SUSE-SU-2024:3225-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3225-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:3225-1
Related
Published
2024-09-12T12:12:38Z
Modified
2024-09-12T12:12:38Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
  • CVE-2022-48919: Fix double free race when mount fails in cifsgetroot() (bsc#1229657).
  • CVE-2023-52854: Fix refcnt handling in padatafreeshell() (bsc#1225584).
  • CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
  • CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).
  • CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
  • CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
  • CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
  • CVE-2022-48912: Fix use-after-free in _nfregisternethook() (bsc#1229641)
  • CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
  • CVE-2022-48873: Do not remove map on createrprocess and devicerelease (bsc#1229512).
  • CVE-2024-42271: Fixed a use after free in iucvsockclose(). (bsc#1229400)
  • CVE-2024-42232: Fixed a race between delayedwork() and cephmonc_stop(). (bsc#1228959)
  • CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
  • CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).

The following non-security bugs were fixed:

  • Bluetooth: L2CAP: Fix deadlock (git-fixes).
  • sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109).
References

Affected packages

SUSE:Linux Enterprise Micro 5.1 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.181.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.3.18-150300.181.2",
            "kernel-rt": "5.3.18-150300.181.2"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.1 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.181.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.3.18-150300.181.2",
            "kernel-rt": "5.3.18-150300.181.2"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.181.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.3.18-150300.181.2",
            "kernel-rt": "5.3.18-150300.181.2"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.181.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.3.18-150300.181.2",
            "kernel-rt": "5.3.18-150300.181.2"
        }
    ]
}