Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2024:3499-1
Rating:	important
References:	bsc#1196018 bsc#1196823 bsc#1202346 bsc#1209636 bsc#1209799 bsc#1210629 bsc#1216834 bsc#1220185 bsc#1220186 bsc#1222251 bsc#1222728 bsc#1223948 bsc#1225109 bsc#1225584 bsc#1227942 bsc#1227969 bsc#1227985 bsc#1228002 bsc#1228015 bsc#1228114 bsc#1228516 bsc#1228576 bsc#1228959 bsc#1229400 bsc#1229454 bsc#1229500 bsc#1229503 bsc#1229510 bsc#1229512 bsc#1229607 bsc#1229630 bsc#1229641 bsc#1229657 bsc#1229707
Cross-References:	CVE-2022-0854 CVE-2022-20368 CVE-2022-28748 CVE-2022-2964 CVE-2022-48686 CVE-2022-48791 CVE-2022-48802 CVE-2022-48805 CVE-2022-48839 CVE-2022-48853 CVE-2022-48872 CVE-2022-48873 CVE-2022-48901 CVE-2022-48912 CVE-2022-48919 CVE-2022-48925 CVE-2023-1582 CVE-2023-2176 CVE-2023-52854 CVE-2024-26583 CVE-2024-26584 CVE-2024-26800 CVE-2024-41011 CVE-2024-41062 CVE-2024-42077 CVE-2024-42232 CVE-2024-42271 CVE-2024-43861 CVE-2024-43882 CVE-2024-43883 CVE-2024-44947
CVSS scores:	CVE-2022-0854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0854 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-20368 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20368 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28748 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48686 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48686 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48802 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48805 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48839 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48839 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-48872 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48872 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48873 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48873 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48901 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48912 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48912 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48919 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-48919 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-48919 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48925 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48925 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-1582 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-1582 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26583 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-26583 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26584 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26584 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26800 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-41011 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-41011 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-41062 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-41062 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-42077 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-42077 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-42232 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-42271 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-42271 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-42271 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-43882 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-43882 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-43883 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-43883 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2024-44947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Live Patching 15-SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 31 vulnerabilities and has three security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).
CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948).

The following non-security bugs were fixed:

Bluetooth: L2CAP: Fix deadlock (git-fixes).
powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).
sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109).
scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002)

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Live Patching 15-SP2
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3499=1
SUSE Linux Enterprise High Availability Extension 15 SP2
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-3499=1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3499=1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3499=1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3499=1

Package List:

SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
- kernel-default-5.3.18-150200.24.203.1
SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
- kernel-default-livepatch-devel-5.3.18-150200.24.203.1
- kernel-default-debuginfo-5.3.18-150200.24.203.1
- kernel-livepatch-SLE15-SP2_Update_52-debugsource-1-150200.5.3.1
- kernel-livepatch-5_3_18-150200_24_203-default-1-150200.5.3.1
- kernel-livepatch-5_3_18-150200_24_203-default-debuginfo-1-150200.5.3.1
- kernel-default-debugsource-5.3.18-150200.24.203.1
- kernel-default-livepatch-5.3.18-150200.24.203.1
SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
- dlm-kmp-default-debuginfo-5.3.18-150200.24.203.1
- ocfs2-kmp-default-debuginfo-5.3.18-150200.24.203.1
- kernel-default-debuginfo-5.3.18-150200.24.203.1
- dlm-kmp-default-5.3.18-150200.24.203.1
- kernel-default-debugsource-5.3.18-150200.24.203.1
- gfs2-kmp-default-5.3.18-150200.24.203.1
- cluster-md-kmp-default-5.3.18-150200.24.203.1
- ocfs2-kmp-default-5.3.18-150200.24.203.1
- cluster-md-kmp-default-debuginfo-5.3.18-150200.24.203.1
- gfs2-kmp-default-debuginfo-5.3.18-150200.24.203.1
SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
- kernel-default-5.3.18-150200.24.203.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.203.1
- kernel-default-5.3.18-150200.24.203.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.203.1
- kernel-default-devel-debuginfo-5.3.18-150200.24.203.1
- kernel-default-debuginfo-5.3.18-150200.24.203.1
- kernel-preempt-debuginfo-5.3.18-150200.24.203.1
- kernel-preempt-debugsource-5.3.18-150200.24.203.1
- kernel-default-base-5.3.18-150200.24.203.1.150200.9.105.1
- kernel-preempt-devel-5.3.18-150200.24.203.1
- kernel-syms-5.3.18-150200.24.203.1
- kernel-obs-build-5.3.18-150200.24.203.1
- kernel-default-devel-5.3.18-150200.24.203.1
- kernel-default-debugsource-5.3.18-150200.24.203.1
- kernel-obs-build-debugsource-5.3.18-150200.24.203.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
- kernel-source-5.3.18-150200.24.203.1
- kernel-devel-5.3.18-150200.24.203.1
- kernel-macros-5.3.18-150200.24.203.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.203.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-5.3.18-150200.24.203.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64)
- kernel-default-devel-debuginfo-5.3.18-150200.24.203.1
- kernel-default-debuginfo-5.3.18-150200.24.203.1
- kernel-default-base-5.3.18-150200.24.203.1.150200.9.105.1
- reiserfs-kmp-default-debuginfo-5.3.18-150200.24.203.1
- reiserfs-kmp-default-5.3.18-150200.24.203.1
- kernel-syms-5.3.18-150200.24.203.1
- kernel-obs-build-5.3.18-150200.24.203.1
- kernel-default-devel-5.3.18-150200.24.203.1
- kernel-default-debugsource-5.3.18-150200.24.203.1
- kernel-obs-build-debugsource-5.3.18-150200.24.203.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
- kernel-source-5.3.18-150200.24.203.1
- kernel-devel-5.3.18-150200.24.203.1
- kernel-macros-5.3.18-150200.24.203.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.203.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.203.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
- kernel-preempt-debuginfo-5.3.18-150200.24.203.1
- kernel-preempt-debugsource-5.3.18-150200.24.203.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.203.1
- kernel-preempt-devel-5.3.18-150200.24.203.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64)
- kernel-default-5.3.18-150200.24.203.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
- kernel-default-devel-debuginfo-5.3.18-150200.24.203.1
- kernel-default-debuginfo-5.3.18-150200.24.203.1
- kernel-default-base-5.3.18-150200.24.203.1.150200.9.105.1
- reiserfs-kmp-default-debuginfo-5.3.18-150200.24.203.1
- reiserfs-kmp-default-5.3.18-150200.24.203.1
- kernel-syms-5.3.18-150200.24.203.1
- kernel-obs-build-5.3.18-150200.24.203.1
- kernel-default-devel-5.3.18-150200.24.203.1
- kernel-default-debugsource-5.3.18-150200.24.203.1
- kernel-obs-build-debugsource-5.3.18-150200.24.203.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
- kernel-source-5.3.18-150200.24.203.1
- kernel-devel-5.3.18-150200.24.203.1
- kernel-macros-5.3.18-150200.24.203.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.203.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.203.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
- kernel-preempt-debuginfo-5.3.18-150200.24.203.1
- kernel-preempt-debugsource-5.3.18-150200.24.203.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.203.1
- kernel-preempt-devel-5.3.18-150200.24.203.1

Security update for the Linux Kernel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: