SUSE-CU-2024:3247-1: Security update of bci/bci-sle15-kernel-module-devel
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Jul 23 07:06:14 UTC 2024
SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:3247-1
Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.17.15 , bci/bci-sle15-kernel-module-devel:latest
Container Release : 17.15
Severity : important
Type : security
References : 1186716 1195775 1204562 1209834 1217481 1217912 1218442 1219224
1219478 1219596 1219633 1219847 1219953 1221086 1221777 1221958
1222011 1222015 1222080 1222241 1222380 1222588 1222617 1222619
1222809 1222810 1223018 1223265 1224049 1224187 1224439 1224497
1224498 1224515 1224520 1224523 1224539 1224540 1224549 1224572
1224575 1224583 1224584 1224606 1224612 1224614 1224619 1224655
1224659 1224661 1224662 1224670 1224673 1224698 1224735 1224751
1224759 1224928 1224930 1224932 1224933 1224935 1224937 1224939
1224941 1224944 1224946 1224947 1224949 1224951 1224988 1224992
1224998 1225000 1225001 1225004 1225006 1225008 1225009 1225014
1225015 1225022 1225025 1225028 1225029 1225031 1225036 1225041
1225044 1225049 1225050 1225076 1225077 1225078 1225081 1225085
1225086 1225090 1225092 1225096 1225097 1225098 1225101 1225103
1225104 1225105 1225106 1225108 1225120 1225132 1225180 1225300
1225391 1225472 1225475 1225476 1225477 1225478 1225485 1225490
1225527 1225529 1225530 1225532 1225534 1225548 1225550 1225553
1225554 1225555 1225556 1225557 1225559 1225560 1225564 1225565
1225566 1225568 1225569 1225570 1225571 1225572 1225573 1225577
1225581 1225583 1225584 1225585 1225586 1225587 1225588 1225589
1225590 1225591 1225592 1225594 1225595 1225599 1225602 1225605
1225609 1225611 1225681 1225702 1225723 1225726 1225731 1225732
1225737 1225741 1225758 1225759 1225760 1225761 1225762 1225763
1225767 1225770 1225815 1225820 1225823 1225827 1225834 1225866
1225872 1225898 1225903 1226022 1226131 1226145 1226149 1226155
1226158 1226163 1226211 1226212 1226226 1226457 1226503 1226513
1226514 1226520 1226582 1226587 1226588 1226592 1226593 1226594
1226595 1226597 1226607 1226608 1226610 1226612 1226613 1226630
1226632 1226633 1226634 1226637 1226657 1226658 1226734 1226735
1226737 1226738 1226739 1226740 1226741 1226742 1226744 1226746
1226747 1226749 1226754 1226758 1226760 1226761 1226764 1226767
1226768 1226769 1226771 1226772 1226774 1226775 1226776 1226777
1226780 1226781 1226786 1226788 1226789 1226790 1226791 1226796
1226799 1226837 1226839 1226840 1226841 1226842 1226844 1226848
1226852 1226856 1226857 1226859 1226861 1226863 1226864 1226867
1226868 1226875 1226876 1226878 1226879 1226886 1226890 1226891
1226894 1226895 1226905 1226908 1226909 1226911 1226928 1226934
1226938 1226939 1226941 1226948 1226949 1226950 1226962 1226976
1226989 1226990 1226992 1226994 1226995 1226996 1227066 1227072
1227085 1227089 1227090 1227096 1227101 1227190 CVE-2021-47432
CVE-2022-48772 CVE-2023-52622 CVE-2023-52656 CVE-2023-52672 CVE-2023-52699
CVE-2023-52735 CVE-2023-52749 CVE-2023-52750 CVE-2023-52753 CVE-2023-52754
CVE-2023-52757 CVE-2023-52759 CVE-2023-52762 CVE-2023-52763 CVE-2023-52764
CVE-2023-52765 CVE-2023-52766 CVE-2023-52767 CVE-2023-52768 CVE-2023-52769
CVE-2023-52773 CVE-2023-52774 CVE-2023-52776 CVE-2023-52777 CVE-2023-52780
CVE-2023-52781 CVE-2023-52782 CVE-2023-52783 CVE-2023-52784 CVE-2023-52786
CVE-2023-52787 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52792
CVE-2023-52794 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799
CVE-2023-52800 CVE-2023-52801 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805
CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810
CVE-2023-52811 CVE-2023-52812 CVE-2023-52813 CVE-2023-52814 CVE-2023-52815
CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821
CVE-2023-52825 CVE-2023-52826 CVE-2023-52827 CVE-2023-52829 CVE-2023-52832
CVE-2023-52833 CVE-2023-52834 CVE-2023-52835 CVE-2023-52836 CVE-2023-52837
CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52842 CVE-2023-52843
CVE-2023-52844 CVE-2023-52845 CVE-2023-52846 CVE-2023-52847 CVE-2023-52849
CVE-2023-52850 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855
CVE-2023-52856 CVE-2023-52857 CVE-2023-52858 CVE-2023-52861 CVE-2023-52862
CVE-2023-52863 CVE-2023-52864 CVE-2023-52865 CVE-2023-52866 CVE-2023-52867
CVE-2023-52868 CVE-2023-52869 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872
CVE-2023-52873 CVE-2023-52874 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877
CVE-2023-52878 CVE-2023-52879 CVE-2023-52880 CVE-2023-52881 CVE-2023-52883
CVE-2023-52884 CVE-2024-26482 CVE-2024-26625 CVE-2024-26676 CVE-2024-26750
CVE-2024-26758 CVE-2024-26767 CVE-2024-26780 CVE-2024-26813 CVE-2024-26814
CVE-2024-26845 CVE-2024-26889 CVE-2024-26920 CVE-2024-27414 CVE-2024-27419
CVE-2024-33619 CVE-2024-34777 CVE-2024-35247 CVE-2024-35807 CVE-2024-35827
CVE-2024-35831 CVE-2024-35843 CVE-2024-35848 CVE-2024-35857 CVE-2024-35880
CVE-2024-35884 CVE-2024-35886 CVE-2024-35892 CVE-2024-35896 CVE-2024-35898
CVE-2024-35900 CVE-2024-35925 CVE-2024-35926 CVE-2024-35957 CVE-2024-35962
CVE-2024-35970 CVE-2024-35976 CVE-2024-35979 CVE-2024-35998 CVE-2024-36005
CVE-2024-36008 CVE-2024-36010 CVE-2024-36017 CVE-2024-36024 CVE-2024-36281
CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36882 CVE-2024-36887
CVE-2024-36899 CVE-2024-36900 CVE-2024-36903 CVE-2024-36904 CVE-2024-36915
CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36923 CVE-2024-36924
CVE-2024-36926 CVE-2024-36934 CVE-2024-36935 CVE-2024-36937 CVE-2024-36938
CVE-2024-36945 CVE-2024-36952 CVE-2024-36957 CVE-2024-36960 CVE-2024-36962
CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971
CVE-2024-36972 CVE-2024-36973 CVE-2024-36975 CVE-2024-36977 CVE-2024-36978
CVE-2024-37021 CVE-2024-37078 CVE-2024-37353 CVE-2024-37354 CVE-2024-38381
CVE-2024-38384 CVE-2024-38385 CVE-2024-38388 CVE-2024-38390 CVE-2024-38391
CVE-2024-38539 CVE-2024-38540 CVE-2024-38541 CVE-2024-38543 CVE-2024-38544
CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549
CVE-2024-38550 CVE-2024-38551 CVE-2024-38552 CVE-2024-38553 CVE-2024-38554
CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38559 CVE-2024-38560
CVE-2024-38562 CVE-2024-38564 CVE-2024-38565 CVE-2024-38566 CVE-2024-38567
CVE-2024-38568 CVE-2024-38569 CVE-2024-38570 CVE-2024-38571 CVE-2024-38572
CVE-2024-38573 CVE-2024-38575 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580
CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38587 CVE-2024-38588
CVE-2024-38590 CVE-2024-38591 CVE-2024-38592 CVE-2024-38594 CVE-2024-38595
CVE-2024-38597 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38602
CVE-2024-38603 CVE-2024-38605 CVE-2024-38608 CVE-2024-38610 CVE-2024-38611
CVE-2024-38615 CVE-2024-38616 CVE-2024-38617 CVE-2024-38618 CVE-2024-38619
CVE-2024-38621 CVE-2024-38622 CVE-2024-38627 CVE-2024-38628 CVE-2024-38629
CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38636
CVE-2024-38661 CVE-2024-38663 CVE-2024-38664 CVE-2024-38780 CVE-2024-39277
CVE-2024-39291 CVE-2024-39296 CVE-2024-39301 CVE-2024-39362 CVE-2024-39371
CVE-2024-39463 CVE-2024-39466 CVE-2024-39469 CVE-2024-39471
-----------------------------------------------------------------
The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2571-1
