Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2024:3467-1
Rating:	important
References:	bsc#1202346 bsc#1227985 bsc#1228002 bsc#1228938 bsc#1228959 bsc#1229454 bsc#1229456 bsc#1229503 bsc#1229657 bsc#1229707
Cross-References:	CVE-2022-20368 CVE-2022-48791 CVE-2022-48839 CVE-2022-48919 CVE-2024-42232 CVE-2024-43882 CVE-2024-43883 CVE-2024-44947
CVSS scores:	CVE-2022-20368 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20368 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48839 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48839 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48919 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-48919 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-48919 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-42232 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-43882 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-43882 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-43883 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-43883 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2024-44947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4

An update that solves eight vulnerabilities and has two security fixes can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)

The following non-security bugs were fixed:

fuse: fix SetPageUptodate() condition in STORE (bsc#1229456).
reiserfs: fix "new_insert_key may be used uninitialized ..." (bsc#1228938).
scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002)

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4
zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2024-3467=1
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2024-3467=1

Package List:

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (nosrc x86_64)
- kernel-default-3.0.101-108.162.1
- kernel-xen-3.0.101-108.162.1
- kernel-trace-3.0.101-108.162.1
- kernel-ec2-3.0.101-108.162.1
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64)
- kernel-trace-base-3.0.101-108.162.1
- kernel-source-3.0.101-108.162.1
- kernel-ec2-base-3.0.101-108.162.1
- kernel-xen-devel-3.0.101-108.162.1
- kernel-ec2-devel-3.0.101-108.162.1
- kernel-syms-3.0.101-108.162.1
- kernel-trace-devel-3.0.101-108.162.1
- kernel-default-base-3.0.101-108.162.1
- kernel-default-devel-3.0.101-108.162.1
- kernel-xen-base-3.0.101-108.162.1
SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64)
- kernel-default-3.0.101-108.162.1
- kernel-xen-3.0.101-108.162.1
- kernel-trace-3.0.101-108.162.1
- kernel-ec2-3.0.101-108.162.1
SUSE Linux Enterprise Server 11 SP4 (x86_64)
- kernel-trace-base-3.0.101-108.162.1
- kernel-source-3.0.101-108.162.1
- kernel-ec2-base-3.0.101-108.162.1
- kernel-xen-devel-3.0.101-108.162.1
- kernel-ec2-devel-3.0.101-108.162.1
- kernel-syms-3.0.101-108.162.1
- kernel-trace-devel-3.0.101-108.162.1
- kernel-default-base-3.0.101-108.162.1
- kernel-default-devel-3.0.101-108.162.1
- kernel-xen-base-3.0.101-108.162.1

Security update for the Linux Kernel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: