Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2024:3499-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: |
|
CVSS scores: |
|
Affected Products: |
|
An update that solves 31 vulnerabilities and has three security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
- CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
- CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948).
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109).
- scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002)
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Live Patching 15-SP2
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3499=1
-
SUSE Linux Enterprise High Availability Extension 15 SP2
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-3499=1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3499=1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3499=1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3499=1
Package List:
-
SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
- kernel-default-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
- kernel-default-livepatch-devel-5.3.18-150200.24.203.1
- kernel-default-debuginfo-5.3.18-150200.24.203.1
- kernel-livepatch-SLE15-SP2_Update_52-debugsource-1-150200.5.3.1
- kernel-livepatch-5_3_18-150200_24_203-default-1-150200.5.3.1
- kernel-livepatch-5_3_18-150200_24_203-default-debuginfo-1-150200.5.3.1
- kernel-default-debugsource-5.3.18-150200.24.203.1
- kernel-default-livepatch-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
- dlm-kmp-default-debuginfo-5.3.18-150200.24.203.1
- ocfs2-kmp-default-debuginfo-5.3.18-150200.24.203.1
- kernel-default-debuginfo-5.3.18-150200.24.203.1
- dlm-kmp-default-5.3.18-150200.24.203.1
- kernel-default-debugsource-5.3.18-150200.24.203.1
- gfs2-kmp-default-5.3.18-150200.24.203.1
- cluster-md-kmp-default-5.3.18-150200.24.203.1
- ocfs2-kmp-default-5.3.18-150200.24.203.1
- cluster-md-kmp-default-debuginfo-5.3.18-150200.24.203.1
- gfs2-kmp-default-debuginfo-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
- kernel-default-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.203.1
- kernel-default-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.203.1
- kernel-default-devel-debuginfo-5.3.18-150200.24.203.1
- kernel-default-debuginfo-5.3.18-150200.24.203.1
- kernel-preempt-debuginfo-5.3.18-150200.24.203.1
- kernel-preempt-debugsource-5.3.18-150200.24.203.1
- kernel-default-base-5.3.18-150200.24.203.1.150200.9.105.1
- kernel-preempt-devel-5.3.18-150200.24.203.1
- kernel-syms-5.3.18-150200.24.203.1
- kernel-obs-build-5.3.18-150200.24.203.1
- kernel-default-devel-5.3.18-150200.24.203.1
- kernel-default-debugsource-5.3.18-150200.24.203.1
- kernel-obs-build-debugsource-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
- kernel-source-5.3.18-150200.24.203.1
- kernel-devel-5.3.18-150200.24.203.1
- kernel-macros-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64)
- kernel-default-devel-debuginfo-5.3.18-150200.24.203.1
- kernel-default-debuginfo-5.3.18-150200.24.203.1
- kernel-default-base-5.3.18-150200.24.203.1.150200.9.105.1
- reiserfs-kmp-default-debuginfo-5.3.18-150200.24.203.1
- reiserfs-kmp-default-5.3.18-150200.24.203.1
- kernel-syms-5.3.18-150200.24.203.1
- kernel-obs-build-5.3.18-150200.24.203.1
- kernel-default-devel-5.3.18-150200.24.203.1
- kernel-default-debugsource-5.3.18-150200.24.203.1
- kernel-obs-build-debugsource-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
- kernel-source-5.3.18-150200.24.203.1
- kernel-devel-5.3.18-150200.24.203.1
- kernel-macros-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
- kernel-preempt-debuginfo-5.3.18-150200.24.203.1
- kernel-preempt-debugsource-5.3.18-150200.24.203.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.203.1
- kernel-preempt-devel-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64)
- kernel-default-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
- kernel-default-devel-debuginfo-5.3.18-150200.24.203.1
- kernel-default-debuginfo-5.3.18-150200.24.203.1
- kernel-default-base-5.3.18-150200.24.203.1.150200.9.105.1
- reiserfs-kmp-default-debuginfo-5.3.18-150200.24.203.1
- reiserfs-kmp-default-5.3.18-150200.24.203.1
- kernel-syms-5.3.18-150200.24.203.1
- kernel-obs-build-5.3.18-150200.24.203.1
- kernel-default-devel-5.3.18-150200.24.203.1
- kernel-default-debugsource-5.3.18-150200.24.203.1
- kernel-obs-build-debugsource-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
- kernel-source-5.3.18-150200.24.203.1
- kernel-devel-5.3.18-150200.24.203.1
- kernel-macros-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.203.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
- kernel-preempt-debuginfo-5.3.18-150200.24.203.1
- kernel-preempt-debugsource-5.3.18-150200.24.203.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.203.1
- kernel-preempt-devel-5.3.18-150200.24.203.1
References:
- https://www.suse.com/security/cve/CVE-2022-0854.html
- https://www.suse.com/security/cve/CVE-2022-20368.html
- https://www.suse.com/security/cve/CVE-2022-28748.html
- https://www.suse.com/security/cve/CVE-2022-2964.html
- https://www.suse.com/security/cve/CVE-2022-48686.html
- https://www.suse.com/security/cve/CVE-2022-48791.html
- https://www.suse.com/security/cve/CVE-2022-48802.html
- https://www.suse.com/security/cve/CVE-2022-48805.html
- https://www.suse.com/security/cve/CVE-2022-48839.html
- https://www.suse.com/security/cve/CVE-2022-48853.html
- https://www.suse.com/security/cve/CVE-2022-48872.html
- https://www.suse.com/security/cve/CVE-2022-48873.html
- https://www.suse.com/security/cve/CVE-2022-48901.html
- https://www.suse.com/security/cve/CVE-2022-48912.html
- https://www.suse.com/security/cve/CVE-2022-48919.html
- https://www.suse.com/security/cve/CVE-2022-48925.html
- https://www.suse.com/security/cve/CVE-2023-1582.html
- https://www.suse.com/security/cve/CVE-2023-2176.html
- https://www.suse.com/security/cve/CVE-2023-52854.html
- https://www.suse.com/security/cve/CVE-2024-26583.html
- https://www.suse.com/security/cve/CVE-2024-26584.html
- https://www.suse.com/security/cve/CVE-2024-26800.html
- https://www.suse.com/security/cve/CVE-2024-41011.html
- https://www.suse.com/security/cve/CVE-2024-41062.html
- https://www.suse.com/security/cve/CVE-2024-42077.html
- https://www.suse.com/security/cve/CVE-2024-42232.html
- https://www.suse.com/security/cve/CVE-2024-42271.html
- https://www.suse.com/security/cve/CVE-2024-43861.html
- https://www.suse.com/security/cve/CVE-2024-43882.html
- https://www.suse.com/security/cve/CVE-2024-43883.html
- https://www.suse.com/security/cve/CVE-2024-44947.html
- https://bugzilla.suse.com/show_bug.cgi?id=1196018
- https://bugzilla.suse.com/show_bug.cgi?id=1196823
- https://bugzilla.suse.com/show_bug.cgi?id=1202346
- https://bugzilla.suse.com/show_bug.cgi?id=1209636
- https://bugzilla.suse.com/show_bug.cgi?id=1209799
- https://bugzilla.suse.com/show_bug.cgi?id=1210629
- https://bugzilla.suse.com/show_bug.cgi?id=1216834
- https://bugzilla.suse.com/show_bug.cgi?id=1220185
- https://bugzilla.suse.com/show_bug.cgi?id=1220186
- https://bugzilla.suse.com/show_bug.cgi?id=1222251
- https://bugzilla.suse.com/show_bug.cgi?id=1222728
- https://bugzilla.suse.com/show_bug.cgi?id=1223948
- https://bugzilla.suse.com/show_bug.cgi?id=1225109
- https://bugzilla.suse.com/show_bug.cgi?id=1225584
- https://bugzilla.suse.com/show_bug.cgi?id=1227942
- https://bugzilla.suse.com/show_bug.cgi?id=1227969
- https://bugzilla.suse.com/show_bug.cgi?id=1227985
- https://bugzilla.suse.com/show_bug.cgi?id=1228002
- https://bugzilla.suse.com/show_bug.cgi?id=1228015
- https://bugzilla.suse.com/show_bug.cgi?id=1228114
- https://bugzilla.suse.com/show_bug.cgi?id=1228516
- https://bugzilla.suse.com/show_bug.cgi?id=1228576
- https://bugzilla.suse.com/show_bug.cgi?id=1228959
- https://bugzilla.suse.com/show_bug.cgi?id=1229400
- https://bugzilla.suse.com/show_bug.cgi?id=1229454
- https://bugzilla.suse.com/show_bug.cgi?id=1229500
- https://bugzilla.suse.com/show_bug.cgi?id=1229503
- https://bugzilla.suse.com/show_bug.cgi?id=1229510
- https://bugzilla.suse.com/show_bug.cgi?id=1229512
- https://bugzilla.suse.com/show_bug.cgi?id=1229607
- https://bugzilla.suse.com/show_bug.cgi?id=1229630
- https://bugzilla.suse.com/show_bug.cgi?id=1229641
- https://bugzilla.suse.com/show_bug.cgi?id=1229657
- https://bugzilla.suse.com/show_bug.cgi?id=1229707