Released: Mon Jul 22 12:34:16 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1186716,1195775,1204562,1209834,1217481,1217912,1218442,1219224,1219478,1219596,1219633,1219847,1219953,1221086,1221777,1221958,1222011,1222015,1222080,1222241,1222380,1222588,1222617,1222619,1222809,1222810,1223018,1223265,1224049,1224187,1224439,1224497,1224498,1224515,1224520,1224523,1224539,1224540,1224549,1224572,1224575,1224583,1224584,1224606,1224612,1224614,1224619,1224655,1224659,1224661,1224662,1224670,1224673,1224698,1224735,1224751,1224759,1224928,1224930,1224932,1224933,1224935,1224937,1224939,1224941,1224944,1224946,1224947,1224949,1224951,1224988,1224992,1224998,1225000,1225001,1225004,1225006,1225008,1225009,1225014,1225015,1225022,1225025,1225028,1225029,1225031,1225036,1225041,1225044,1225049,1225050,1225076,1225077,1225078,1225081,1225085,1225086,1225090,1225092,1225096,1225097,1225098,1225101,1225103,1225104,1225105,1225106,1225108,1225120,1225132,1225180,1225300,1225391,1225472,1225475,1225476,1225477,1225478,1225485,1225490,1225527,1225529,1225530,1
225532,1225534,1225548,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225564,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225573,1225577,1225581,1225583,1225584,1225585,1225586,1225587,1225588,1225589,1225590,1225591,1225592,1225594,1225595,1225599,1225602,1225605,1225609,1225611,1225681,1225702,1225723,1225726,1225731,1225732,1225737,1225741,1225758,1225759,1225760,1225761,1225762,1225763,1225767,1225770,1225815,1225820,1225823,1225827,1225834,1225866,1225872,1225898,1225903,1226022,1226131,1226145,1226149,1226155,1226158,1226163,1226211,1226212,1226226,1226457,1226503,1226513,1226514,1226520,1226582,1226587,1226588,1226592,1226593,1226594,1226595,1226597,1226607,1226608,1226610,1226612,1226613,1226630,1226632,1226633,1226634,1226637,1226657,1226658,1226734,1226735,1226737,1226738,1226739,1226740,1226741,1226742,1226744,1226746,1226747,1226749,1226754,1226758,1226760,1226761,1226764,1226767,1226768,1226769,1226771,1226772,1226774,1226775,1226776,122677
7,1226780,1226781,1226786,1226788,1226789,1226790,1226791,1226796,1226799,1226837,1226839,1226840,1226841,1226842,1226844,1226848,1226852,1226856,1226857,1226859,1226861,1226863,1226864,1226867,1226868,1226875,1226876,1226878,1226879,1226886,1226890,1226891,1226894,1226895,1226905,1226908,1226909,1226911,1226928,1226934,1226938,1226939,1226941,1226948,1226949,1226950,1226962,1226976,1226989,1226990,1226992,1226994,1226995,1226996,1227066,1227072,1227085,1227089,1227090,1227096,1227101,1227190,CVE-2021-47432,CVE-2022-48772,CVE-2023-52622,CVE-2023-52656,CVE-2023-52672,CVE-2023-52699,CVE-2023-52735,CVE-2023-52749,CVE-2023-52750,CVE-2023-52753,CVE-2023-52754,CVE-2023-52757,CVE-2023-52759,CVE-2023-52762,CVE-2023-52763,CVE-2023-52764,CVE-2023-52765,CVE-2023-52766,CVE-2023-52767,CVE-2023-52768,CVE-2023-52769,CVE-2023-52773,CVE-2023-52774,CVE-2023-52776,CVE-2023-52777,CVE-2023-52780,CVE-2023-52781,CVE-2023-52782,CVE-2023-52783,CVE-2023-52784,CVE-2023-52786,CVE-2023-52787,CVE-2023-52788,CVE-
2023-52789,CVE-2023-52791,CVE-2023-52792,CVE-2023-52794,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52801,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52812,CVE-2023-52813,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52827,CVE-2023-52829,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52835,CVE-2023-52836,CVE-2023-52837,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52842,CVE-2023-52843,CVE-2023-52844,CVE-2023-52845,CVE-2023-52846,CVE-2023-52847,CVE-2023-52849,CVE-2023-52850,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52857,CVE-2023-52858,CVE-2023-52861,CVE-2023-52862,CVE-2023-52863,CVE-2023-52864,CVE-2023-52865,CVE-2023-52866,CVE-2023-52867,CVE-2023-52868,CVE-2023-52869,CVE-2023-52870,CVE-2023-52
871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52874,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52879,CVE-2023-52880,CVE-2023-52881,CVE-2023-52883,CVE-2023-52884,CVE-2024-26482,CVE-2024-26625,CVE-2024-26676,CVE-2024-26750,CVE-2024-26758,CVE-2024-26767,CVE-2024-26780,CVE-2024-26813,CVE-2024-26814,CVE-2024-26845,CVE-2024-26889,CVE-2024-26920,CVE-2024-27414,CVE-2024-27419,CVE-2024-33619,CVE-2024-34777,CVE-2024-35247,CVE-2024-35807,CVE-2024-35827,CVE-2024-35831,CVE-2024-35843,CVE-2024-35848,CVE-2024-35857,CVE-2024-35880,CVE-2024-35884,CVE-2024-35886,CVE-2024-35892,CVE-2024-35896,CVE-2024-35898,CVE-2024-35900,CVE-2024-35925,CVE-2024-35926,CVE-2024-35957,CVE-2024-35962,CVE-2024-35970,CVE-2024-35976,CVE-2024-35979,CVE-2024-35998,CVE-2024-36005,CVE-2024-36008,CVE-2024-36010,CVE-2024-36017,CVE-2024-36024,CVE-2024-36281,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36882,CVE-2024-36887,CVE-2024-36899,CVE-2024-36900,CVE-2024-36903,CVE-2024-36904,CVE-2024-36915,CVE
-2024-36916,CVE-2024-36917,CVE-2024-36919,CVE-2024-36923,CVE-2024-36924,CVE-2024-36926,CVE-2024-36934,CVE-2024-36935,CVE-2024-36937,CVE-2024-36938,CVE-2024-36945,CVE-2024-36952,CVE-2024-36957,CVE-2024-36960,CVE-2024-36962,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36972,CVE-2024-36973,CVE-2024-36975,CVE-2024-36977,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37353,CVE-2024-37354,CVE-2024-38381,CVE-2024-38384,CVE-2024-38385,CVE-2024-38388,CVE-2024-38390,CVE-2024-38391,CVE-2024-38539,CVE-2024-38540,CVE-2024-38541,CVE-2024-38543,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38551,CVE-2024-38552,CVE-2024-38553,CVE-2024-38554,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38559,CVE-2024-38560,CVE-2024-38562,CVE-2024-38564,CVE-2024-38565,CVE-2024-38566,CVE-2024-38567,CVE-2024-38568,CVE-2024-38569,CVE-2024-38570,CVE-2024-38571,CVE-2024-38572,CVE-2024-38573,CVE-2024-3
8575,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38592,CVE-2024-38594,CVE-2024-38595,CVE-2024-38597,CVE-2024-38599,CVE-2024-38600,CVE-2024-38601,CVE-2024-38602,CVE-2024-38603,CVE-2024-38605,CVE-2024-38608,CVE-2024-38610,CVE-2024-38611,CVE-2024-38615,CVE-2024-38616,CVE-2024-38617,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38622,CVE-2024-38627,CVE-2024-38628,CVE-2024-38629,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38636,CVE-2024-38661,CVE-2024-38663,CVE-2024-38664,CVE-2024-38780,CVE-2024-39277,CVE-2024-39291,CVE-2024-39296,CVE-2024-39301,CVE-2024-39362,CVE-2024-39371,CVE-2024-39463,CVE-2024-39466,CVE-2024-39469,CVE-2024-39471
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990).
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758).
- CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599).
- CVE-2023-52875: Add check for mtk_alloc_clk_data (bsc#1225096).
- CVE-2023-52865: Add check for mtk_alloc_clk_data (bsc#1225086).
- CVE-2023-52821: Fixed a possible null pointer dereference (bsc#1225022).
- CVE-2023-52867: Fixed possible buffer overflow (bsc#1225009).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2023-52759: Ignore negated quota changes (bsc#1225560).
- CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
- CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097).
- CVE-2023-52864: Fixed opening of char device (bsc#1225132).
- CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011).
- CVE-2023-52871: Handle a second device without data corruption (bsc#1225534)
- CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2024-35843: iommu/vt-d: Use device rbtree in iopf reporting path (bsc#1224751).
- CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
- CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
- CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
- CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
- CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (bsc#1226799).
- CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
- CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841).
