SUSE-IU-2024:1195-1: Security update of suse/sle-micro/rt-5.5
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Sep 12 07:01:43 UTC 2024
SUSE Image Update Advisory: suse/sle-micro/rt-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:1195-1
Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.160 , suse/sle-micro/rt-5.5:latest
Image Release : 4.5.160
Severity : important
Type : security
References : 1193629 1194111 1194765 1194869 1196261 1196516 1196894 1198017
1203329 1203330 1203360 1205462 1206006 1206258 1206843 1207158
1208783 1210644 1213580 1213632 1214285 1216834 1220428 1220877
1220962 1221269 1221326 1221630 1221645 1222335 1222350 1222372
1222387 1222634 1222808 1222967 1223074 1223191 1223508 1223720
1223742 1223777 1223803 1223807 1224105 1224415 1224496 1224510
1224542 1224578 1224639 1225162 1225352 1225428 1225524 1225578
1225582 1225773 1225814 1225827 1225832 1225903 1226168 1226530
1226613 1226742 1226765 1226798 1226801 1226874 1226885 1227079
1227623 1227761 1227830 1227863 1227867 1227929 1227937 1227958
1228020 1228065 1228114 1228410 1228426 1228427 1228429 1228446
1228447 1228449 1228450 1228452 1228456 1228463 1228466 1228467
1228469 1228480 1228481 1228482 1228483 1228484 1228485 1228487
1228489 1228491 1228493 1228494 1228495 1228496 1228501 1228503
1228509 1228513 1228515 1228516 1228526 1228531 1228563 1228564
1228567 1228576 1228579 1228584 1228588 1228590 1228615 1228616
1228635 1228636 1228654 1228656 1228658 1228660 1228662 1228667
1228673 1228677 1228687 1228706 1228708 1228710 1228718 1228720
1228721 1228722 1228724 1228726 1228727 1228733 1228748 1228766
1228779 1228801 1228850 1228857 1228959 1228964 1228966 1228967
1228979 1228988 1228989 1228991 1228992 1229042 1229054 1229086
1229136 1229154 1229187 1229188 1229190 1229287 1229290 1229292
1229296 1229297 1229301 1229303 1229304 1229305 1229307 1229309
1229312 1229314 1229315 1229317 1229318 1229319 1229327 1229341
1229345 1229346 1229347 1229349 1229350 1229351 1229354 1229356
1229357 1229358 1229359 1229360 1229366 1229370 1229373 1229374
1229381 1229382 1229383 1229386 1229388 1229391 1229392 1229395
1229398 1229399 1229400 1229407 1229409 1229410 1229411 1229413
1229414 1229417 1229418 1229444 1229453 1229454 1229481 1229482
1229488 1229489 1229490 1229493 1229495 1229497 1229500 1229503
1229506 1229507 1229508 1229509 1229510 1229512 1229516 1229521
1229522 1229523 1229524 1229525 1229526 1229527 1229528 1229529
1229531 1229533 1229535 1229536 1229537 1229540 1229544 1229545
1229546 1229547 1229548 1229554 1229557 1229558 1229559 1229560
1229562 1229564 1229565 1229566 1229568 1229569 1229572 1229573
1229576 1229581 1229588 1229598 1229603 1229604 1229605 1229608
1229611 1229612 1229613 1229614 1229615 1229616 1229617 1229620
1229622 1229623 1229624 1229625 1229626 1229628 1229629 1229630
1229631 1229632 1229635 1229636 1229637 1229638 1229639 1229641
1229642 1229643 1229645 1229657 1229658 1229662 1229664 1229707
1229739 1229743 1229746 1229754 1229755 1229756 1229759 1229761
1229767 1229768 1229781 1229784 1229787 1229788 1229789 1229792
1229820 1230093 CVE-2021-4441 CVE-2021-47106 CVE-2021-47517 CVE-2021-47546
CVE-2022-38457 CVE-2022-40133 CVE-2022-48645 CVE-2022-48706 CVE-2022-48808
CVE-2022-48865 CVE-2022-48868 CVE-2022-48869 CVE-2022-48870 CVE-2022-48871
CVE-2022-48872 CVE-2022-48873 CVE-2022-48875 CVE-2022-48878 CVE-2022-48880
CVE-2022-48881 CVE-2022-48882 CVE-2022-48883 CVE-2022-48884 CVE-2022-48885
CVE-2022-48886 CVE-2022-48887 CVE-2022-48888 CVE-2022-48889 CVE-2022-48890
CVE-2022-48891 CVE-2022-48893 CVE-2022-48896 CVE-2022-48898 CVE-2022-48899
CVE-2022-48903 CVE-2022-48904 CVE-2022-48905 CVE-2022-48906 CVE-2022-48907
CVE-2022-48909 CVE-2022-48910 CVE-2022-48912 CVE-2022-48913 CVE-2022-48914
CVE-2022-48915 CVE-2022-48916 CVE-2022-48917 CVE-2022-48918 CVE-2022-48919
CVE-2022-48920 CVE-2022-48921 CVE-2022-48923 CVE-2022-48924 CVE-2022-48925
CVE-2022-48926 CVE-2022-48927 CVE-2022-48928 CVE-2022-48929 CVE-2022-48930
CVE-2022-48931 CVE-2022-48932 CVE-2022-48934 CVE-2022-48937 CVE-2022-48938
CVE-2022-48939 CVE-2022-48940 CVE-2022-48941 CVE-2022-48942 CVE-2022-48943
CVE-2023-3610 CVE-2023-52458 CVE-2023-52489 CVE-2023-52498 CVE-2023-52581
CVE-2023-52859 CVE-2023-52887 CVE-2023-52889 CVE-2023-52893 CVE-2023-52894
CVE-2023-52896 CVE-2023-52898 CVE-2023-52899 CVE-2023-52900 CVE-2023-52901
CVE-2023-52904 CVE-2023-52905 CVE-2023-52906 CVE-2023-52907 CVE-2023-52908
CVE-2023-52909 CVE-2023-52910 CVE-2023-52911 CVE-2023-52912 CVE-2023-52913
CVE-2024-26631 CVE-2024-26668 CVE-2024-26669 CVE-2024-26677 CVE-2024-26735
CVE-2024-26808 CVE-2024-26812 CVE-2024-26835 CVE-2024-26851 CVE-2024-27010
CVE-2024-27011 CVE-2024-27016 CVE-2024-27024 CVE-2024-27079 CVE-2024-27403
CVE-2024-31076 CVE-2024-35897 CVE-2024-35902 CVE-2024-35945 CVE-2024-35971
CVE-2024-36009 CVE-2024-36013 CVE-2024-36270 CVE-2024-36286 CVE-2024-36489
CVE-2024-36929 CVE-2024-36933 CVE-2024-36936 CVE-2024-36962 CVE-2024-38554
CVE-2024-38602 CVE-2024-38662 CVE-2024-39489 CVE-2024-40905 CVE-2024-40978
CVE-2024-40980 CVE-2024-40995 CVE-2024-41000 CVE-2024-41007 CVE-2024-41009
CVE-2024-41011 CVE-2024-41016 CVE-2024-41020 CVE-2024-41022 CVE-2024-41035
CVE-2024-41036 CVE-2024-41038 CVE-2024-41039 CVE-2024-41042 CVE-2024-41045
CVE-2024-41056 CVE-2024-41060 CVE-2024-41062 CVE-2024-41065 CVE-2024-41068
CVE-2024-41073 CVE-2024-41079 CVE-2024-41080 CVE-2024-41087 CVE-2024-41088
CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41095 CVE-2024-41097
CVE-2024-41098 CVE-2024-42069 CVE-2024-42074 CVE-2024-42076 CVE-2024-42077
CVE-2024-42080 CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087
CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42095 CVE-2024-42097
CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42106 CVE-2024-42107
CVE-2024-42110 CVE-2024-42114 CVE-2024-42115 CVE-2024-42119 CVE-2024-42120
CVE-2024-42121 CVE-2024-42126 CVE-2024-42127 CVE-2024-42130 CVE-2024-42137
CVE-2024-42139 CVE-2024-42142 CVE-2024-42143 CVE-2024-42148 CVE-2024-42152
CVE-2024-42155 CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42162
CVE-2024-42223 CVE-2024-42225 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230
CVE-2024-42232 CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239
CVE-2024-42240 CVE-2024-42244 CVE-2024-42246 CVE-2024-42247 CVE-2024-42268
CVE-2024-42271 CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42280
CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286
CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42291 CVE-2024-42292
CVE-2024-42295 CVE-2024-42301 CVE-2024-42302 CVE-2024-42308 CVE-2024-42309
CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42315
CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43816
CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43829
CVE-2024-43830 CVE-2024-43831 CVE-2024-43834 CVE-2024-43837 CVE-2024-43839
CVE-2024-43841 CVE-2024-43842 CVE-2024-43846 CVE-2024-43849 CVE-2024-43853
CVE-2024-43854 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861
CVE-2024-43863 CVE-2024-43866 CVE-2024-43867 CVE-2024-43871 CVE-2024-43872
CVE-2024-43873 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882 CVE-2024-43883
CVE-2024-43884 CVE-2024-43889 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894
CVE-2024-43895 CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903
CVE-2024-43904 CVE-2024-43905 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909
CVE-2024-44938 CVE-2024-44939 CVE-2024-44947 CVE-2024-8096
-----------------------------------------------------------------
The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3209-1
Released: Wed Sep 11 17:39:02 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1193629,1194111,1194765,1194869,1196261,1196516,1196894,1198017,1203329,1203330,1203360,1205462,1206006,1206258,1206843,1207158,1208783,1210644,1213580,1213632,1214285,1216834,1220428,1220877,1220962,1221269,1221326,1221630,1221645,1222335,1222350,1222372,1222387,1222634,1222808,1222967,1223074,1223191,1223508,1223720,1223742,1223777,1223803,1223807,1224105,1224415,1224496,1224510,1224542,1224578,1224639,1225162,1225352,1225428,1225524,1225578,1225582,1225773,1225814,1225827,1225832,1225903,1226168,1226530,1226613,1226742,1226765,1226798,1226801,1226874,1226885,1227079,1227623,1227761,1227830,1227863,1227867,1227929,1227937,1227958,1228020,1228065,1228114,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228463,1228466,1228467,1228469,1228480,1228481,1228482,1228483,1228484,1228485,1228487,1228489,1228491,1228493,1228494,1228495,1228496,1228501,1228503,1228509,1228513,1228515,1228516,1228526,1228531,1228563,1228564,1228567,1228576,1228579,1
228584,1228588,1228590,1228615,1228616,1228635,1228636,1228654,1228656,1228658,1228660,1228662,1228667,1228673,1228677,1228687,1228706,1228708,1228710,1228718,1228720,1228721,1228722,1228724,1228726,1228727,1228733,1228748,1228766,1228779,1228801,1228850,1228857,1228959,1228964,1228966,1228967,1228979,1228988,1228989,1228991,1228992,1229042,1229054,1229086,1229136,1229154,1229187,1229188,1229190,1229287,1229290,1229292,1229296,1229297,1229301,1229303,1229304,1229305,1229307,1229309,1229312,1229314,1229315,1229317,1229318,1229319,1229327,1229341,1229345,1229346,1229347,1229349,1229350,1229351,1229354,1229356,1229357,1229358,1229359,1229360,1229366,1229370,1229373,1229374,1229381,1229382,1229383,1229386,1229388,1229391,1229392,1229395,1229398,1229399,1229400,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229418,1229444,1229453,1229454,1229481,1229482,1229488,1229489,1229490,1229493,1229495,1229497,1229500,1229503,1229506,1229507,1229508,1229509,1229510,1229512,1229516,122952
1,1229522,1229523,1229524,1229525,1229526,1229527,1229528,1229529,1229531,1229533,1229535,1229536,1229537,1229540,1229544,1229545,1229546,1229547,1229548,1229554,1229557,1229558,1229559,1229560,1229562,1229564,1229565,1229566,1229568,1229569,1229572,1229573,1229576,1229581,1229588,1229598,1229603,1229604,1229605,1229608,1229611,1229612,1229613,1229614,1229615,1229616,1229617,1229620,1229622,1229623,1229624,1229625,1229626,1229628,1229629,1229630,1229631,1229632,1229635,1229636,1229637,1229638,1229639,1229641,1229642,1229643,1229645,1229657,1229658,1229662,1229664,1229707,1229739,1229743,1229746,1229754,1229755,1229756,1229759,1229761,1229767,1229768,1229781,1229784,1229787,1229788,1229789,1229792,1229820,CVE-2021-4441,CVE-2021-47106,CVE-2021-47517,CVE-2021-47546,CVE-2022-38457,CVE-2022-40133,CVE-2022-48645,CVE-2022-48706,CVE-2022-48808,CVE-2022-48865,CVE-2022-48868,CVE-2022-48869,CVE-2022-48870,CVE-2022-48871,CVE-2022-48872,CVE-2022-48873,CVE-2022-48875,CVE-2022-48878,CVE-2022-48880
,CVE-2022-48881,CVE-2022-48882,CVE-2022-48883,CVE-2022-48884,CVE-2022-48885,CVE-2022-48886,CVE-2022-48887,CVE-2022-48888,CVE-2022-48889,CVE-2022-48890,CVE-2022-48891,CVE-2022-48893,CVE-2022-48896,CVE-2022-48898,CVE-2022-48899,CVE-2022-48903,CVE-2022-48904,CVE-2022-48905,CVE-2022-48906,CVE-2022-48907,CVE-2022-48909,CVE-2022-48910,CVE-2022-48912,CVE-2022-48913,CVE-2022-48914,CVE-2022-48915,CVE-2022-48916,CVE-2022-48917,CVE-2022-48918,CVE-2022-48919,CVE-2022-48920,CVE-2022-48921,CVE-2022-48923,CVE-2022-48924,CVE-2022-48925,CVE-2022-48926,CVE-2022-48927,CVE-2022-48928,CVE-2022-48929,CVE-2022-48930,CVE-2022-48931,CVE-2022-48932,CVE-2022-48934,CVE-2022-48937,CVE-2022-48938,CVE-2022-48939,CVE-2022-48940,CVE-2022-48941,CVE-2022-48942,CVE-2022-48943,CVE-2023-3610,CVE-2023-52458,CVE-2023-52489,CVE-2023-52498,CVE-2023-52581,CVE-2023-52859,CVE-2023-52887,CVE-2023-52889,CVE-2023-52893,CVE-2023-52894,CVE-2023-52896,CVE-2023-52898,CVE-2023-52899,CVE-2023-52900,CVE-2023-52901,CVE-2023-52904,CVE-202
3-52905,CVE-2023-52906,CVE-2023-52907,CVE-2023-52908,CVE-2023-52909,CVE-2023-52910,CVE-2023-52911,CVE-2023-52912,CVE-2023-52913,CVE-2024-26631,CVE-2024-26668,CVE-2024-26669,CVE-2024-26677,CVE-2024-26735,CVE-2024-26808,CVE-2024-26812,CVE-2024-26835,CVE-2024-26851,CVE-2024-27010,CVE-2024-27011,CVE-2024-27016,CVE-2024-27024,CVE-2024-27079,CVE-2024-27403,CVE-2024-31076,CVE-2024-35897,CVE-2024-35902,CVE-2024-35945,CVE-2024-35971,CVE-2024-36009,CVE-2024-36013,CVE-2024-36270,CVE-2024-36286,CVE-2024-36489,CVE-2024-36929,CVE-2024-36933,CVE-2024-36936,CVE-2024-36962,CVE-2024-38554,CVE-2024-38602,CVE-2024-38662,CVE-2024-39489,CVE-2024-40905,CVE-2024-40978,CVE-2024-40980,CVE-2024-40995,CVE-2024-41000,CVE-2024-41007,CVE-2024-41009,CVE-2024-41011,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41035,CVE-2024-41036,CVE-2024-41038,CVE-2024-41039,CVE-2024-41042,CVE-2024-41045,CVE-2024-41056,CVE-2024-41060,CVE-2024-41062,CVE-2024-41065,CVE-2024-41068,CVE-2024-41073,CVE-2024-41079,CVE-2024-41080
,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41095,CVE-2024-41097,CVE-2024-41098,CVE-2024-42069,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42080,CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42095,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42106,CVE-2024-42107,CVE-2024-42110,CVE-2024-42114,CVE-2024-42115,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42137,CVE-2024-42139,CVE-2024-42142,CVE-2024-42143,CVE-2024-42148,CVE-2024-42152,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42162,CVE-2024-42223,CVE-2024-42225,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-2024-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42244,CVE-2024-42246,CVE-2024-42247,CVE-2024-42268,CVE-2024-42271,CVE-2024-42274,CVE-2024-42276,CVE-2024-42277,CVE-20
24-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42301,CVE-2024-42302,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42315,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43849,CVE-2024-43853,CVE-2024-43854,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43879,CVE-2024-43880,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024-43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-4390
4,CVE-2024-43905,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-44938,CVE-2024-44939,CVE-2024-44947
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
- CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
- CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
- CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
- CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
- CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
- CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-26812: struct virqfd kABI workaround (bsc#1222808).
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
- CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
- CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
- CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569).
- CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
- CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
- CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
- CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
- CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
- CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
- CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
- CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
- CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
- CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290).
- CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
- CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-27016: Validate pppoe header (bsc#1223807).
- CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
- CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
- CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
- CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
- CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
- CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
- CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727).
- CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387)
- CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
- CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
- CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
- CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
- CVE-2024-26669: Fix chain template offload (bsc#1222350).
- CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287).
- CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
- CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
- CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
- CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
- CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
- CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
- CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
- CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
- CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
- CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
- CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
- CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
- CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
- CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
- CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
- CVE-2024-42139: Fix improper extts handling (bsc#1228503).
- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
- CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
- CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (bsc#1226613).
- CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
- CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).
The following non-security bugs were fixed:
- ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes).
- ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes).
- ACPI: bus: Rework system-level device notification handling (git-fixes).
- ACPI: thermal: Drop nocrt parameter (git-fixes).
- ACPI: x86: s2idle: Post-increment variables when getting constraints (git-fixes).
- afs: Do not cross .backup mountpoint from backup volume (git-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: timer: Relax start tick time check for slave timer elements (git-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes).
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: Add Neoverse-V2 part (git-fixes)
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- arm64: cpufeature: Add missing .field_width for GIC system registers (git-fixes)
- arm64: cpufeature: Fix the visibility of compat hwcaps (git-fixes)
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to (git-fixes)
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- arm64: errata: Unify speculative SSBS errata logic (git-fixes) Also update default configuration.
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- async: Introduce async_schedule_dev_nocall() (bsc#1221269).
- async: Split async_schedule_node_domain() (bsc#1221269).
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes).
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes).
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes).
- btrfs: fix leak of qgroup extent records after transaction abort (git-fixes).
- btrfs: make btrfs_destroy_delayed_refs() return void (git-fixes).
- btrfs: remove unnecessary prototype declarations at disk-io.c (git-fixes).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418).
- ceph: issue a cap release immediately if no cap exists (bsc#1225162).
- ceph: periodically flush the cap releases (bsc#1225162).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer (git-fixes).
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- drm: add missing MODULE_DESCRIPTION() macros (stable-fixes).
- drm: panel-orientation-quirks: Add labels for both Valve Steam Deck revisions (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01 (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes).
- drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- drm/amd/display: avoid using null object of framebuffer (git-fixes).
- drm/amd/display: Fix && vs || typos (git-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes).
- drm/amd/display: Validate hw_points_num before using it (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes).
- drm/amdgpu: Actually check flags for all context ops (stable-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes).
- drm/bridge: tc358768: Attempt to fix DSI horizontal timings (stable-fixes).
- drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- drm/msm/dp: reset the link phy params before link training (git-fixes).
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes).
- drm/msm/dpu: do not play tricks with debug macros (git-fixes).
- drm/tegra: Zero-initialize iosys_map (stable-fixes).
- exfat: fix inode->i_blocks for non-512 byte sector size device (git-fixes).
- exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes).
- exfat: redefine DIR_DELETED as the bad cluster number (git-fixes).
- exfat: support dynamic allocate bh for exfat_entry_set_cache (git-fixes).
- fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229453).
- fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- genirq: Add might_sleep() to disable_irq() (git-fixes).
- genirq: Always limit the affinity to online CPUs (git-fixes).
- genirq: Do not return error on missing optional irq_request_resources() (git-fixes).
- genirq: Take the proposed affinity at face value if force==true (git-fixes).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes).
- genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes).
- genirq/irqdesc: Do not try to remove non-existing sysfs files (git-fixes).
- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes).
- genirq/msi: Shutdown managed interrupts with unsatifiable affinities (git-fixes).
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- i2c: smbus: Send alert notifications to all devices if source not found (git-fixes).
- iommu/amd: Convert comma to semicolon (git-fixes).
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- ipv6: sr: fix incorrect unregister order (git-fixes).
- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).
- irqdomain: Fix association race (git-fixes).
- irqdomain: Fix disassociation race (git-fixes).
- irqdomain: Fix domain registration race (git-fixes).
- irqdomain: Fix mapping-creation race (git-fixes).
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- irqdomain: Look for existing mapping only once (git-fixes).
- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).
- irqdomain: Report irq number for NOMAP domains (git-fixes).
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- lockd: move from strlcpy with unused retval to strscpy (git-fixes).
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes).
- net: ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes).
- net: ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- net: ks8851: Fix potential TX stall after interface reopen (git-fixes).
- net: ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes).
- net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).
- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).
- net: remove two BUG() from skb_checksum_help() (bsc#1229312).
- net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes).
- net/rds: fix possible cp null dereference (git-fixes).
- net/sched: initialize noop_qdisc owner (git-fixes).
- nfc: pn533: Add poll mod list filling check (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- NFSD: add posix ACLs to struct nfsd_attrs (git-fixes).
- NFSD: add security label to struct nfsd_attrs (git-fixes).
- NFSD: fix regression with setting ACLs (git-fixes).
- NFSD: Fix strncpy() fortify warning (git-fixes).
- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- NFSD: introduce struct nfsd_attrs (git-fixes).
- NFSD: move from strlcpy with unused retval to strscpy (git-fixes).
- NFSD: Optimize DRC bucket pruning (git-fixes).
- nfsd: return error if nfs4_setacl fails (git-fixes).
- NFSD: set attributes when creating symlinks (git-fixes).
- nfsd: use locks_inode_context helper (git-fixes).
- nilfs2: Remove check for PageError (git-fixes).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- ocfs2: use coarse time for new created files (git-fixes).
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes).
- power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes).
- powerpc: Fail build if using recordmcount with binutils v2.37 (bsc#1194869).
- powerpc: Mark .opd section read-only (bsc#1194869).
- powerpc: use generic version of arch_is_kernel_initmem_freed() (bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869).
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869).
- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).
- RDMA/rxe: Fix incomplete state save in rxe_requester (git-fixes)
- RDMA/rxe: Fix rxe_modify_srq (git-fixes)
- RDMA/rxe: Handle zero length rdma (git-fixes)
- RDMA/rxe: Move work queue code to subroutines (git-fixes)
- s390/cpacf: get rid of register asm (git-fixes bsc#1227079 bsc#1229187).
- s390/cpacf: Make use of invalid opcode produce a link error (git-fixes bsc#1227079).
- s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1229187).
- s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190).
- s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573).
- s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229572).
- s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229188).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes).
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes).
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).
- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).
- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances (git-fixes).
- x86/APM: drop the duplicate APM_MINOR_DEV macro (git-fixes).
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes).
- xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes).
- xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3211-1
Released: Wed Sep 11 17:40:13 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1230093,CVE-2024-8096
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
The following package changes have been done:
- libcurl4-8.0.1-150400.5.50.1 updated
- kernel-rt-5.14.21-150500.13.67.3 updated
- container:suse-sle-micro-5.5-latest-2.0.4-5.5.122 updated
More information about the sle-container-updates
mailing list