SUSE-SU-2024:4345-1

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
• CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
• CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
• CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
• CVE-2024-47757: nilfs2: fix potential oob read in nilfsbtreecheck_delete() (bsc#1232187).
• CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
• CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
• CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
• CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
• CVE-2024-50125: Bluetooth: SCO: Fix UAF on scosocktimeout (bsc#1232928).
• CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
• CVE-2024-50154: tcp/dccp: Do not use timerpending() in reqskqueue_unlink() (bsc#1233070).
• CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in applyconstraintto_size() (bsc#1233293).
• CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
• CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsimnexthopbucketactivitywrite() (bsc#1233214).
• CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
• CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
• CVE-2024-50274: idpf: avoid vport access in idpfgetlink_ksettings (bsc#1233463).
• CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
• CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
• CVE-2024-50301: security/keys: fix slab-out-of-bounds in keytaskpermission (bsc#1233490).
• CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
• CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
• CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
• CVE-2024-53068: firmware: armscmi: Fix slab-use-after-free in scmibus_notifier() (bsc#1233561).

The following non-security bugs were fixed:

• Update config files (bsc#1218644).
• Update config files. Enabled IDPF for ARM64 (bsc#1221309)
• initramfs: avoid filename buffer overrun (bsc#1232436).
• kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
• mm/memory: add non-anonymous page check in the copypresentpage() (bsc#1231646).
• rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
• x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
• x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).