Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2024:4317-1
Release Date:	2024-12-13T15:32:18Z
Rating:	important
References:	bsc#1154353 bsc#1198778 bsc#1218644 bsc#1220927 bsc#1231939 bsc#1231940 bsc#1231958 bsc#1231962 bsc#1231991 bsc#1231992 bsc#1231995 bsc#1232006 bsc#1232163 bsc#1232172 bsc#1232224 bsc#1232436 bsc#1232860 bsc#1232907 bsc#1232919 bsc#1232928 bsc#1233070 bsc#1233117 bsc#1233293 bsc#1233453 bsc#1233456 bsc#1233468 bsc#1233479 bsc#1233490 bsc#1233491 bsc#1233555 bsc#1233557 jsc#SLE-8100
Cross-References:	CVE-2022-48985 CVE-2022-49006 CVE-2022-49010 CVE-2022-49011 CVE-2022-49019 CVE-2022-49021 CVE-2022-49022 CVE-2022-49029 CVE-2022-49031 CVE-2022-49032 CVE-2023-52524 CVE-2024-49925 CVE-2024-50089 CVE-2024-50115 CVE-2024-50125 CVE-2024-50127 CVE-2024-50154 CVE-2024-50205 CVE-2024-50208 CVE-2024-50264 CVE-2024-50267 CVE-2024-50279 CVE-2024-50290 CVE-2024-50301 CVE-2024-50302 CVE-2024-53061 CVE-2024-53063
CVSS scores:	CVE-2022-48985 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48985 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49006 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-49006 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-49006 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49010 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2022-49010 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49010 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49011 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49011 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49019 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49019 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49022 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49022 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49029 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49031 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49031 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-49032 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49032 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-52524 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-49925 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-49925 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2024-49925 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-50089 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-50089 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-50089 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-50115 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H CVE-2024-50115 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H CVE-2024-50115 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50125 ( SUSE ): 7.5 CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-50125 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50125 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50125 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50127 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-50127 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50154 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-50154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50154 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50205 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-50205 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2024-50205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-50208 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50267 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50267 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50267 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50279 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2024-50279 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50290 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50301 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50301 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50302 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50302 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-53061 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53061 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53063 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2024-53063 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves 27 vulnerabilities, contains one feature and has four security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

CVE-2023-52524: net: nfc: llcp: Add lock when modifying device list (bsc#1220927).
CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224).
CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).

The following non-security bugs were fixed:

e1000e: Correct NVM checksum verification flow (jsc#SLE-8100).
e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778).
ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198778).
initramfs: avoid filename buffer overrun (bsc#1232436).
kernel-binary: Enable livepatch package only when livepatch is enabled (bsc#1218644).
net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778).
net: ena: Add debug prints for invalid req_id resets (bsc#1198778).
net: ena: Change ENI stats support check to use capabilities field (bsc#1198778).
net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778).
net: ena: Change the name of bad_csum variable (bsc#1198778).
net: ena: Extract recurring driver reset code into a function (bsc#1198778).
net: ena: Flush XDP packets on error (bsc#1198778).
net: ena: Improve error logging in driver (bsc#1198778).
net: ena: Move reset completion print to the reset function (bsc#1198778).
net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778).
net: ena: Remove module param and change message severity (bsc#1198778).
net: ena: Remove redundant return code check (bsc#1198778).
net: ena: Remove unused code (bsc#1198778).
net: ena: Set tx_info->xdpf value to NULL (bsc#1198778).
net: ena: Update XDP verdict upon failure (bsc#1198778).
net: ena: Use bitmask to indicate packet redirection (bsc#1198778).
net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778).
net: ena: add device distinct log prefix to files (bsc#1198778).
net: ena: add jiffies of last napi call to stats (bsc#1198778).
net: ena: aggregate doorbell common operations into a function (bsc#1198778).
net: ena: aggregate stats increase into a function (bsc#1198778).
net: ena: fix DMA mapping function issues in XDP (bsc#1198778).
net: ena: fix coding style nits (bsc#1198778).
net: ena: fix inaccurate print type (bsc#1198778).
net: ena: introduce XDP redirect implementation (bsc#1198778).
net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778).
net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778).
net: ena: re-organize code to improve readability (bsc#1198778).
net: ena: remove extra words from comments (bsc#1198778).
net: ena: store values in their appropriate variables types (bsc#1198778).
net: ena: use build_skb() in RX path (bsc#1198778).
net: ena: use constant value for net_device allocation (bsc#1198778).
net: ena: use xdp_frame in XDP TX flow (bsc#1198778).
net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778).
tools headers: Grab copy of linux/const.h, needed by linux/bits.h (bsc#1154353).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-4317=1
SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-4317=1
SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-4317=1

Package List:

SUSE Linux Enterprise Micro 5.1 (nosrc x86_64)
- kernel-rt-5.3.18-150300.194.1
SUSE Linux Enterprise Micro 5.1 (x86_64)
- kernel-rt-debugsource-5.3.18-150300.194.1
- kernel-rt-debuginfo-5.3.18-150300.194.1
SUSE Linux Enterprise Micro 5.1 (noarch)
- kernel-source-rt-5.3.18-150300.194.1
SUSE Linux Enterprise Micro 5.2 (nosrc x86_64)
- kernel-rt-5.3.18-150300.194.1
SUSE Linux Enterprise Micro 5.2 (x86_64)
- kernel-rt-debugsource-5.3.18-150300.194.1
- kernel-rt-debuginfo-5.3.18-150300.194.1
SUSE Linux Enterprise Micro 5.2 (noarch)
- kernel-source-rt-5.3.18-150300.194.1
SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64)
- kernel-rt-5.3.18-150300.194.1
SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
- kernel-rt-debugsource-5.3.18-150300.194.1
- kernel-rt-debuginfo-5.3.18-150300.194.1
SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
- kernel-source-rt-5.3.18-150300.194.1

Security update for the Linux Kernel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: