SUSE-SU-2024:4345-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20244345-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:4345-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:4345-1
Related
Published
2024-12-17T08:31:01Z
Modified
2025-05-02T04:35:57.695768Z
Upstream
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
  • CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
  • CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
  • CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
  • CVE-2024-47757: nilfs2: fix potential oob read in nilfsbtreecheck_delete() (bsc#1232187).
  • CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
  • CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
  • CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
  • CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
  • CVE-2024-50125: Bluetooth: SCO: Fix UAF on scosocktimeout (bsc#1232928).
  • CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
  • CVE-2024-50154: tcp/dccp: Do not use timerpending() in reqskqueue_unlink() (bsc#1233070).
  • CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in applyconstraintto_size() (bsc#1233293).
  • CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
  • CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsimnexthopbucketactivitywrite() (bsc#1233214).
  • CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
  • CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
  • CVE-2024-50274: idpf: avoid vport access in idpfgetlink_ksettings (bsc#1233463).
  • CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
  • CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
  • CVE-2024-50301: security/keys: fix slab-out-of-bounds in keytaskpermission (bsc#1233490).
  • CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
  • CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
  • CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
  • CVE-2024-53068: firmware: armscmi: Fix slab-use-after-free in scmibus_notifier() (bsc#1233561).

The following non-security bugs were fixed:

  • Update config files (bsc#1218644).
  • Update config files. Enabled IDPF for ARM64 (bsc#1221309)
  • initramfs: avoid filename buffer overrun (bsc#1232436).
  • kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
  • mm/memory: add non-anonymous page check in the copypresentpage() (bsc#1231646).
  • rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
  • x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
  • x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
References

Affected packages

SUSE:Linux Enterprise Micro 5.3 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.103.1",
            "kernel-rt": "5.14.21-150400.15.103.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.103.1",
            "kernel-rt": "5.14.21-150400.15.103.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.103.1",
            "kernel-rt": "5.14.21-150400.15.103.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.103.1",
            "kernel-rt": "5.14.21-150400.15.103.1"
        }
    ]
}