SUSE-SU-2024:4082-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:4082-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:4082-1
Related
Published
2024-11-27T14:23:31Z
Modified
2024-11-27T14:23:31Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
  • CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
  • CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105setupdevlink_regions() (bsc#1231976).
  • CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
  • CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisifemacrx() (bsc#1232286).
  • CVE-2022-48991: mm/khugepaged: fix collapseptemappedthp() to allow anonvma (bsc#1232070).
  • CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
  • CVE-2024-45013: nvme: move stopping keep-alive into nvmeuninitctrl() (bsc#1230442).
  • CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
  • CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
  • CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdmafreedescriptor (bsc#1230715).
  • CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
  • CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
  • CVE-2024-46815: drm/amd/display: Check numvalidsets before accessing readerwmsets (bsc#1231195).
  • CVE-2024-46816: drm/amd/display: Stop amdgpudm initialize when link nums greater than maxlinks (bsc#1231197).
  • CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
  • CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
  • CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
  • CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in _genradixptr_alloc() (bsc#1231502).
  • CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
  • CVE-2024-47684: tcp: check skb is non-NULL in tcprtodelta_us() (bsc#1231987).
  • CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
  • CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
  • CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
  • CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
  • CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
  • CVE-2024-49936: net/xen-netback: prevent UAF in xenvifflushhash() (bsc#1232424).
  • CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
  • CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
  • CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
  • CVE-2024-49991: drm/amdkfd: amdkfdfreegtt_mem clear the correct pointer (bsc#1232282).
  • CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
  • CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).

The following non-security bugs were fixed:

  • NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
  • PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
  • RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (bsc#1232036).
  • bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
  • dnroute: set rt neigh to blackholenetdev instead of loopback_dev in ifdown (bsc#1216813).
  • ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
  • ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
  • net: mana: Fix the extra HZ in manahwcsend_request (bsc#1232033).
  • xfrm: set dst dev to blackholenetdev instead of loopbackdev in ifdown (bsc#1216813).
References

Affected packages

SUSE:Linux Enterprise Micro 5.3 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.100.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.100.1",
            "kernel-rt": "5.14.21-150400.15.100.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.100.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.100.1",
            "kernel-rt": "5.14.21-150400.15.100.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.100.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.100.1",
            "kernel-rt": "5.14.21-150400.15.100.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.100.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.100.1",
            "kernel-rt": "5.14.21-150400.15.100.1"
        }
    ]
}