Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:3499-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2022-0854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2022-0854 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2022-20368 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-20368 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-28748 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2022-2964 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-2964 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48686 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48686 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48802 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-48805 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48839 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-48839 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-48853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-48853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2022-48872 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48872 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48873 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48873 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48901 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-48901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-48912 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48912 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48919 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2022-48919 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48919 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-48925 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-48925 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1582 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-1582 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-52854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-26583 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-26583 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-26584 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-26584 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-26800 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-41011 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-41011 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-41062 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2024-41062 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-42077 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-42077 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-42232 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-42271 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2024-42271 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-42271 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-43882 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-43882 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-43883 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2024-43883 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-44947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
  • CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
  • SUSE Linux Enterprise High Availability Extension 15 SP2
  • SUSE Linux Enterprise High Performance Computing 15 SP2
  • SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  • SUSE Linux Enterprise Live Patching 15-SP2
  • SUSE Linux Enterprise Server 15 SP2
  • SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2
  • SUSE Manager Proxy 4.1
  • SUSE Manager Retail Branch Server 4.1
  • SUSE Manager Server 4.1

An update that solves 31 vulnerabilities and has three security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
  • CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
  • CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
  • CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
  • CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
  • CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
  • CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
  • CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
  • CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
  • CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
  • CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).
  • CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
  • CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
  • CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948).

The following non-security bugs were fixed:

  • Bluetooth: L2CAP: Fix deadlock (git-fixes).
  • powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).
  • sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109).
  • scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002)

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Live Patching 15-SP2
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3499=1
  • SUSE Linux Enterprise High Availability Extension 15 SP2
    zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-3499=1
  • SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3499=1
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3499=1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3499=1

Package List:

  • SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
    • kernel-default-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
    • kernel-default-livepatch-devel-5.3.18-150200.24.203.1
    • kernel-default-debuginfo-5.3.18-150200.24.203.1
    • kernel-livepatch-SLE15-SP2_Update_52-debugsource-1-150200.5.3.1
    • kernel-livepatch-5_3_18-150200_24_203-default-1-150200.5.3.1
    • kernel-livepatch-5_3_18-150200_24_203-default-debuginfo-1-150200.5.3.1
    • kernel-default-debugsource-5.3.18-150200.24.203.1
    • kernel-default-livepatch-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
    • dlm-kmp-default-debuginfo-5.3.18-150200.24.203.1
    • ocfs2-kmp-default-debuginfo-5.3.18-150200.24.203.1
    • kernel-default-debuginfo-5.3.18-150200.24.203.1
    • dlm-kmp-default-5.3.18-150200.24.203.1
    • kernel-default-debugsource-5.3.18-150200.24.203.1
    • gfs2-kmp-default-5.3.18-150200.24.203.1
    • cluster-md-kmp-default-5.3.18-150200.24.203.1
    • ocfs2-kmp-default-5.3.18-150200.24.203.1
    • cluster-md-kmp-default-debuginfo-5.3.18-150200.24.203.1
    • gfs2-kmp-default-debuginfo-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
    • kernel-default-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
    • kernel-preempt-5.3.18-150200.24.203.1
    • kernel-default-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
    • kernel-preempt-devel-debuginfo-5.3.18-150200.24.203.1
    • kernel-default-devel-debuginfo-5.3.18-150200.24.203.1
    • kernel-default-debuginfo-5.3.18-150200.24.203.1
    • kernel-preempt-debuginfo-5.3.18-150200.24.203.1
    • kernel-preempt-debugsource-5.3.18-150200.24.203.1
    • kernel-default-base-5.3.18-150200.24.203.1.150200.9.105.1
    • kernel-preempt-devel-5.3.18-150200.24.203.1
    • kernel-syms-5.3.18-150200.24.203.1
    • kernel-obs-build-5.3.18-150200.24.203.1
    • kernel-default-devel-5.3.18-150200.24.203.1
    • kernel-default-debugsource-5.3.18-150200.24.203.1
    • kernel-obs-build-debugsource-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
    • kernel-source-5.3.18-150200.24.203.1
    • kernel-devel-5.3.18-150200.24.203.1
    • kernel-macros-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc)
    • kernel-docs-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc)
    • kernel-default-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64)
    • kernel-default-devel-debuginfo-5.3.18-150200.24.203.1
    • kernel-default-debuginfo-5.3.18-150200.24.203.1
    • kernel-default-base-5.3.18-150200.24.203.1.150200.9.105.1
    • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.203.1
    • reiserfs-kmp-default-5.3.18-150200.24.203.1
    • kernel-syms-5.3.18-150200.24.203.1
    • kernel-obs-build-5.3.18-150200.24.203.1
    • kernel-default-devel-5.3.18-150200.24.203.1
    • kernel-default-debugsource-5.3.18-150200.24.203.1
    • kernel-obs-build-debugsource-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
    • kernel-source-5.3.18-150200.24.203.1
    • kernel-devel-5.3.18-150200.24.203.1
    • kernel-macros-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc)
    • kernel-docs-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
    • kernel-preempt-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
    • kernel-preempt-debuginfo-5.3.18-150200.24.203.1
    • kernel-preempt-debugsource-5.3.18-150200.24.203.1
    • kernel-preempt-devel-debuginfo-5.3.18-150200.24.203.1
    • kernel-preempt-devel-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64)
    • kernel-default-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
    • kernel-default-devel-debuginfo-5.3.18-150200.24.203.1
    • kernel-default-debuginfo-5.3.18-150200.24.203.1
    • kernel-default-base-5.3.18-150200.24.203.1.150200.9.105.1
    • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.203.1
    • reiserfs-kmp-default-5.3.18-150200.24.203.1
    • kernel-syms-5.3.18-150200.24.203.1
    • kernel-obs-build-5.3.18-150200.24.203.1
    • kernel-default-devel-5.3.18-150200.24.203.1
    • kernel-default-debugsource-5.3.18-150200.24.203.1
    • kernel-obs-build-debugsource-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
    • kernel-source-5.3.18-150200.24.203.1
    • kernel-devel-5.3.18-150200.24.203.1
    • kernel-macros-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc)
    • kernel-docs-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64)
    • kernel-preempt-5.3.18-150200.24.203.1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
    • kernel-preempt-debuginfo-5.3.18-150200.24.203.1
    • kernel-preempt-debugsource-5.3.18-150200.24.203.1
    • kernel-preempt-devel-debuginfo-5.3.18-150200.24.203.1
    • kernel-preempt-devel-5.3.18-150200.24.203.1

References: