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
• CVE-2023-52762: virtio-blk: fix implicit overflow on virtiomaxdma_size (bsc#1225573).
• CVE-2023-52764: media: gspca: cpia1: shift-out-of-bounds in set_flicker (bsc#1225571).
• CVE-2023-52784: bonding: stop the device in bondsetupby_slave() (bsc#1224946).
• CVE-2023-52832: wifi: mac80211: do not return unset power in ieee80211gettx_power() (bsc#1225577).
• CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599).
• CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
• CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
• CVE-2023-52845: tipc: Change nlapolicy for bearer-related names to NLANUL_STRING (bsc#1225585).
• CVE-2023-52855: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (bsc#1225583).
• CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
• CVE-2024-26633: ip6tunnel: fix NEXTHDRFRAGMENT handling in ip6tnlparsetlvenc_lim() (bsc#1221647).
• CVE-2024-26641: ip6tunnel: make sure to pull inner header in _ip6tnlrcv() (bsc#1221654).
• CVE-2024-26679: Fixed read sk->skfamily once in inetrecv_error() (bsc#1222385).
• CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
• CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
• CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809).
• CVE-2024-26863: hsr: Fix uninit-value access in hsrgetnode() (bsc#1223021).
• CVE-2024-26894: ACPI: processoridle: Fix memory leak in acpiprocessorpowerexit() (bsc#1223043).
• CVE-2024-26923: Fixed false-positive lockdep splat for spinlock() in _unix_gc() (bsc#1223384).
• CVE-2024-26928: Fixed potential UAF in cifsdebugfilesprocshow() (bsc#1223532).
• CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (git-fixesbsc#1223641).
• CVE-2024-27399: Bluetooth: l2cap: fix null-ptr-deref in l2capchantimeout (bsc#1224177).
• CVE-2024-27410: Reject iftype change with mesh ID change (bsc#1224432).
• CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
• CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
• CVE-2024-35822: usb: udc: remove warning when queue disabled ep (bsc#1224739).
• CVE-2024-35835: net/mlx5e: fix a double-free in arfscreategroups (bsc#1224605).
• CVE-2024-35862: Fixed potential UAF in smb2isnetworknamedeleted() (bsc#1224764).
• CVE-2024-35863: Fixed potential UAF in isvalidoplock_break() (bsc#1224763).
• CVE-2024-35864: Fixed potential UAF in smb2isvalidleasebreak() (bsc#1224765).
• CVE-2024-35865: Fixed potential UAF in smb2isvalidoplockbreak() (bsc#1224668).
• CVE-2024-35867: Fixed potential UAF in cifsstatsproc_show() (bsc#1224664).
• CVE-2024-35868: Fixed potential UAF in cifsstatsproc_write() (bsc#1224678).
• CVE-2024-35870: Fixed UAF in smb2reconnectserver() (bsc#1224672).
• CVE-2024-35886: ipv6: Fix infinite recursion in fib6dumpdone() (bsc#1224670).
• CVE-2024-35922: fbmon: prevent division by zero in fbvideomodefrom_videomode() (bsc#1224660)
• CVE-2024-35925: block: prevent division by zero in blkrqstat_sum() (bsc#1224661).
• CVE-2024-35930: scsi: lpfc: Fix possible memory leak in lpfcrcvpadisc() (bsc#1224651).
• CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
• CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
• CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
• CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
• CVE-2024-35976: Validate user input for XDP{UMEM|COMPLETION}FILL_RING (bsc#1224575).
• CVE-2024-35979: raid1: fix use-after-free for original bio in raid1writerequest() (bsc#1224572).
• CVE-2024-35997: Remove I2CHIDREAD_PENDING flag to prevent lock-up (bsc#1224552).
• CVE-2024-35998: Fixed lock ordering potential deadlock in cifssyncmid_result (bsc#1224549).
• CVE-2024-36016: tty: ngsm: fix possible out-of-bounds in gsm0receive() (bsc#1225642).
• CVE-2024-36017: rtnetlink: Correct nested IFLAVFVLAN_LIST attribute validation (bsc#1225681).
• CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
• CVE-2024-36592: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1225898).
• CVE-2024-36880: Bluetooth: qca: add missing firmware sanity checks (bsc#1225722).
