Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2024:0976-1
Rating:	important
References:	bsc#1050549 bsc#1186484 bsc#1200599 bsc#1212514 bsc#1213456 bsc#1218450 bsc#1218527 bsc#1218915 bsc#1219127 bsc#1219146 bsc#1219295 bsc#1219653 bsc#1219827 bsc#1219835 bsc#1220187 bsc#1220238 bsc#1220240 bsc#1220241 bsc#1220250 bsc#1220330 bsc#1220340 bsc#1220344 bsc#1220409 bsc#1220421 bsc#1220436 bsc#1220444 bsc#1220459 bsc#1220468 bsc#1220482 bsc#1220526 bsc#1220570 bsc#1220575 bsc#1220599 bsc#1220607 bsc#1220613 bsc#1220638 bsc#1220641 bsc#1220649 bsc#1220700 bsc#1220735 bsc#1220767 bsc#1220796 bsc#1220825 bsc#1220831 bsc#1220845 bsc#1220860 bsc#1220861 bsc#1220863 bsc#1220870 bsc#1220930 bsc#1220931 bsc#1220932 bsc#1220957 bsc#1221039 bsc#1221040 bsc#1221287
Cross-References:	CVE-2019-25162 CVE-2020-36777 CVE-2020-36784 CVE-2021-46906 CVE-2021-46915 CVE-2021-46921 CVE-2021-46924 CVE-2021-46929 CVE-2021-46932 CVE-2021-46953 CVE-2021-46974 CVE-2021-46991 CVE-2021-46992 CVE-2021-47013 CVE-2021-47054 CVE-2021-47076 CVE-2021-47077 CVE-2021-47078 CVE-2022-48627 CVE-2023-28746 CVE-2023-35827 CVE-2023-46343 CVE-2023-52340 CVE-2023-52429 CVE-2023-52443 CVE-2023-52445 CVE-2023-52449 CVE-2023-52451 CVE-2023-52464 CVE-2023-52475 CVE-2023-52478 CVE-2023-52482 CVE-2023-52502 CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52574 CVE-2023-52597 CVE-2023-52605 CVE-2024-0607 CVE-2024-1151 CVE-2024-23849 CVE-2024-23851 CVE-2024-26585 CVE-2024-26595 CVE-2024-26600 CVE-2024-26622
CVSS scores:	CVE-2019-25162 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36777 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-36784 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-46906 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-46915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46921 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-46924 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-46929 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-46932 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-46953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46974 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-46991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-46992 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2021-47013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47054 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2021-47076 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47077 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47078 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-48627 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2023-35827 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-46343 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-46343 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52443 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52443 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52445 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52445 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52449 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52451 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H CVE-2023-52451 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52464 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-52475 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52478 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2023-52482 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52531 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52532 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52574 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52597 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H CVE-2023-52605 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26600 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Real Time 12 SP5 SUSE Linux Enterprise Server 12 SP5

An update that solves 47 vulnerabilities and has nine security fixes can now be installed.

Description:

The SUSE Linux Enterprise SLE12SP5 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
• CVE-2020-36777: Fixed a memory leak in dvb_media_device_free() (bsc#1220526).
• CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570).
• CVE-2021-46906: Fixed an info leak in hid_submit_ctrl (bsc#1220421).
• CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436).
• CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468).
• CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
• CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
• CVE-2021-46953: Fixed a corruption in interrupt mappings on watchdow probe failure (bsc#1220599).
• CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc#1220575).
• CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc#1220638).
• CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
• CVE-2021-47054: Fixed a bug to put child node before return (bsc#1220767).
• CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860)
• CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#1220861).
• CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863)
• CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
• CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
• CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
• CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343).
• CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
• CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
• CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
• CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
• CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
• CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
• CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
• CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
• CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
• CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
• CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
• CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
• CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
• CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
• CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
• CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
• CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
• CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
• CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
• CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
• CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
• CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
• CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
• CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
• CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).

