Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2024:4103-1
Release Date:	2024-11-28T14:16:29Z
Rating:	important
References:	bsc#1195775 bsc#1204171 bsc#1205796 bsc#1206344 bsc#1209290 bsc#1218562 bsc#1219125 bsc#1223384 bsc#1223524 bsc#1223824 bsc#1225336 bsc#1225611 bsc#1226211 bsc#1226212 bsc#1226557 bsc#1228743 bsc#1229042 bsc#1229454 bsc#1229456 bsc#1230429 bsc#1231073 bsc#1231191 bsc#1231197 bsc#1231200 bsc#1231203 bsc#1231293 bsc#1231375 bsc#1231502 bsc#1231673 bsc#1231861 bsc#1231887 bsc#1231890 bsc#1231893 bsc#1231895 bsc#1231936 bsc#1231938 bsc#1231942 bsc#1231960 bsc#1231961 bsc#1231979 bsc#1231987 bsc#1231988 bsc#1232033 bsc#1232069 bsc#1232070 bsc#1232097 bsc#1232136 bsc#1232145 bsc#1232262 bsc#1232282 bsc#1232286 bsc#1232304 bsc#1232383 bsc#1232418 bsc#1232424 bsc#1232432
Cross-References:	CVE-2021-47416 CVE-2021-47589 CVE-2022-3435 CVE-2022-45934 CVE-2022-48664 CVE-2022-48947 CVE-2022-48956 CVE-2022-48960 CVE-2022-48962 CVE-2022-48967 CVE-2022-48970 CVE-2022-48988 CVE-2022-48991 CVE-2022-48999 CVE-2022-49003 CVE-2022-49014 CVE-2022-49015 CVE-2022-49023 CVE-2022-49025 CVE-2023-28327 CVE-2023-46343 CVE-2023-52881 CVE-2023-52919 CVE-2023-6270 CVE-2024-27043 CVE-2024-42145 CVE-2024-44947 CVE-2024-45016 CVE-2024-46813 CVE-2024-46816 CVE-2024-46817 CVE-2024-46818 CVE-2024-46849 CVE-2024-47668 CVE-2024-47674 CVE-2024-47684 CVE-2024-47706 CVE-2024-47747 CVE-2024-49860 CVE-2024-49867 CVE-2024-49936 CVE-2024-49974 CVE-2024-49982 CVE-2024-49991 CVE-2024-49995 CVE-2024-50047
CVSS scores:	CVE-2021-47416 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-47589 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47589 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3435 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-3435 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-45934 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-45934 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48664 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2022-48947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48960 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-48960 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-48960 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48962 ( SUSE ): 7.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-48962 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H CVE-2022-48962 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48967 ( SUSE ): 7.0 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-48967 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-48967 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-48970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48970 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48988 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-48988 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48988 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48991 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-48991 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48991 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48999 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48999 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-49003 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-49003 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49003 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49014 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49014 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49015 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49015 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49023 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49023 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49025 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49025 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-28327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-28327 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-46343 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-46343 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52881 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-52919 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52919 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-6270 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6270 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-27043 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-42145 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-42145 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-44947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-45016 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-45016 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-46813 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-46813 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-46813 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-46816 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-46816 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-46816 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-46817 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-46817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-46817 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-46818 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-46818 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-46818 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-46849 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-46849 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-47668 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVE-2024-47668 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2024-47668 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-47684 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-47684 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-47684 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-47747 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-47747 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-47747 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-49860 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-49860 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-49860 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-49936 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-49936 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-49936 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-49974 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-49974 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-49974 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-49982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-49982 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-49991 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-49991 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-49991 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-49995 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2024-49995 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N CVE-2024-49995 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50047 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50047 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS SUSE Linux Enterprise Live Patching 15-SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux SUSE Linux Enterprise Server 15 SP2 LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 46 vulnerabilities and has 10 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

CVE-2021-47589: igbvf: fix double free in igbvf_probe (bsc#1226557).
CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
CVE-2022-48967: NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304).
CVE-2022-48988: memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344 bsc#1232069).
CVE-2022-48991: khugepaged: retract_page_tables() remember to test exit (bsc#1232070).
CVE-2022-49003: nvme: fix SRCU protection of nvme_ns_head list (bsc#1232136).
CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1231890).
CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
CVE-2022-49023: wifi: cfg80211: fix buffer overflow in elem comparison (bsc#1231961).
CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table (bsc#1231960).
CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).

The following non-security bugs were fixed:

initrd: Revert "build initrd without systemd" (bsc#1195775).
bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
kernel-binary: generate and install compile_commands.json (bsc#1228971).
net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033).
rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc
rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression.
rpm/kernel-binary.spec.in: fix klp_symbols macro The commit below removed openSUSE filter from %ifs of the klp_symbols definition (boo#1229042).
rpm/kernel-obs-build.spec.in: Some builds do not just create an iso9660 image, but also mount it during build (bsc#1226212).
rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211).
rpm/release-projects: Add SLFO projects (bsc#1231293).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Live Patching 15-SP2
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-4103=1
SUSE Linux Enterprise High Availability Extension 15 SP2
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-4103=1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4103=1
SUSE Linux Enterprise Server 15 SP2 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4103=1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4103=1

Package List:

SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
- kernel-default-5.3.18-150200.24.209.1
SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
- kernel-default-livepatch-devel-5.3.18-150200.24.209.1
- kernel-livepatch-5_3_18-150200_24_209-default-1-150200.5.3.1
- kernel-default-livepatch-5.3.18-150200.24.209.1
- kernel-livepatch-5_3_18-150200_24_209-default-debuginfo-1-150200.5.3.1
- kernel-livepatch-SLE15-SP2_Update_54-debugsource-1-150200.5.3.1
- kernel-default-debuginfo-5.3.18-150200.24.209.1
- kernel-default-debugsource-5.3.18-150200.24.209.1
SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
- cluster-md-kmp-default-5.3.18-150200.24.209.1
- cluster-md-kmp-default-debuginfo-5.3.18-150200.24.209.1
- ocfs2-kmp-default-5.3.18-150200.24.209.1
- ocfs2-kmp-default-debuginfo-5.3.18-150200.24.209.1
- gfs2-kmp-default-5.3.18-150200.24.209.1
- kernel-default-debugsource-5.3.18-150200.24.209.1
- dlm-kmp-default-debuginfo-5.3.18-150200.24.209.1
- gfs2-kmp-default-debuginfo-5.3.18-150200.24.209.1
- kernel-default-debuginfo-5.3.18-150200.24.209.1
- dlm-kmp-default-5.3.18-150200.24.209.1
SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
- kernel-default-5.3.18-150200.24.209.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (aarch64 nosrc x86_64)
- kernel-default-5.3.18-150200.24.209.1
- kernel-preempt-5.3.18-150200.24.209.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (aarch64 x86_64)
- kernel-default-base-5.3.18-150200.24.209.1.150200.9.109.1
- kernel-obs-build-debugsource-5.3.18-150200.24.209.1
- kernel-preempt-debugsource-5.3.18-150200.24.209.1
- kernel-preempt-devel-5.3.18-150200.24.209.1
- kernel-preempt-debuginfo-5.3.18-150200.24.209.1
- kernel-syms-5.3.18-150200.24.209.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.209.1
- kernel-default-devel-debuginfo-5.3.18-150200.24.209.1
- kernel-default-devel-5.3.18-150200.24.209.1
- kernel-default-debuginfo-5.3.18-150200.24.209.1
- kernel-obs-build-5.3.18-150200.24.209.1
- kernel-default-debugsource-5.3.18-150200.24.209.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (noarch)
- kernel-source-5.3.18-150200.24.209.1
- kernel-devel-5.3.18-150200.24.209.1
- kernel-macros-5.3.18-150200.24.209.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (noarch nosrc)
- kernel-docs-5.3.18-150200.24.209.2
SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-5.3.18-150200.24.209.1
SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 ppc64le s390x x86_64)
- kernel-default-base-5.3.18-150200.24.209.1.150200.9.109.1
- kernel-obs-build-debugsource-5.3.18-150200.24.209.1
- reiserfs-kmp-default-debuginfo-5.3.18-150200.24.209.1
- kernel-syms-5.3.18-150200.24.209.1
- kernel-default-devel-debuginfo-5.3.18-150200.24.209.1
- reiserfs-kmp-default-5.3.18-150200.24.209.1
- kernel-default-devel-5.3.18-150200.24.209.1
- kernel-default-debuginfo-5.3.18-150200.24.209.1
- kernel-obs-build-5.3.18-150200.24.209.1
- kernel-default-debugsource-5.3.18-150200.24.209.1
SUSE Linux Enterprise Server 15 SP2 LTSS (noarch)
- kernel-source-5.3.18-150200.24.209.1
- kernel-devel-5.3.18-150200.24.209.1
- kernel-macros-5.3.18-150200.24.209.1
SUSE Linux Enterprise Server 15 SP2 LTSS (noarch nosrc)
- kernel-docs-5.3.18-150200.24.209.2
SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.209.1
SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 x86_64)
- kernel-preempt-devel-5.3.18-150200.24.209.1
- kernel-preempt-debugsource-5.3.18-150200.24.209.1
- kernel-preempt-debuginfo-5.3.18-150200.24.209.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.209.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64)
- kernel-default-5.3.18-150200.24.209.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
- kernel-default-base-5.3.18-150200.24.209.1.150200.9.109.1
- kernel-obs-build-debugsource-5.3.18-150200.24.209.1
- reiserfs-kmp-default-debuginfo-5.3.18-150200.24.209.1
- kernel-syms-5.3.18-150200.24.209.1
- kernel-default-devel-debuginfo-5.3.18-150200.24.209.1
- reiserfs-kmp-default-5.3.18-150200.24.209.1
- kernel-default-devel-5.3.18-150200.24.209.1
- kernel-default-debuginfo-5.3.18-150200.24.209.1
- kernel-obs-build-5.3.18-150200.24.209.1
- kernel-default-debugsource-5.3.18-150200.24.209.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
- kernel-source-5.3.18-150200.24.209.1
- kernel-devel-5.3.18-150200.24.209.1
- kernel-macros-5.3.18-150200.24.209.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.209.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.209.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
- kernel-preempt-devel-5.3.18-150200.24.209.1
- kernel-preempt-debugsource-5.3.18-150200.24.209.1
- kernel-preempt-debuginfo-5.3.18-150200.24.209.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.209.1

Security update for the Linux Kernel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: