SUSE-SU-2024:2902-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:2902-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:2902-1
Related
Published
2024-08-14T07:25:23Z
Modified
2024-08-14T07:25:23Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
  • CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
  • CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
  • CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
  • CVE-2024-40994: ptp: fix integer overflow in maxvclocksstore (bsc#1227829).
  • CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
  • CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
  • CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
  • CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
  • CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irqprocesswork_list (bsc#1227810).
  • CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
  • CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
  • CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
  • CVE-2021-47598: schcake: do not call cakedestroy() from cake_init() (bsc#1226574).
  • CVE-2024-40937: gve: Clear napi->skb before devkfreeskb_any() (bsc#1227836).
  • CVE-2024-35901: net: mana: Fix Rx DMA datasize and skboverpanic (bsc#1224495).
  • CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
  • CVE-2024-36974: net/sched: taprio: always validate TCATAPRIOATTR_PRIOMAP (bsc#1226519).
  • CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).

The following non-security bugs were fixed:

  • NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
  • NFS: Reduce use of uncached readdir (bsc#1226662).
  • NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863).
  • X.509: Fix the parser of extended key usage for length (bsc#1218820).
  • btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
  • cgroup/cpuset: Prevent UAF in proccpusetshow() (bsc#1228801).
  • jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
  • kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
  • kernel-binary: vdso: Own module_dir
  • net/dcb: check for detached device before executing callbacks (bsc#1215587).
  • ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
  • powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
  • powerpc/rtas: clean up includes (bsc#1227487).
  • workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
  • workqueue: wqwatchdogtouch is always called with valid CPU (bsc#1193454).
References

Affected packages

SUSE:Linux Enterprise Micro 5.3 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.88.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.88.1",
            "kernel-rt": "5.14.21-150400.15.88.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.88.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.88.1",
            "kernel-rt": "5.14.21-150400.15.88.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.88.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.88.1",
            "kernel-rt": "5.14.21-150400.15.88.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.88.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.88.1",
            "kernel-rt": "5.14.21-150400.15.88.1"
        }
    ]
}