Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2024:2365-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: |
|
CVSS scores: |
|
Affected Products: |
|
An update that solves 38 vulnerabilities and has two security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865).
- CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010).
- CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161).
- CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
- CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2022-2938: psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1202623).
- CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712).
- CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595)
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
The following non-security bugs were fixed:
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Live Patching 15-SP2
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-2365=1
-
SUSE Linux Enterprise High Availability Extension 15 SP2
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-2365=1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2365=1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2365=1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2365=1
Package List:
-
SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
- kernel-default-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
- kernel-livepatch-5_3_18-150200_24_197-default-1-150200.5.3.1
- kernel-livepatch-SLE15-SP2_Update_50-debugsource-1-150200.5.3.1
- kernel-default-debugsource-5.3.18-150200.24.197.1
- kernel-default-debuginfo-5.3.18-150200.24.197.1
- kernel-default-livepatch-5.3.18-150200.24.197.1
- kernel-livepatch-5_3_18-150200_24_197-default-debuginfo-1-150200.5.3.1
- kernel-default-livepatch-devel-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
- cluster-md-kmp-default-5.3.18-150200.24.197.1
- ocfs2-kmp-default-5.3.18-150200.24.197.1
- ocfs2-kmp-default-debuginfo-5.3.18-150200.24.197.1
- dlm-kmp-default-5.3.18-150200.24.197.1
- kernel-default-debugsource-5.3.18-150200.24.197.1
- kernel-default-debuginfo-5.3.18-150200.24.197.1
- cluster-md-kmp-default-debuginfo-5.3.18-150200.24.197.1
- gfs2-kmp-default-debuginfo-5.3.18-150200.24.197.1
- gfs2-kmp-default-5.3.18-150200.24.197.1
- dlm-kmp-default-debuginfo-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
- kernel-default-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.197.1
- kernel-default-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
- kernel-default-devel-5.3.18-150200.24.197.1
- kernel-preempt-devel-5.3.18-150200.24.197.1
- kernel-syms-5.3.18-150200.24.197.1
- kernel-preempt-debuginfo-5.3.18-150200.24.197.1
- kernel-default-debugsource-5.3.18-150200.24.197.1
- kernel-obs-build-5.3.18-150200.24.197.1
- kernel-default-debuginfo-5.3.18-150200.24.197.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.197.1
- kernel-obs-build-debugsource-5.3.18-150200.24.197.1
- kernel-default-devel-debuginfo-5.3.18-150200.24.197.1
- kernel-default-base-5.3.18-150200.24.197.1.150200.9.101.1
- kernel-preempt-debugsource-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
- kernel-macros-5.3.18-150200.24.197.1
- kernel-source-5.3.18-150200.24.197.1
- kernel-devel-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64)
- kernel-default-devel-5.3.18-150200.24.197.1
- reiserfs-kmp-default-5.3.18-150200.24.197.1
- kernel-syms-5.3.18-150200.24.197.1
- kernel-default-debugsource-5.3.18-150200.24.197.1
- kernel-obs-build-5.3.18-150200.24.197.1
- kernel-default-debuginfo-5.3.18-150200.24.197.1
- reiserfs-kmp-default-debuginfo-5.3.18-150200.24.197.1
- kernel-obs-build-debugsource-5.3.18-150200.24.197.1
- kernel-default-devel-debuginfo-5.3.18-150200.24.197.1
- kernel-default-base-5.3.18-150200.24.197.1.150200.9.101.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
- kernel-macros-5.3.18-150200.24.197.1
- kernel-source-5.3.18-150200.24.197.1
- kernel-devel-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
- kernel-preempt-devel-5.3.18-150200.24.197.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.197.1
- kernel-preempt-debugsource-5.3.18-150200.24.197.1
- kernel-preempt-debuginfo-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64)
- kernel-default-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
- kernel-default-devel-5.3.18-150200.24.197.1
- reiserfs-kmp-default-5.3.18-150200.24.197.1
- kernel-syms-5.3.18-150200.24.197.1
- kernel-default-debugsource-5.3.18-150200.24.197.1
- kernel-obs-build-5.3.18-150200.24.197.1
- kernel-default-debuginfo-5.3.18-150200.24.197.1
- reiserfs-kmp-default-debuginfo-5.3.18-150200.24.197.1
- kernel-obs-build-debugsource-5.3.18-150200.24.197.1
- kernel-default-devel-debuginfo-5.3.18-150200.24.197.1
- kernel-default-base-5.3.18-150200.24.197.1.150200.9.101.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
- kernel-macros-5.3.18-150200.24.197.1
- kernel-source-5.3.18-150200.24.197.1
- kernel-devel-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.197.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
- kernel-preempt-devel-5.3.18-150200.24.197.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.197.1
- kernel-preempt-debugsource-5.3.18-150200.24.197.1
- kernel-preempt-debuginfo-5.3.18-150200.24.197.1
References:
- https://www.suse.com/security/cve/CVE-2020-10135.html
- https://www.suse.com/security/cve/CVE-2021-3896.html
- https://www.suse.com/security/cve/CVE-2021-43389.html
- https://www.suse.com/security/cve/CVE-2021-4439.html
- https://www.suse.com/security/cve/CVE-2021-47247.html
- https://www.suse.com/security/cve/CVE-2021-47311.html
- https://www.suse.com/security/cve/CVE-2021-47328.html
- https://www.suse.com/security/cve/CVE-2021-47368.html
- https://www.suse.com/security/cve/CVE-2021-47372.html
- https://www.suse.com/security/cve/CVE-2021-47379.html
- https://www.suse.com/security/cve/CVE-2021-47571.html
- https://www.suse.com/security/cve/CVE-2021-47583.html
- https://www.suse.com/security/cve/CVE-2022-0435.html
- https://www.suse.com/security/cve/CVE-2022-22942.html
- https://www.suse.com/security/cve/CVE-2022-2938.html
- https://www.suse.com/security/cve/CVE-2022-48711.html
- https://www.suse.com/security/cve/CVE-2022-48760.html
- https://www.suse.com/security/cve/CVE-2022-48771.html
- https://www.suse.com/security/cve/CVE-2023-24023.html
- https://www.suse.com/security/cve/CVE-2023-52707.html
- https://www.suse.com/security/cve/CVE-2023-52752.html
- https://www.suse.com/security/cve/CVE-2023-52881.html
- https://www.suse.com/security/cve/CVE-2024-26921.html
- https://www.suse.com/security/cve/CVE-2024-26923.html
- https://www.suse.com/security/cve/CVE-2024-35789.html
- https://www.suse.com/security/cve/CVE-2024-35861.html
- https://www.suse.com/security/cve/CVE-2024-35862.html
- https://www.suse.com/security/cve/CVE-2024-35864.html
- https://www.suse.com/security/cve/CVE-2024-35878.html
- https://www.suse.com/security/cve/CVE-2024-35950.html
- https://www.suse.com/security/cve/CVE-2024-36894.html
- https://www.suse.com/security/cve/CVE-2024-36904.html
- https://www.suse.com/security/cve/CVE-2024-36940.html
- https://www.suse.com/security/cve/CVE-2024-36964.html
- https://www.suse.com/security/cve/CVE-2024-38541.html
- https://www.suse.com/security/cve/CVE-2024-38545.html
- https://www.suse.com/security/cve/CVE-2024-38559.html
- https://www.suse.com/security/cve/CVE-2024-38560.html
- https://bugzilla.suse.com/show_bug.cgi?id=1171988
- https://bugzilla.suse.com/show_bug.cgi?id=1191958
- https://bugzilla.suse.com/show_bug.cgi?id=1195065
- https://bugzilla.suse.com/show_bug.cgi?id=1195254
- https://bugzilla.suse.com/show_bug.cgi?id=1202623
- https://bugzilla.suse.com/show_bug.cgi?id=1218148
- https://bugzilla.suse.com/show_bug.cgi?id=1219224
- https://bugzilla.suse.com/show_bug.cgi?id=1222015
- https://bugzilla.suse.com/show_bug.cgi?id=1223138
- https://bugzilla.suse.com/show_bug.cgi?id=1223384
- https://bugzilla.suse.com/show_bug.cgi?id=1224671
- https://bugzilla.suse.com/show_bug.cgi?id=1224703
- https://bugzilla.suse.com/show_bug.cgi?id=1224749
- https://bugzilla.suse.com/show_bug.cgi?id=1224764
- https://bugzilla.suse.com/show_bug.cgi?id=1224765
- https://bugzilla.suse.com/show_bug.cgi?id=1224766
- https://bugzilla.suse.com/show_bug.cgi?id=1224865
- https://bugzilla.suse.com/show_bug.cgi?id=1225010
- https://bugzilla.suse.com/show_bug.cgi?id=1225047
- https://bugzilla.suse.com/show_bug.cgi?id=1225109
- https://bugzilla.suse.com/show_bug.cgi?id=1225161
- https://bugzilla.suse.com/show_bug.cgi?id=1225184
- https://bugzilla.suse.com/show_bug.cgi?id=1225203
- https://bugzilla.suse.com/show_bug.cgi?id=1225487
- https://bugzilla.suse.com/show_bug.cgi?id=1225518
- https://bugzilla.suse.com/show_bug.cgi?id=1225611
- https://bugzilla.suse.com/show_bug.cgi?id=1225732
- https://bugzilla.suse.com/show_bug.cgi?id=1225749
- https://bugzilla.suse.com/show_bug.cgi?id=1225840
- https://bugzilla.suse.com/show_bug.cgi?id=1225866
- https://bugzilla.suse.com/show_bug.cgi?id=1226563
- https://bugzilla.suse.com/show_bug.cgi?id=1226587
- https://bugzilla.suse.com/show_bug.cgi?id=1226595
- https://bugzilla.suse.com/show_bug.cgi?id=1226670
- https://bugzilla.suse.com/show_bug.cgi?id=1226672
- https://bugzilla.suse.com/show_bug.cgi?id=1226712
- https://bugzilla.suse.com/show_bug.cgi?id=1226732
- https://bugzilla.suse.com/show_bug.cgi?id=1226758
- https://bugzilla.suse.com/show_bug.cgi?id=1226786
- https://bugzilla.suse.com/show_bug.cgi?id=1226962