- CVE-2024-38636: f2fs: multidev: fix to recognize valid zero block address (bsc#1226879).
- CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
- CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
- CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
- CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
- CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
- CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
- CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
- CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
- CVE-2024-38569: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group (bsc#1226772).
- CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
- CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810).
- CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809).
- CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
- CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-27414: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (bsc#1224439).
- CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
- CVE-2024-36024: drm/amd/display: Disable idle reallow as part of command/gpint execution (bsc#1225702).
- CVE-2024-36903: ipv6: Fix potential uninit-value access in __ip6_make_skb() (bsc#1225741).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
- CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
- CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
- CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
- CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-36882: mm: use memalloc_nofs_save() in page_cache_ra_order() (bsc#1225723).
- CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
- CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
- CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
- CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2023-52786: ext4: fix racy may inline data check in dio write (bsc#1224939).
- CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
- CVE-2024-36935: ice: ensure the copied buf is NUL terminated (bsc#1225763).
- CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
- CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
- CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
- CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539).
- CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018).
- CVE-2024-35892: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() (bsc#1224515).
- CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
- CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
- CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
- CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
- CVE-2024-35926: crypto: iaa - Fix async_disable descriptor leak (bsc#1224655).
- CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
- CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
- CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
- CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
- CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
- CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759)
- CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
- CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
- CVE-2024-35880: io_uring/kbuf: hold io_buffer_list reference over mmap (bsc#1224523).
- CVE-2024-35831: io_uring: Fix release of pinned pages when __io_uaddr_map fails (bsc#1224698).
- CVE-2024-35827: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1224606).
- CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187).
- CVE-2023-52699: sysv: don't call sb_bread() with pointers_lock held (bsc#1224659).
The following non-security bugs were fixed:
- KVM: arm64: Use local TLBI on permission relaxation (bsc#1219478).
- KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (bsc#1226158).
- NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847).
- NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847).
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- PCI: Clear Secondary Status errors after enumeration (bsc#1226928)
- RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300).
- RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300).
- Revert 'build initrd without systemd' (bsc#1195775)'
- arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8688).
- arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8688).
- arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8688).
- bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903).
- bpf: correct loop detection for iterators convergence (bsc#1225903).
- bpf: exact states comparison for iterator convergence checks (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903).
- bpf: print full verifier states on infinite loop detection (bsc#1225903).
- bpf: verify callbacks as if they are called unknown number of times (bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- cachefiles: remove requests from xarray during flushing requests (bsc#1226588).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps (bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022).
- crypto: deflate - Add aliases to deflate (bsc#1227190).
- crypto: iaa - Account for cpu-less numa nodes (bsc#1227190).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- kABI: bpf: verifier kABI workaround (bsc#1225903).
- net: ena: Fix redundant device NUMA node override (jsc#PED-8688).
- net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491).
- nfs: Avoid flushing many pages with NFS_FILE_SYNC (bsc#1218442).
- nfs: Bump default write congestion size (bsc#1218442).
- nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912).
- nvme-fabrics: short-circuit reconnect retries (bsc#1186716).
- nvme-tcp: Export the nvme_tcp_wq to sysfs (bsc#1224049).
- nvme/tcp: Add wq_unbound modparam for nvme_tcp_wq (bsc#1224049).
- nvme: do not retry authentication failures (bsc#1186716).
- nvme: return kernel error codes for admin queue connect (bsc#1186716).
- nvmet: lock config semaphore when accessing DH-HMAC-CHAP key (bsc#1186716).
- nvmet: return DHCHAP status codes from nvmet_setup_auth() (bsc#1186716).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212).
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211).
- s390/cpacf: Make use of invalid opcode produce a link error (bsc#1227072).
- sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791).
- selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903).
- selftests/bpf: test if state loops are detected in a tricky case (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks (bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: tests with delayed read/precision makrs in loop body (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903).
- selftests/bpf: track tcp payload offset as scalar in xdp_synproxy (bsc#1225903).
- supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570)
- tcp: Dump bound-only sockets in inet_diag (bsc#1204562).
- x86/mce: Dynamically size space for machine check records (bsc#1222241).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
The following package changes have been done:
- kernel-macros-6.4.0-150600.23.14.2 updated
- kernel-devel-6.4.0-150600.23.14.2 updated
- kernel-default-devel-6.4.0-150600.23.14.2 updated
- kernel-syms-6.4.0-150600.23.14.2 updated
More information about the sle-container-updates
mailing list