The following non-security bugs were fixed:

• [media] coda: simplify optional reset handling (git-fixes).
• [media] media drivers: annotate fall-through (git-fixes).
• [media] media: platform: coda: remove variable self assignment (git-fixes).
• asn.1: fix check for strdup() success (git-fixes).
• audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
• bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
• bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
• bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
• bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
• bnx2x: fix pf-vf communication over multi-cos queues (git-fixes).
• doc/readme.ksyms: add to repo.++ kernel-source-rt.spec (revision 4)%define git_commit 1431ee6e1c7fc02206d6bd539f8bd8ec4ce61801release: <release>.g1431ee6this package provides the rpm macros and templates for kernel module packages++ kernel-source.spec.in (revision 4)this package provides the rpm macros and templates for kernel module packages
• e1000: fix memory leaks (git-fixes).
• gve: fix skb truesize underestimation (git-fixes).
• igb: clean up in all error paths when enabling sr-iov (git-fixes).
• igb: fix constant media auto sense switching when no cable is connected (git-fixes).
• ipv6: fix handling of lla with vrf and sockets bound to vrf (git-fixes).
• ipv6: fix typos in __ip6_finish_output() (git-fixes).
• ixgbe: protect tx timestamping from api misuse (git-fixes).
• kcm: call strp_stop before strp_done in kcm_attach (git-fixes).
• kcm: fix strp_init() order and cleanup (git-fixes).
• kernel-source: fix description typo
• kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220613).
• kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
• kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
• kvm: x86: add support for cpuid leaf 0x80000021 (git-fixes).
• kvm: x86: move open-coded cpuid leaf 0x80000021 eax bit propagation code (git-fixes).
• kvm: x86: synthesize cpuid leaf 0x80000021h if useful (git-fixes).
• kvm: x86: work around qemu issue with synthetic cpuid leaves (git-fixes).
• locking/barriers: introduce smp_cond_load_relaxed() and atomic_cond_read_relaxed() (bsc#1220468 bsc#1050549).
• media: coda: constify platform_device_id (git-fixes).
• media: coda: explicitly request exclusive reset control (git-fixes).
• media: coda: reduce iram size to leave space for suspend to ram (git-fixes).
• media: coda: reuse coda_s_fmt_vid_cap to propagate format in coda_s_fmt_vid_out (git-fixes).
• media: coda: set min_buffers_needed (git-fixes).
• media: coda: wake up capture queue on encoder stop after output streamoff (git-fixes).
• media: dvb-usb: add memory free on error path in dw2102_probe() (git-fixes).
• media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
• media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
• media: dw2102: fix memleak on sequence of probes (git-fixes).
• media: dw2102: fix use after free (git-fixes).
• media: dw2102: make dvb_usb_device_description structures const (git-fixes).
• media: m920x: do not use stack on usb reads (git-fixes).
• media: rc: do not remove first bit if leader pulse is present (git-fixes).
• media: rc: ir-rc6-decoder: enable toggle bit for kathrein rcu-676 remote (git-fixes).
• media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes).
• media: uvcvideo: set capability in s_param (git-fixes).
• mkspec: use variant in constraints template constraints are not applied consistently with kernel package variants. add variant to the constraints template as appropriate, and expand it in mkspec.
• net/mlx5e: ethtool, avoid setting speed to 56gbase when autoneg off (git-fixes).
• net/sched: tcindex: search key must be 16 bits (git-fixes).
• net: bonding: debug: avoid printing debug logs when bond is not notifying peers (git-fixes).
• net: fec: add missed clk_disable_unprepare in remove (git-fixes).
• net: fec: better handle pm_runtime_get() failing in .remove() (git-fixes).
• net: fec: fix clock count mis-match (git-fixes).
• net: fec: fix use-after-free in fec_drv_remove (git-fixes).
• net: hisilicon: fix dma_map_single failed on arm64 (git-fixes).
• net: hisilicon: fix hip04-xmit never return tx_busy (git-fixes).
• net: hisilicon: fix usage of uninitialized variable in function mdio_sc_cfg_reg_write() (git-fixes).
• net: hisilicon: make hip04_tx_reclaim non-reentrant (git-fixes).
• net: hns3: add compatible handling for mac vlan switch parameter configuration (git-fixes).
• net: hns3: not allow ssu loopback while execute ethtool -t dev (git-fixes).
• net: lpc-enet: fix printk format strings (git-fixes).
• net: nfc: llcp: add lock when modifying device list (git-fixes).
• net: phy: dp83867: enable robust auto-mdix (git-fixes).
• net: phy: initialise phydev speed and duplex sanely (git-fixes).
• net: sfp: add mutex to prevent concurrent state checks (git-fixes).
• net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in irq context (git-fixes).
• net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
• nfsd: do not refuse to serve out of cache (bsc#1220957).
• pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-fixes).
• revert "md/raid5: wait for md_sb_change_pending in raid5d" (git-fixes).
• revert "wcn36xx: disable bmps when encryption is disabled" (git-fixes).
• rpm/constraints.in: set jobs for riscv to 8 the same workers are used for x86 and riscv and the riscv builds take ages. so align the riscv jobs count to x86.
• rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
• rpm/mkspec: sort entries in _multibuild otherwise it creates unnecessary diffs when tar-up-ing. it's of course due to readdir() using "random" order as served by the underlying filesystem. see for example: https://build.opensuse.org/request/show/1144457/changes
• rpm: use run_if_exists for all external scriptlets with that the scriptlets do not need to be installed for build.
• s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220607).
• stmmac: fix potential division by 0 (git-fixes).
• tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
• usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
• usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
• usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527).
• usb: musb: dsps: fix the probe error path (git-fixes).
• usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
• usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes).
• usb: typec: tcpci: clear the fault status bit (git-fixes).
• wcn36xx: fix (qos) null data frame bitrate/modulation (git-fixes).
• wcn36xx: fix discarded frames due to wrong sequence number (git-fixes).
• wcn36xx: fix rx bd rate mapping for 5ghz legacy rates (git-fixes).
• x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
• x86/bugs: add asm helpers for executing verw (bsc#1213456).
• x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severity as it's used purely for mitigation so it's low risk.
• x86/cpu, kvm: move x86_feature_lfence_rdtsc to its native leaf (git-fixes).
• x86/entry_32: add verw just before userspace transition (git-fixes).
• x86/entry_64: Add VERW just before userspace transition (git-fixes).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Real Time 12 SP5
  zypper in -t patch SUSE-SLE-RT-12-SP5-2024-976=1