• CVE-2024-36894: usb: gadget: ffs: Fix race between aiocancel() and AIO request complete (bsc#1225749).
• CVE-2024-36915: nfc: llcp: fix nfcllcpsetsockopt() unsafe copies (bsc#1225758).
• CVE-2024-36917: block: fix overflow in blkioctldiscard() (bsc#1225770).
• CVE-2024-36919: scsi: bnx2fc: Remove spinlockbh while releasing resources after upload (bsc#1225767).
• CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
• CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
• CVE-2024-36938: Fixed NULL pointer dereference in skpsockskbingressenqueue (bsc#1225761).
• CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
• CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
• CVE-2024-36950: firewire: ohci: mask bus reset interrupts between ISR and bottom half (bsc#1225895).
• CVE-2024-36960: drm/vmwgfx: Fix invalid reads in fence signaled events (bsc#1225872)
• CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
• CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
• CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
• CVE-2024-38544: RDMA/rxe: Fix seg fault in rxecompqueue_pkt (bsc#1226597)
• CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
• CVE-2024-38546: drm: vc4: Fix possible null pointer dereference (bsc#1226593).
• CVE-2024-38549: drm/mediatek: Add 0 size check to mtkdrmgem_obj (bsc#1226735)
• CVE-2024-38552: drm/amd/display: Fix potential index out of bounds in color (bsc#1226767)
• CVE-2024-38553: net: fec: remove .ndopollcontroller to avoid deadlock (bsc#1226744).
• CVE-2024-38565: wifi: ar5523: enable proper endpoint verification (bsc#1226747).
• CVE-2024-38567: wifi: carl9170: add a proper sanity check for endpoints (bsc#1226769).
• CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634.
• CVE-2024-38579: crypto: bcm - Fix pointer arithmetic (bsc#1226637).
• CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
• CVE-2024-38597: eth: sungem: remove .ndopollcontroller to avoid deadlocks (bsc#1226749).
• CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
• CVE-2024-38618: ALSA: timer: Set lower bound of start tick time (bsc#1226754).
• CVE-2024-38621: media: stk1160: fix bounds checking in stk1160copyvideo() (bsc#1226895).
• CVE-2024-38627: stm class: Fix a double free in stmregisterdevice() (bsc#1226857).
• CVE-2024-38659: enic: Validate length of nl attributes in enicsetvf_port (bsc#1226883).
• CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
• CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from syncprintobj() (bsc#1226886).

The following non-security bugs were fixed:

• Btrfs: bail out on error during replaydirdeletes (git-fixes)
• Btrfs: clean up resources during umount after trans is aborted (git-fixes)
• Btrfs: fix NULL pointer dereference in logdiritems (git-fixes)
• Btrfs: fix memory and mount leak in btrfsioctlrmdevv2() (git-fixes)
• Btrfs: fix unexpected EEXIST from btrfsgetextent (git-fixes)
• Btrfs: send, fix issuing write op when processing hole in no data mode (git-fixes)
• Fix compilation
• KVM: allow KVMBUG/KVMBUG_ON to handle 64-bit cond (git-fixes).
• NFSv4: Always clear the pNFS layout when handling ESTALE (bsc#1221791).
• NFSv4: nfssetopen_stateid must not trigger state recovery for closed state (bsc#1221791).
• PNFS for stateid errors retry against MDS first (bsc#1221791).
• RDMA/mlx5: Add check for srq max_sge attribute (git-fixes)
• USB: serial: option: add Foxconn T99W265 with new baseline (git-fixes).
• USB: serial: option: add Quectel EG912Y module support (git-fixes).
• USB: serial: option: add Quectel RM500Q R13 firmware support (git-fixes).
• arm64: asm-bug: Add .align 2 to the end of _BUGENTRY (git-fixes).
• blk-cgroup: Fix NULL deref caused by blkgpolicydata being installed before init (bsc#1216062 bsc#1225203).
• blk-cgroup: fix missing pdonlinefn() while activating policy (git-fixes bsc#1225203).
• blk-cgroup: support to track if policy is online (bsc#1216062 bsc#1225203).
• bpf, scripts: Correct GPL license name (git-fixes).
