SUSE-SU-2024:1645-1: important: Security update for the Linux Kernel

SLE-UPDATES null at suse.de
Tue May 14 16:31:48 UTC 2024



# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:1645-1  
Rating: important  
References:

  * bsc#1190576
  * bsc#1192145
  * bsc#1200313
  * bsc#1201489
  * bsc#1203906
  * bsc#1203935
  * bsc#1204614
  * bsc#1211592
  * bsc#1218562
  * bsc#1218917
  * bsc#1219169
  * bsc#1219170
  * bsc#1219264
  * bsc#1220513
  * bsc#1220755
  * bsc#1220854
  * bsc#1221113
  * bsc#1221299
  * bsc#1221543
  * bsc#1221545
  * bsc#1222449
  * bsc#1222482
  * bsc#1222503
  * bsc#1222559
  * bsc#1222624
  * bsc#1222666
  * bsc#1222709
  * bsc#1222790
  * bsc#1222792
  * bsc#1222829
  * bsc#1222876
  * bsc#1222881
  * bsc#1222883
  * bsc#1222894
  * bsc#1222976
  * bsc#1223016
  * bsc#1223057
  * bsc#1223111
  * bsc#1223187
  * bsc#1223202
  * bsc#1223475
  * bsc#1223482
  * bsc#1223509
  * bsc#1223513
  * bsc#1223522
  * bsc#1223824
  * bsc#1223921
  * bsc#1223923
  * bsc#1223931
  * bsc#1223941
  * bsc#1223948
  * bsc#1223952
  * bsc#1223963

  
Cross-References:

  * CVE-2021-46955
  * CVE-2021-47041
  * CVE-2021-47074
  * CVE-2021-47113
  * CVE-2021-47131
  * CVE-2021-47184
  * CVE-2021-47194
  * CVE-2021-47198
  * CVE-2021-47201
  * CVE-2021-47203
  * CVE-2021-47206
  * CVE-2021-47207
  * CVE-2021-47212
  * CVE-2021-47216
  * CVE-2022-48631
  * CVE-2022-48638
  * CVE-2022-48650
  * CVE-2022-48651
  * CVE-2022-48654
  * CVE-2022-48672
  * CVE-2022-48686
  * CVE-2022-48687
  * CVE-2022-48693
  * CVE-2022-48695
  * CVE-2022-48701
  * CVE-2022-48702
  * CVE-2024-0639
  * CVE-2024-23307
  * CVE-2024-26610
  * CVE-2024-26688
  * CVE-2024-26689
  * CVE-2024-26739
  * CVE-2024-26744
  * CVE-2024-26816
  * CVE-2024-26840
  * CVE-2024-26852
  * CVE-2024-26862
  * CVE-2024-26898
  * CVE-2024-26903
  * CVE-2024-26906
  * CVE-2024-27043

  
CVSS scores:

  * CVE-2021-46955 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2021-47041 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2021-47074 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  * CVE-2021-47113 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2021-47131 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2021-47184 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2021-47194 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2021-47194 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2021-47198 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2021-47198 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2021-47201 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2021-47203 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2021-47206 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2021-47207 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2021-47212 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2021-47216 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2022-48631 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48638 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48650 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48651 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48654 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2022-48672 ( SUSE ):  5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  * CVE-2022-48686 ( SUSE ):  3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
  * CVE-2022-48687 ( SUSE ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2022-48693 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48695 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48701 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2022-48702 ( SUSE ):  5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
  * CVE-2024-0639 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-0639 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-23307 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-23307 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-26610 ( SUSE ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  * CVE-2024-26688 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26689 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26739 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26744 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26816 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-26840 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  * CVE-2024-26852 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-26862 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-26898 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-26898 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-26903 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26903 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26906 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-27043 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * SUSE Linux Enterprise Micro 5.1
  * SUSE Linux Enterprise Micro 5.2
  * SUSE Linux Enterprise Micro for Rancher 5.2

  
  
An update that solves 41 vulnerabilities and has 12 security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various
security bugfixes.

The following security bugs were fixed:

  * CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
  * CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second
    ref (bsc#1221543).
  * CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up
    (bsc#1221545).
  * CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in
    ip6_route_mpath_notify() (bsc#1223057).
  * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when
    fragmenting IPv4 packets (bsc#1220513).
  * CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing
    (bsc#1223111).
  * CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock
    found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
  * CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places
    (bsc#1223824).
  * CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries
    == 0 and eh_depth > 0 (bsc#1223475).
  * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
    and ARM md, raid, raid5 modules (bsc#1219169).
  * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
    skb->mac_header (bsc#1223513).
  * CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault()
    (bsc#1223202).
  * CVE-2024-26816: Fixed relocations in .notes section when building with
    CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
  * CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus
    (bsc#1222790).
  * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
  * CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
  * CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755).
  * CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854).
  * CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid
    parameter in rdma/srpt (bsc#1222449).

The following non-security bugs were fixed:

  * dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113).
  * dm: rearrange core declarations for extended use from dm-zone.c
    (bsc#1221113).
  * net/tls: Remove the context from the list in tls_device_down (bsc#1221545).
  * tls: Fix context leak on tls_device_down (bsc#1221545).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Micro 5.1  
    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-1645=1

  * SUSE Linux Enterprise Micro 5.2  
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1645=1

  * SUSE Linux Enterprise Micro for Rancher 5.2  
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1645=1

## Package List:

  * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64)
    * kernel-rt-5.3.18-150300.169.1
  * SUSE Linux Enterprise Micro 5.1 (x86_64)
    * kernel-rt-debugsource-5.3.18-150300.169.1
    * kernel-rt-debuginfo-5.3.18-150300.169.1
  * SUSE Linux Enterprise Micro 5.1 (noarch)
    * kernel-source-rt-5.3.18-150300.169.1
  * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64)
    * kernel-rt-5.3.18-150300.169.1
  * SUSE Linux Enterprise Micro 5.2 (x86_64)
    * kernel-rt-debugsource-5.3.18-150300.169.1
    * kernel-rt-debuginfo-5.3.18-150300.169.1
  * SUSE Linux Enterprise Micro 5.2 (noarch)
    * kernel-source-rt-5.3.18-150300.169.1
  * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64)
    * kernel-rt-5.3.18-150300.169.1
  * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
    * kernel-rt-debugsource-5.3.18-150300.169.1
    * kernel-rt-debuginfo-5.3.18-150300.169.1
  * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
    * kernel-source-rt-5.3.18-150300.169.1

## References:

  * https://www.suse.com/security/cve/CVE-2021-46955.html
  * https://www.suse.com/security/cve/CVE-2021-47041.html
  * https://www.suse.com/security/cve/CVE-2021-47074.html
  * https://www.suse.com/security/cve/CVE-2021-47113.html
  * https://www.suse.com/security/cve/CVE-2021-47131.html
  * https://www.suse.com/security/cve/CVE-2021-47184.html
  * https://www.suse.com/security/cve/CVE-2021-47194.html
  * https://www.suse.com/security/cve/CVE-2021-47198.html
  * https://www.suse.com/security/cve/CVE-2021-47201.html
  * https://www.suse.com/security/cve/CVE-2021-47203.html
  * https://www.suse.com/security/cve/CVE-2021-47206.html
  * https://www.suse.com/security/cve/CVE-2021-47207.html
  * https://www.suse.com/security/cve/CVE-2021-47212.html
  * https://www.suse.com/security/cve/CVE-2021-47216.html
  * https://www.suse.com/security/cve/CVE-2022-48631.html
  * https://www.suse.com/security/cve/CVE-2022-48638.html
  * https://www.suse.com/security/cve/CVE-2022-48650.html
  * https://www.suse.com/security/cve/CVE-2022-48651.html
  * https://www.suse.com/security/cve/CVE-2022-48654.html
  * https://www.suse.com/security/cve/CVE-2022-48672.html
  * https://www.suse.com/security/cve/CVE-2022-48686.html
  * https://www.suse.com/security/cve/CVE-2022-48687.html
  * https://www.suse.com/security/cve/CVE-2022-48693.html
  * https://www.suse.com/security/cve/CVE-2022-48695.html
  * https://www.suse.com/security/cve/CVE-2022-48701.html
  * https://www.suse.com/security/cve/CVE-2022-48702.html
  * https://www.suse.com/security/cve/CVE-2024-0639.html
  * https://www.suse.com/security/cve/CVE-2024-23307.html
  * https://www.suse.com/security/cve/CVE-2024-26610.html
  * https://www.suse.com/security/cve/CVE-2024-26688.html
  * https://www.suse.com/security/cve/CVE-2024-26689.html
  * https://www.suse.com/security/cve/CVE-2024-26739.html
  * https://www.suse.com/security/cve/CVE-2024-26744.html
  * https://www.suse.com/security/cve/CVE-2024-26816.html
  * https://www.suse.com/security/cve/CVE-2024-26840.html
  * https://www.suse.com/security/cve/CVE-2024-26852.html
  * https://www.suse.com/security/cve/CVE-2024-26862.html
  * https://www.suse.com/security/cve/CVE-2024-26898.html
  * https://www.suse.com/security/cve/CVE-2024-26903.html
  * https://www.suse.com/security/cve/CVE-2024-26906.html
  * https://www.suse.com/security/cve/CVE-2024-27043.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1190576
  * https://bugzilla.suse.com/show_bug.cgi?id=1192145
  * https://bugzilla.suse.com/show_bug.cgi?id=1200313
  * https://bugzilla.suse.com/show_bug.cgi?id=1201489
  * https://bugzilla.suse.com/show_bug.cgi?id=1203906
  * https://bugzilla.suse.com/show_bug.cgi?id=1203935
  * https://bugzilla.suse.com/show_bug.cgi?id=1204614
  * https://bugzilla.suse.com/show_bug.cgi?id=1211592
  * https://bugzilla.suse.com/show_bug.cgi?id=1218562
  * https://bugzilla.suse.com/show_bug.cgi?id=1218917
  * https://bugzilla.suse.com/show_bug.cgi?id=1219169
  * https://bugzilla.suse.com/show_bug.cgi?id=1219170
  * https://bugzilla.suse.com/show_bug.cgi?id=1219264
  * https://bugzilla.suse.com/show_bug.cgi?id=1220513
  * https://bugzilla.suse.com/show_bug.cgi?id=1220755
  * https://bugzilla.suse.com/show_bug.cgi?id=1220854
  * https://bugzilla.suse.com/show_bug.cgi?id=1221113
  * https://bugzilla.suse.com/show_bug.cgi?id=1221299
  * https://bugzilla.suse.com/show_bug.cgi?id=1221543
  * https://bugzilla.suse.com/show_bug.cgi?id=1221545
  * https://bugzilla.suse.com/show_bug.cgi?id=1222449
  * https://bugzilla.suse.com/show_bug.cgi?id=1222482
  * https://bugzilla.suse.com/show_bug.cgi?id=1222503
  * https://bugzilla.suse.com/show_bug.cgi?id=1222559
  * https://bugzilla.suse.com/show_bug.cgi?id=1222624
  * https://bugzilla.suse.com/show_bug.cgi?id=1222666
  * https://bugzilla.suse.com/show_bug.cgi?id=1222709
  * https://bugzilla.suse.com/show_bug.cgi?id=1222790
  * https://bugzilla.suse.com/show_bug.cgi?id=1222792
  * https://bugzilla.suse.com/show_bug.cgi?id=1222829
  * https://bugzilla.suse.com/show_bug.cgi?id=1222876
  * https://bugzilla.suse.com/show_bug.cgi?id=1222881
  * https://bugzilla.suse.com/show_bug.cgi?id=1222883
  * https://bugzilla.suse.com/show_bug.cgi?id=1222894
  * https://bugzilla.suse.com/show_bug.cgi?id=1222976
  * https://bugzilla.suse.com/show_bug.cgi?id=1223016
  * https://bugzilla.suse.com/show_bug.cgi?id=1223057
  * https://bugzilla.suse.com/show_bug.cgi?id=1223111
  * https://bugzilla.suse.com/show_bug.cgi?id=1223187
  * https://bugzilla.suse.com/show_bug.cgi?id=1223202
  * https://bugzilla.suse.com/show_bug.cgi?id=1223475
  * https://bugzilla.suse.com/show_bug.cgi?id=1223482
  * https://bugzilla.suse.com/show_bug.cgi?id=1223509
  * https://bugzilla.suse.com/show_bug.cgi?id=1223513
  * https://bugzilla.suse.com/show_bug.cgi?id=1223522
  * https://bugzilla.suse.com/show_bug.cgi?id=1223824
  * https://bugzilla.suse.com/show_bug.cgi?id=1223921
  * https://bugzilla.suse.com/show_bug.cgi?id=1223923
  * https://bugzilla.suse.com/show_bug.cgi?id=1223931
  * https://bugzilla.suse.com/show_bug.cgi?id=1223941
  * https://bugzilla.suse.com/show_bug.cgi?id=1223948
  * https://bugzilla.suse.com/show_bug.cgi?id=1223952
  * https://bugzilla.suse.com/show_bug.cgi?id=1223963

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240514/3377a5e4/attachment.htm>


More information about the sle-updates mailing list