Package List:

• SUSE Linux Enterprise Real Time 12 SP5 (x86_64)
  • gfs2-kmp-rt-debuginfo-4.12.14-10.171.1
  • kernel-rt-debuginfo-4.12.14-10.171.1
  • ocfs2-kmp-rt-debuginfo-4.12.14-10.171.1
  • ocfs2-kmp-rt-4.12.14-10.171.1
  • gfs2-kmp-rt-4.12.14-10.171.1
  • dlm-kmp-rt-4.12.14-10.171.1
  • kernel-syms-rt-4.12.14-10.171.1
  • cluster-md-kmp-rt-debuginfo-4.12.14-10.171.1
  • dlm-kmp-rt-debuginfo-4.12.14-10.171.1
  • kernel-rt-debugsource-4.12.14-10.171.1
  • cluster-md-kmp-rt-4.12.14-10.171.1
  • kernel-rt-base-4.12.14-10.171.1
  • kernel-rt_debug-debuginfo-4.12.14-10.171.1
  • kernel-rt-devel-debuginfo-4.12.14-10.171.1
  • kernel-rt-base-debuginfo-4.12.14-10.171.1
  • kernel-rt_debug-debugsource-4.12.14-10.171.1
  • kernel-rt_debug-devel-4.12.14-10.171.1
  • kernel-rt_debug-devel-debuginfo-4.12.14-10.171.1
  • kernel-rt-devel-4.12.14-10.171.1
• SUSE Linux Enterprise Real Time 12 SP5 (noarch)
  • kernel-devel-rt-4.12.14-10.171.1
  • kernel-source-rt-4.12.14-10.171.1
• SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64)
  • kernel-rt_debug-4.12.14-10.171.1
  • kernel-rt-4.12.14-10.171.1

References:

• https://www.suse.com/security/cve/CVE-2019-25162.html
• https://www.suse.com/security/cve/CVE-2020-36777.html
• https://www.suse.com/security/cve/CVE-2020-36784.html
• https://www.suse.com/security/cve/CVE-2021-46906.html
• https://www.suse.com/security/cve/CVE-2021-46915.html
• https://www.suse.com/security/cve/CVE-2021-46921.html
• https://www.suse.com/security/cve/CVE-2021-46924.html
• https://www.suse.com/security/cve/CVE-2021-46929.html
• https://www.suse.com/security/cve/CVE-2021-46932.html
• https://www.suse.com/security/cve/CVE-2021-46953.html
• https://www.suse.com/security/cve/CVE-2021-46974.html
• https://www.suse.com/security/cve/CVE-2021-46991.html
• https://www.suse.com/security/cve/CVE-2021-46992.html
• https://www.suse.com/security/cve/CVE-2021-47013.html
• https://www.suse.com/security/cve/CVE-2021-47054.html
• https://www.suse.com/security/cve/CVE-2021-47076.html
• https://www.suse.com/security/cve/CVE-2021-47077.html
• https://www.suse.com/security/cve/CVE-2021-47078.html
• https://www.suse.com/security/cve/CVE-2022-48627.html
• https://www.suse.com/security/cve/CVE-2023-28746.html
• https://www.suse.com/security/cve/CVE-2023-35827.html
• https://www.suse.com/security/cve/CVE-2023-46343.html
• https://www.suse.com/security/cve/CVE-2023-52340.html
• https://www.suse.com/security/cve/CVE-2023-52429.html
• https://www.suse.com/security/cve/CVE-2023-52443.html
• https://www.suse.com/security/cve/CVE-2023-52445.html
• https://www.suse.com/security/cve/CVE-2023-52449.html
• https://www.suse.com/security/cve/CVE-2023-52451.html
• https://www.suse.com/security/cve/CVE-2023-52464.html
• https://www.suse.com/security/cve/CVE-2023-52475.html
• https://www.suse.com/security/cve/CVE-2023-52478.html
• https://www.suse.com/security/cve/CVE-2023-52482.html
• https://www.suse.com/security/cve/CVE-2023-52502.html
• https://www.suse.com/security/cve/CVE-2023-52530.html
• https://www.suse.com/security/cve/CVE-2023-52531.html
• https://www.suse.com/security/cve/CVE-2023-52532.html
• https://www.suse.com/security/cve/CVE-2023-52574.html
• https://www.suse.com/security/cve/CVE-2023-52597.html
• https://www.suse.com/security/cve/CVE-2023-52605.html
• https://www.suse.com/security/cve/CVE-2024-0607.html
• https://www.suse.com/security/cve/CVE-2024-1151.html
• https://www.suse.com/security/cve/CVE-2024-23849.html
• https://www.suse.com/security/cve/CVE-2024-23851.html
• https://www.suse.com/security/cve/CVE-2024-26585.html
• https://www.suse.com/security/cve/CVE-2024-26595.html
• https://www.suse.com/security/cve/CVE-2024-26600.html
• https://www.suse.com/security/cve/CVE-2024-26622.html
• https://bugzilla.suse.com/show_bug.cgi?id=1050549
• https://bugzilla.suse.com/show_bug.cgi?id=1186484
• https://bugzilla.suse.com/show_bug.cgi?id=1200599
• https://bugzilla.suse.com/show_bug.cgi?id=1212514
• https://bugzilla.suse.com/show_bug.cgi?id=1213456
• https://bugzilla.suse.com/show_bug.cgi?id=1218450
• https://bugzilla.suse.com/show_bug.cgi?id=1218527
• https://bugzilla.suse.com/show_bug.cgi?id=1218915
• https://bugzilla.suse.com/show_bug.cgi?id=1219127
• https://bugzilla.suse.com/show_bug.cgi?id=1219146
• https://bugzilla.suse.com/show_bug.cgi?id=1219295
• https://bugzilla.suse.com/show_bug.cgi?id=1219653
• https://bugzilla.suse.com/show_bug.cgi?id=1219827
• https://bugzilla.suse.com/show_bug.cgi?id=1219835
• https://bugzilla.suse.com/show_bug.cgi?id=1220187
• https://bugzilla.suse.com/show_bug.cgi?id=1220238
• https://bugzilla.suse.com/show_bug.cgi?id=1220240
• https://bugzilla.suse.com/show_bug.cgi?id=1220241
• https://bugzilla.suse.com/show_bug.cgi?id=1220250
• https://bugzilla.suse.com/show_bug.cgi?id=1220330
• https://bugzilla.suse.com/show_bug.cgi?id=1220340
• https://bugzilla.suse.com/show_bug.cgi?id=1220344
• https://bugzilla.suse.com/show_bug.cgi?id=1220409
• https://bugzilla.suse.com/show_bug.cgi?id=1220421
• https://bugzilla.suse.com/show_bug.cgi?id=1220436
• https://bugzilla.suse.com/show_bug.cgi?id=1220444
• https://bugzilla.suse.com/show_bug.cgi?id=1220459
• https://bugzilla.suse.com/show_bug.cgi?id=1220468
• https://bugzilla.suse.com/show_bug.cgi?id=1220482
• https://bugzilla.suse.com/show_bug.cgi?id=1220526
• https://bugzilla.suse.com/show_bug.cgi?id=1220570
• https://bugzilla.suse.com/show_bug.cgi?id=1220575
• https://bugzilla.suse.com/show_bug.cgi?id=1220599
• https://bugzilla.suse.com/show_bug.cgi?id=1220607
• https://bugzilla.suse.com/show_bug.cgi?id=1220613
• https://bugzilla.suse.com/show_bug.cgi?id=1220638
• https://bugzilla.suse.com/show_bug.cgi?id=1220641
• https://bugzilla.suse.com/show_bug.cgi?id=1220649
• https://bugzilla.suse.com/show_bug.cgi?id=1220700
• https://bugzilla.suse.com/show_bug.cgi?id=1220735
• https://bugzilla.suse.com/show_bug.cgi?id=1220767
• https://bugzilla.suse.com/show_bug.cgi?id=1220796
• https://bugzilla.suse.com/show_bug.cgi?id=1220825
• https://bugzilla.suse.com/show_bug.cgi?id=1220831
• https://bugzilla.suse.com/show_bug.cgi?id=1220845
• https://bugzilla.suse.com/show_bug.cgi?id=1220860
• https://bugzilla.suse.com/show_bug.cgi?id=1220861
• https://bugzilla.suse.com/show_bug.cgi?id=1220863
• https://bugzilla.suse.com/show_bug.cgi?id=1220870
• https://bugzilla.suse.com/show_bug.cgi?id=1220930
• https://bugzilla.suse.com/show_bug.cgi?id=1220931
• https://bugzilla.suse.com/show_bug.cgi?id=1220932
• https://bugzilla.suse.com/show_bug.cgi?id=1220957
• https://bugzilla.suse.com/show_bug.cgi?id=1221039
• https://bugzilla.suse.com/show_bug.cgi?id=1221040
• https://bugzilla.suse.com/show_bug.cgi?id=1221287