• bsc#1225894: Fix build warning
• btrfs: add barriers to btrfssynclog before logcommitwait wakeups (git-fixes)
• btrfs: fix crash when trying to resume balance without the resume flag (git-fixes)
• btrfs: fix describe_relocation when printing unknown flags (git-fixes)
• btrfs: fix false EIO for missing device (git-fixes)
• btrfs: tree-check: reduce stack consumption in checkdiritem (git-fixes)
• btrfs: use correct compare function of dirtymetadatabytes (git-fixes)
• drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
• fix compat handling of FICLONERANGE, FIDEDUPERANGE and FSIOCFIEMAP (bsc#1225848).
• fs: make fiemap work from compat_ioctl (bsc#1225848).
• iommu/amd: Fix sysfs leak in iommu init (git-fixes).
• iommu/vt-d: Allocate local memory for page request queue (git-fixes).
• ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
• kabi: blkcgpolicydata fix KABI (bsc#1216062 bsc#1225203).
• mkspec-dtb: add toplevel symlinks also on arm
• net: hsr: fix placement of logical operator in a multi-line statement (bsc#1223021).
• net: usb: rtl8150 fix unintiatilzed variables in rtl8150getlink_ksettings (git-fixes).
• net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes).
• nfsd: optimise recalculatedenymode() for a common case (bsc#1217912).
• nvmet: fix ns enable/disable possible hang (git-fixes).
• ocfs2: adjust enabling place for la window (bsc#1219224).
• ocfs2: fix sparse warnings (bsc#1219224).
• ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
• ocfs2: speed up chain-list searching (bsc#1219224).
• rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build.
• rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter.
• rpm/kernel-obs-build.spec.in: Include algifhash, aegis128 and xts modules afgifhash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable.
• rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 By commit 724ba6751532 ('ARM: dts: Move .dts files to vendor sub-directories'). So switch to them.
• scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
• scsi: 53c700: Check that command slot is not NULL (git-fixes).
• scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
• scsi: be2iscsi: Fix a memleak in beiscsiinitwrb_handle() (git-fixes).
• scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes).
• scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
• scsi: core: Decrease scsidevice's iorequestcnt if dispatch failed (git-fixes).
• scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
• scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
• scsi: csiostor: Avoid function pointer casts (git-fixes).
• scsi: isci: Fix an error code problem in isciiorequest_build() (git-fixes).
• scsi: iscsi: Add length check for nlattr payload (git-fixes).
• scsi: iscsi: Add strlen() check in iscsiifset{host}param() (git-fixes).
• scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
• scsi: libfc: Fix potential NULL pointer dereference in fclportptp_setup() (git-fixes).
• scsi: libsas: Add a helper sasgetsasaddranddevtype() (git-fixes).
• scsi: libsas: Fix disk not being scanned in after being removed (git-fixes).
• scsi: libsas: Introduce struct smpdiscresp (git-fixes).
• scsi: lpfc: Correct size for wqe for memset() (git-fixes).
• scsi: lpfc: Fix double free in lpfccmplelslogoacc() caused by lpfcnlpnot_used() (git-fixes).
• scsi: lpfc: Fix the NULL vs ISERR() bug for debugfscreate_file() (git-fixes).
• scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes).
• scsi: mpt3sas: Fix in error path (git-fixes).
• scsi: mpt3sas: Fix loop logic (git-fixes).
• scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes).
• scsi: qedf: Do not touch _user pointer in qedfdbgdebugcmd_read() directly (git-fixes).
• scsi: qedf: Do not touch _user pointer in qedfdbgfpintcmdread() directly (git-fixes).
• scsi: qedf: Do not touch _user pointer in qedfdbgstopioonerrorcmdread() directly (git-fixes).
• scsi: qedf: Fix NULL dereference in error handling (git-fixes).
• scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
• scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
• scsi: qedi: Fix potential deadlock on &qedipercpu->pwork_lock (git-fixes).
• scsi: qla2xxx: Fix off by one in qlaedifapp_getstats() (git-fixes).
• scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
• scsi: snic: Fix double free in snictgtcreate() (git-fixes).
• scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
• scsi: stex: Fix gcc 13 warnings (git-fixes).
• scsi: target: core: Add TMF to tmr_list handling (bsc#1223018).
• usb: port: Do not try to peer unused USB ports based on location (git-fixes).
• usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
• x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).