SUSE-SU-2024:3467-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3467-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:3467-1
- Related
- Published
- 2024-09-27T10:20:00Z
- Modified
- 2024-09-27T10:20:00Z
- Summary
- Security update for the Linux Kernel
- Details
-
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
- CVE-2022-48919: Fix double free race when mount fails in cifsgetroot() (bsc#1229657).
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-42232: Fixed a race between delayedwork() and cephmonc_stop(). (bsc#1228959)
The following non-security bugs were fixed:
- fuse: fix SetPageUptodate() condition in STORE (bsc#1229456).
- reiserfs: fix 'newinsertkey may be used uninitialized ...' (bsc#1228938).
- scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002)
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1/
- https://bugzilla.suse.com/1202346
- https://bugzilla.suse.com/1227985
- https://bugzilla.suse.com/1228002
- https://bugzilla.suse.com/1228938
- https://bugzilla.suse.com/1228959
- https://bugzilla.suse.com/1229454
- https://bugzilla.suse.com/1229456
- https://bugzilla.suse.com/1229503
- https://bugzilla.suse.com/1229657
- https://bugzilla.suse.com/1229707
- https://www.suse.com/security/cve/CVE-2022-20368
- https://www.suse.com/security/cve/CVE-2022-48791
- https://www.suse.com/security/cve/CVE-2022-48839
- https://www.suse.com/security/cve/CVE-2022-48919
- https://www.suse.com/security/cve/CVE-2024-42232
- https://www.suse.com/security/cve/CVE-2024-43882
- https://www.suse.com/security/cve/CVE-2024-43883
- https://www.suse.com/security/cve/CVE-2024-44947
Affected packages
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.162.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.162.1",
"kernel-ec2": "3.0.101-108.162.1",
"kernel-default": "3.0.101-108.162.1",
"kernel-source": "3.0.101-108.162.1",
"kernel-syms": "3.0.101-108.162.1",
"kernel-trace": "3.0.101-108.162.1",
"kernel-trace-devel": "3.0.101-108.162.1",
"kernel-ec2-devel": "3.0.101-108.162.1",
"kernel-ec2-base": "3.0.101-108.162.1",
"kernel-xen-devel": "3.0.101-108.162.1",
"kernel-xen-base": "3.0.101-108.162.1",
"kernel-trace-base": "3.0.101-108.162.1",
"kernel-xen": "3.0.101-108.162.1",
"kernel-default-devel": "3.0.101-108.162.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-ec2
Package
- Name
- kernel-ec2
- Purl
- purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.162.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.162.1",
"kernel-ec2": "3.0.101-108.162.1",
"kernel-default": "3.0.101-108.162.1",
"kernel-source": "3.0.101-108.162.1",
"kernel-syms": "3.0.101-108.162.1",
"kernel-trace": "3.0.101-108.162.1",
"kernel-trace-devel": "3.0.101-108.162.1",
"kernel-ec2-devel": "3.0.101-108.162.1",
"kernel-ec2-base": "3.0.101-108.162.1",
"kernel-xen-devel": "3.0.101-108.162.1",
"kernel-xen-base": "3.0.101-108.162.1",
"kernel-trace-base": "3.0.101-108.162.1",
"kernel-xen": "3.0.101-108.162.1",
"kernel-default-devel": "3.0.101-108.162.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.162.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.162.1",
"kernel-ec2": "3.0.101-108.162.1",
"kernel-default": "3.0.101-108.162.1",
"kernel-source": "3.0.101-108.162.1",
"kernel-syms": "3.0.101-108.162.1",
"kernel-trace": "3.0.101-108.162.1",
"kernel-trace-devel": "3.0.101-108.162.1",
"kernel-ec2-devel": "3.0.101-108.162.1",
"kernel-ec2-base": "3.0.101-108.162.1",
"kernel-xen-devel": "3.0.101-108.162.1",
"kernel-xen-base": "3.0.101-108.162.1",
"kernel-trace-base": "3.0.101-108.162.1",
"kernel-xen": "3.0.101-108.162.1",
"kernel-default-devel": "3.0.101-108.162.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-syms
Package
- Name
- kernel-syms
- Purl
- purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.162.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.162.1",
"kernel-ec2": "3.0.101-108.162.1",
"kernel-default": "3.0.101-108.162.1",
"kernel-source": "3.0.101-108.162.1",
"kernel-syms": "3.0.101-108.162.1",
"kernel-trace": "3.0.101-108.162.1",
"kernel-trace-devel": "3.0.101-108.162.1",
"kernel-ec2-devel": "3.0.101-108.162.1",
"kernel-ec2-base": "3.0.101-108.162.1",
"kernel-xen-devel": "3.0.101-108.162.1",
"kernel-xen-base": "3.0.101-108.162.1",
"kernel-trace-base": "3.0.101-108.162.1",
"kernel-xen": "3.0.101-108.162.1",
"kernel-default-devel": "3.0.101-108.162.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-trace
Package
- Name
- kernel-trace
- Purl
- purl:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.162.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.162.1",
"kernel-ec2": "3.0.101-108.162.1",
"kernel-default": "3.0.101-108.162.1",
"kernel-source": "3.0.101-108.162.1",
"kernel-syms": "3.0.101-108.162.1",
"kernel-trace": "3.0.101-108.162.1",
"kernel-trace-devel": "3.0.101-108.162.1",
"kernel-ec2-devel": "3.0.101-108.162.1",
"kernel-ec2-base": "3.0.101-108.162.1",
"kernel-xen-devel": "3.0.101-108.162.1",
"kernel-xen-base": "3.0.101-108.162.1",
"kernel-trace-base": "3.0.101-108.162.1",
"kernel-xen": "3.0.101-108.162.1",
"kernel-default-devel": "3.0.101-108.162.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-xen
Package
- Name
- kernel-xen
- Purl
- purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.162.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.162.1",
"kernel-ec2": "3.0.101-108.162.1",
"kernel-default": "3.0.101-108.162.1",
"kernel-source": "3.0.101-108.162.1",
"kernel-syms": "3.0.101-108.162.1",
"kernel-trace": "3.0.101-108.162.1",
"kernel-trace-devel": "3.0.101-108.162.1",
"kernel-ec2-devel": "3.0.101-108.162.1",
"kernel-ec2-base": "3.0.101-108.162.1",
"kernel-xen-devel": "3.0.101-108.162.1",
"kernel-xen-base": "3.0.101-108.162.1",
"kernel-trace-base": "3.0.101-108.162.1",
"kernel-xen": "3.0.101-108.162.1",
"kernel-default-devel": "3.0.101-108.162.1"
}
]
}