Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2024:4388-1
Release Date:	2024-12-19T18:32:09Z
Rating:	important
References:	bsc#1218644 bsc#1220927 bsc#1232224 bsc#1232436 bsc#1232860 bsc#1232907 bsc#1232919 bsc#1232928 bsc#1233070 bsc#1233117 bsc#1233293 bsc#1233453 bsc#1233456 bsc#1233468 bsc#1233479 bsc#1233490 bsc#1233491 bsc#1233555 bsc#1233557
Cross-References:	CVE-2023-52524 CVE-2024-49925 CVE-2024-50089 CVE-2024-50115 CVE-2024-50125 CVE-2024-50127 CVE-2024-50154 CVE-2024-50205 CVE-2024-50208 CVE-2024-50264 CVE-2024-50267 CVE-2024-50279 CVE-2024-50290 CVE-2024-50301 CVE-2024-50302 CVE-2024-53061 CVE-2024-53063 CVE-2024-53142
CVSS scores:	CVE-2023-52524 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-49925 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-49925 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2024-49925 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-50089 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-50089 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-50089 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-50115 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H CVE-2024-50115 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H CVE-2024-50115 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50125 ( SUSE ): 7.5 CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-50125 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50125 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50125 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50127 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-50127 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50154 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-50154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50154 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50205 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-50205 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2024-50205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-50208 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50267 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50267 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50267 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50279 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2024-50279 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50290 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50301 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50301 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50302 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50302 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-53061 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53061 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53063 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2024-53063 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-53142 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2024-53142 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS SUSE Linux Enterprise Live Patching 15-SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux SUSE Linux Enterprise Server 15 SP2 LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 18 vulnerabilities and has one security fix can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
• CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
• CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
• CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
• CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
• CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
• CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
• CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
• CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
• CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
• CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
• CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
• CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
• CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
• CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
• CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
• CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).

The following non-security bugs were fixed:

• Update config files (bsc#1218644).
• initramfs: avoid filename buffer overrun (bsc#1232436).
• kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
• rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15-SP2
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-4388=1
• SUSE Linux Enterprise High Availability Extension 15 SP2
  zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-4388=1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4388=1
• SUSE Linux Enterprise Server 15 SP2 LTSS
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4388=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4388=1

Package List:

• SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
  • kernel-livepatch-5_3_18-150200_24_212-default-1-150200.5.3.1
  • kernel-livepatch-5_3_18-150200_24_212-default-debuginfo-1-150200.5.3.1
  • kernel-default-livepatch-devel-5.3.18-150200.24.212.1
  • kernel-default-livepatch-5.3.18-150200.24.212.1
  • kernel-livepatch-SLE15-SP2_Update_55-debugsource-1-150200.5.3.1
  • kernel-default-debuginfo-5.3.18-150200.24.212.1
  • kernel-default-debugsource-5.3.18-150200.24.212.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
  • kernel-default-debugsource-5.3.18-150200.24.212.1
  • cluster-md-kmp-default-5.3.18-150200.24.212.1
  • cluster-md-kmp-default-debuginfo-5.3.18-150200.24.212.1
  • ocfs2-kmp-default-debuginfo-5.3.18-150200.24.212.1
  • ocfs2-kmp-default-5.3.18-150200.24.212.1
  • gfs2-kmp-default-5.3.18-150200.24.212.1
  • kernel-default-debuginfo-5.3.18-150200.24.212.1
  • dlm-kmp-default-5.3.18-150200.24.212.1
  • dlm-kmp-default-debuginfo-5.3.18-150200.24.212.1
  • gfs2-kmp-default-debuginfo-5.3.18-150200.24.212.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.212.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.212.1
  • kernel-default-5.3.18-150200.24.212.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (aarch64 x86_64)
  • kernel-preempt-debugsource-5.3.18-150200.24.212.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.212.1
  • kernel-preempt-devel-5.3.18-150200.24.212.1
  • kernel-default-base-5.3.18-150200.24.212.1.150200.9.111.1
  • kernel-default-debuginfo-5.3.18-150200.24.212.1
  • kernel-default-debugsource-5.3.18-150200.24.212.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.212.1
  • kernel-syms-5.3.18-150200.24.212.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.212.1
  • kernel-obs-build-5.3.18-150200.24.212.1
  • kernel-default-devel-5.3.18-150200.24.212.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.212.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (noarch)
  • kernel-devel-5.3.18-150200.24.212.1
  • kernel-macros-5.3.18-150200.24.212.1
  • kernel-source-5.3.18-150200.24.212.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 ppc64le s390x x86_64)
  • reiserfs-kmp-default-5.3.18-150200.24.212.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.212.1
  • kernel-default-base-5.3.18-150200.24.212.1.150200.9.111.1
  • kernel-default-debuginfo-5.3.18-150200.24.212.1
  • kernel-default-debugsource-5.3.18-150200.24.212.1
  • kernel-syms-5.3.18-150200.24.212.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.212.1
  • kernel-obs-build-5.3.18-150200.24.212.1
  • kernel-default-devel-5.3.18-150200.24.212.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Server 15 SP2 LTSS (noarch)
  • kernel-devel-5.3.18-150200.24.212.1
  • kernel-macros-5.3.18-150200.24.212.1
  • kernel-source-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Server 15 SP2 LTSS (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 x86_64)
  • kernel-preempt-debugsource-5.3.18-150200.24.212.1
  • kernel-preempt-devel-5.3.18-150200.24.212.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.212.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64)
  • kernel-default-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
  • reiserfs-kmp-default-5.3.18-150200.24.212.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.212.1
  • kernel-default-base-5.3.18-150200.24.212.1.150200.9.111.1
  • kernel-default-debuginfo-5.3.18-150200.24.212.1
  • kernel-default-debugsource-5.3.18-150200.24.212.1
  • kernel-syms-5.3.18-150200.24.212.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.212.1
  • kernel-obs-build-5.3.18-150200.24.212.1
  • kernel-default-devel-5.3.18-150200.24.212.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.212.1
  • kernel-macros-5.3.18-150200.24.212.1
  • kernel-source-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.212.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
  • kernel-preempt-debugsource-5.3.18-150200.24.212.1
  • kernel-preempt-devel-5.3.18-150200.24.212.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.212.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.212.1

References:

• https://www.suse.com/security/cve/CVE-2023-52524.html
• https://www.suse.com/security/cve/CVE-2024-49925.html
• https://www.suse.com/security/cve/CVE-2024-50089.html
• https://www.suse.com/security/cve/CVE-2024-50115.html
• https://www.suse.com/security/cve/CVE-2024-50125.html
• https://www.suse.com/security/cve/CVE-2024-50127.html
• https://www.suse.com/security/cve/CVE-2024-50154.html
• https://www.suse.com/security/cve/CVE-2024-50205.html
• https://www.suse.com/security/cve/CVE-2024-50208.html
• https://www.suse.com/security/cve/CVE-2024-50264.html
• https://www.suse.com/security/cve/CVE-2024-50267.html
• https://www.suse.com/security/cve/CVE-2024-50279.html
• https://www.suse.com/security/cve/CVE-2024-50290.html
• https://www.suse.com/security/cve/CVE-2024-50301.html
• https://www.suse.com/security/cve/CVE-2024-50302.html
• https://www.suse.com/security/cve/CVE-2024-53061.html
• https://www.suse.com/security/cve/CVE-2024-53063.html
• https://www.suse.com/security/cve/CVE-2024-53142.html
• https://bugzilla.suse.com/show_bug.cgi?id=1218644
• https://bugzilla.suse.com/show_bug.cgi?id=1220927
• https://bugzilla.suse.com/show_bug.cgi?id=1232224
• https://bugzilla.suse.com/show_bug.cgi?id=1232436
• https://bugzilla.suse.com/show_bug.cgi?id=1232860
• https://bugzilla.suse.com/show_bug.cgi?id=1232907
• https://bugzilla.suse.com/show_bug.cgi?id=1232919
• https://bugzilla.suse.com/show_bug.cgi?id=1232928
• https://bugzilla.suse.com/show_bug.cgi?id=1233070
• https://bugzilla.suse.com/show_bug.cgi?id=1233117
• https://bugzilla.suse.com/show_bug.cgi?id=1233293
• https://bugzilla.suse.com/show_bug.cgi?id=1233453
• https://bugzilla.suse.com/show_bug.cgi?id=1233456
• https://bugzilla.suse.com/show_bug.cgi?id=1233468
• https://bugzilla.suse.com/show_bug.cgi?id=1233479
• https://bugzilla.suse.com/show_bug.cgi?id=1233490
• https://bugzilla.suse.com/show_bug.cgi?id=1233491
• https://bugzilla.suse.com/show_bug.cgi?id=1233555
• https://bugzilla.suse.com/show_bug.cgi?id=1233557