Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:3467-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2022-20368 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-20368 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48839 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-48839 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-48919 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2022-48919 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48919 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-42232 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-43882 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-43882 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-43883 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2024-43883 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-44947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
  • CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
  • SUSE Linux Enterprise Server 11 SP4
  • SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4

An update that solves eight vulnerabilities and has two security fixes can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
  • CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
  • CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
  • CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
  • CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
  • CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)

The following non-security bugs were fixed:

  • fuse: fix SetPageUptodate() condition in STORE (bsc#1229456).
  • reiserfs: fix "new_insert_key may be used uninitialized ..." (bsc#1228938).
  • scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002)

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4
    zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2024-3467=1
  • SUSE Linux Enterprise Server 11 SP4
    zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2024-3467=1

Package List:

  • SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (nosrc x86_64)
    • kernel-default-3.0.101-108.162.1
    • kernel-xen-3.0.101-108.162.1
    • kernel-trace-3.0.101-108.162.1
    • kernel-ec2-3.0.101-108.162.1
  • SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64)
    • kernel-trace-base-3.0.101-108.162.1
    • kernel-source-3.0.101-108.162.1
    • kernel-ec2-base-3.0.101-108.162.1
    • kernel-xen-devel-3.0.101-108.162.1
    • kernel-ec2-devel-3.0.101-108.162.1
    • kernel-syms-3.0.101-108.162.1
    • kernel-trace-devel-3.0.101-108.162.1
    • kernel-default-base-3.0.101-108.162.1
    • kernel-default-devel-3.0.101-108.162.1
    • kernel-xen-base-3.0.101-108.162.1
  • SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64)
    • kernel-default-3.0.101-108.162.1
    • kernel-xen-3.0.101-108.162.1
    • kernel-trace-3.0.101-108.162.1
    • kernel-ec2-3.0.101-108.162.1
  • SUSE Linux Enterprise Server 11 SP4 (x86_64)
    • kernel-trace-base-3.0.101-108.162.1
    • kernel-source-3.0.101-108.162.1
    • kernel-ec2-base-3.0.101-108.162.1
    • kernel-xen-devel-3.0.101-108.162.1
    • kernel-ec2-devel-3.0.101-108.162.1
    • kernel-syms-3.0.101-108.162.1
    • kernel-trace-devel-3.0.101-108.162.1
    • kernel-default-base-3.0.101-108.162.1
    • kernel-default-devel-3.0.101-108.162.1
    • kernel-xen-base-3.0.101-108.162.1

References: