SUSE-SU-2024:2493-1: important: Security update for the Linux Kernel
SLE-UPDATES
null at suse.de
Tue Jul 16 08:30:27 UTC 2024
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:2493-1
Rating: important
References:
* bsc#1215420
* bsc#1220833
* bsc#1221656
* bsc#1221659
* bsc#1222005
* bsc#1222792
* bsc#1223021
* bsc#1223188
* bsc#1224622
* bsc#1224627
* bsc#1224647
* bsc#1224683
* bsc#1224686
* bsc#1224743
* bsc#1224965
* bsc#1225229
* bsc#1225357
* bsc#1225431
* bsc#1225478
* bsc#1225505
* bsc#1225530
* bsc#1225532
* bsc#1225569
* bsc#1225593
* bsc#1225835
* bsc#1226757
* bsc#1226861
* bsc#1226994
* bsc#1227407
* bsc#1227435
* bsc#1227487
Cross-References:
* CVE-2021-47145
* CVE-2021-47201
* CVE-2021-47275
* CVE-2021-47438
* CVE-2021-47498
* CVE-2021-47520
* CVE-2021-47547
* CVE-2023-4244
* CVE-2023-52507
* CVE-2023-52683
* CVE-2023-52693
* CVE-2023-52753
* CVE-2023-52817
* CVE-2023-52818
* CVE-2023-52819
* CVE-2024-26635
* CVE-2024-26636
* CVE-2024-26880
* CVE-2024-35805
* CVE-2024-35819
* CVE-2024-35828
* CVE-2024-35947
* CVE-2024-36014
* CVE-2024-36941
* CVE-2024-38598
* CVE-2024-38619
* CVE-2024-39301
* CVE-2024-39475
CVSS scores:
* CVE-2021-47145 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47275 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47498 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47520 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47520 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47547 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52507 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-52683 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52817 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52818 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-52819 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2024-26635 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2024-26636 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26880 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-35805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-35819 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-35828 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-35947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-36014 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-36941 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-38598 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-38619 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-39301 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-39475 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-39475 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Real Time 12 SP5
* SUSE Linux Enterprise Server 12 SP5
An update that solves 28 vulnerabilities and has three security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various
security bugfixes.
The following security bugs were fixed:
* CVE-2021-47145: btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1222005).
* CVE-2021-47201: iavf: free q_vectors before queues in iavf_disable_vf
(bsc#1222792).
* CVE-2021-47275: bcache: avoid oversized read request in cache missing code
path (bsc#1224965).
* CVE-2021-47438: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
(bsc#1225229)
* CVE-2021-47498: dm rq: do not queue request to blk-mq during DM suspend
(bsc#1225357).
* CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free
(bsc#1225431).
* CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy'
may be out of bound (bsc#1225505).
* CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
could be exploited to achieve local privilege escalation (bsc#1215420).
* CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
* CVE-2023-52683: ACPI: LPIT: Avoid u32 multiplication overflow (bsc#1224627).
* CVE-2023-52693: ACPI: video: check for error while searching for backlight
device parent (bsc#1224686).
* CVE-2023-52753: drm/amd/display: Avoid NULL dereference of timing generator
(bsc#1225478).
* CVE-2023-52817: drm/amdgpu: Fix a null pointer access when the smc_rreg
pointer is NULL (bsc#1225569).
* CVE-2023-52818: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
(bsc#1225530).
* CVE-2023-52819: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and
Tonga (bsc#1225532).
* CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
* CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding
changes (bsc#1221659).
* CVE-2024-26880: dm: call the resume method on internal suspend
(bsc#1223188).
* CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit
(bsc#1224743).
* CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock
(bsc#1224683).
* CVE-2024-35828: wifi: libertas: fix some memleaks in
lbs_allocate_cmd_buffer() (bsc#1224622).
* CVE-2024-35947: dyndbg: fix old BUG_ON in >control parser (bsc#1224647).
* CVE-2024-36014: drm/arm/malidp: fix a possible null pointer dereference
(bsc#1225593).
* CVE-2024-36941: wifi: nl80211: do not free NULL coalescing rule
(bsc#1225835).
* CVE-2024-38598: md: fix resync softlockup when bitmap size is less than
array size (bsc#1226757).
* CVE-2024-38619: usb-storage: alauda: Check whether the media is initialized
(bsc#1226861).
* CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
* CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var
failed (bsc#1227435)
The following non-security bugs were fixed:
* PM: hibernate: x86: Use crc32 instead of md5 for hibernation e820 integrity
check (git-fixes).
* SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
* SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-
fixes).
* drm/amdgpu/debugfs: fix error code when smc register accessors are NULL
(git-fixes).
* kgdb: Add kgdb_has_hit_break function (git-fixes).
* kgdb: Move the extern declaration kgdb_has_hit_break() to generic kgdb.h
(git-fixes).
* net: hsr: fix placement of logical operator in a multi-line statement
(bsc#1223021).
* nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes).
* powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
(bsc#1227487).
* sched/deadline: Fix BUG_ON condition for deboosted tasks (bsc#1227407).
* sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
* x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
(git-fixes).
* x86/boot/e820: Fix typo in e820.c comment (git-fixes).
* x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
* x86/fpu: Return proper error codes from user access functions (git-fixes).
* x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-
fixes).
* x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-
fixes).
* x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-
fixes).
* x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes (git-fixes).
* x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
* x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Real Time 12 SP5
zypper in -t patch SUSE-SLE-RT-12-SP5-2024-2493=1
## Package List:
* SUSE Linux Enterprise Real Time 12 SP5 (x86_64)
* gfs2-kmp-rt-4.12.14-10.194.1
* kernel-rt_debug-debugsource-4.12.14-10.194.1
* kernel-rt_debug-devel-debuginfo-4.12.14-10.194.1
* ocfs2-kmp-rt-4.12.14-10.194.1
* ocfs2-kmp-rt-debuginfo-4.12.14-10.194.1
* kernel-rt-base-4.12.14-10.194.1
* kernel-rt-base-debuginfo-4.12.14-10.194.1
* gfs2-kmp-rt-debuginfo-4.12.14-10.194.1
* kernel-rt-devel-debuginfo-4.12.14-10.194.1
* kernel-rt-debugsource-4.12.14-10.194.1
* cluster-md-kmp-rt-debuginfo-4.12.14-10.194.1
* kernel-syms-rt-4.12.14-10.194.1
* kernel-rt-devel-4.12.14-10.194.1
* dlm-kmp-rt-debuginfo-4.12.14-10.194.1
* dlm-kmp-rt-4.12.14-10.194.1
* kernel-rt_debug-debuginfo-4.12.14-10.194.1
* kernel-rt_debug-devel-4.12.14-10.194.1
* cluster-md-kmp-rt-4.12.14-10.194.1
* kernel-rt-debuginfo-4.12.14-10.194.1
* SUSE Linux Enterprise Real Time 12 SP5 (noarch)
* kernel-devel-rt-4.12.14-10.194.1
* kernel-source-rt-4.12.14-10.194.1
* SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64)
* kernel-rt_debug-4.12.14-10.194.1
* kernel-rt-4.12.14-10.194.1
## References:
* https://www.suse.com/security/cve/CVE-2021-47145.html
* https://www.suse.com/security/cve/CVE-2021-47201.html
* https://www.suse.com/security/cve/CVE-2021-47275.html
* https://www.suse.com/security/cve/CVE-2021-47438.html
* https://www.suse.com/security/cve/CVE-2021-47498.html
* https://www.suse.com/security/cve/CVE-2021-47520.html
* https://www.suse.com/security/cve/CVE-2021-47547.html
* https://www.suse.com/security/cve/CVE-2023-4244.html
* https://www.suse.com/security/cve/CVE-2023-52507.html
* https://www.suse.com/security/cve/CVE-2023-52683.html
* https://www.suse.com/security/cve/CVE-2023-52693.html
* https://www.suse.com/security/cve/CVE-2023-52753.html
* https://www.suse.com/security/cve/CVE-2023-52817.html
* https://www.suse.com/security/cve/CVE-2023-52818.html
* https://www.suse.com/security/cve/CVE-2023-52819.html
* https://www.suse.com/security/cve/CVE-2024-26635.html
* https://www.suse.com/security/cve/CVE-2024-26636.html
* https://www.suse.com/security/cve/CVE-2024-26880.html
* https://www.suse.com/security/cve/CVE-2024-35805.html
* https://www.suse.com/security/cve/CVE-2024-35819.html
* https://www.suse.com/security/cve/CVE-2024-35828.html
* https://www.suse.com/security/cve/CVE-2024-35947.html
* https://www.suse.com/security/cve/CVE-2024-36014.html
* https://www.suse.com/security/cve/CVE-2024-36941.html
* https://www.suse.com/security/cve/CVE-2024-38598.html
* https://www.suse.com/security/cve/CVE-2024-38619.html
* https://www.suse.com/security/cve/CVE-2024-39301.html
* https://www.suse.com/security/cve/CVE-2024-39475.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215420
* https://bugzilla.suse.com/show_bug.cgi?id=1220833
* https://bugzilla.suse.com/show_bug.cgi?id=1221656
* https://bugzilla.suse.com/show_bug.cgi?id=1221659
* https://bugzilla.suse.com/show_bug.cgi?id=1222005
* https://bugzilla.suse.com/show_bug.cgi?id=1222792
* https://bugzilla.suse.com/show_bug.cgi?id=1223021
* https://bugzilla.suse.com/show_bug.cgi?id=1223188
* https://bugzilla.suse.com/show_bug.cgi?id=1224622
* https://bugzilla.suse.com/show_bug.cgi?id=1224627
* https://bugzilla.suse.com/show_bug.cgi?id=1224647
* https://bugzilla.suse.com/show_bug.cgi?id=1224683
* https://bugzilla.suse.com/show_bug.cgi?id=1224686
* https://bugzilla.suse.com/show_bug.cgi?id=1224743
* https://bugzilla.suse.com/show_bug.cgi?id=1224965
* https://bugzilla.suse.com/show_bug.cgi?id=1225229
* https://bugzilla.suse.com/show_bug.cgi?id=1225357
* https://bugzilla.suse.com/show_bug.cgi?id=1225431
* https://bugzilla.suse.com/show_bug.cgi?id=1225478
* https://bugzilla.suse.com/show_bug.cgi?id=1225505
* https://bugzilla.suse.com/show_bug.cgi?id=1225530
* https://bugzilla.suse.com/show_bug.cgi?id=1225532
* https://bugzilla.suse.com/show_bug.cgi?id=1225569
* https://bugzilla.suse.com/show_bug.cgi?id=1225593
* https://bugzilla.suse.com/show_bug.cgi?id=1225835
* https://bugzilla.suse.com/show_bug.cgi?id=1226757
* https://bugzilla.suse.com/show_bug.cgi?id=1226861
* https://bugzilla.suse.com/show_bug.cgi?id=1226994
* https://bugzilla.suse.com/show_bug.cgi?id=1227407
* https://bugzilla.suse.com/show_bug.cgi?id=1227435
* https://bugzilla.suse.com/show_bug.cgi?id=1227487
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240716/855c4c26/attachment.htm>
More information about the sle-updates
mailing list