SUSE-SU-2024:1645-1: important: Security update for the Linux Kernel
SLE-UPDATES
null at suse.de
Tue May 14 16:31:48 UTC 2024
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:1645-1
Rating: important
References:
* bsc#1190576
* bsc#1192145
* bsc#1200313
* bsc#1201489
* bsc#1203906
* bsc#1203935
* bsc#1204614
* bsc#1211592
* bsc#1218562
* bsc#1218917
* bsc#1219169
* bsc#1219170
* bsc#1219264
* bsc#1220513
* bsc#1220755
* bsc#1220854
* bsc#1221113
* bsc#1221299
* bsc#1221543
* bsc#1221545
* bsc#1222449
* bsc#1222482
* bsc#1222503
* bsc#1222559
* bsc#1222624
* bsc#1222666
* bsc#1222709
* bsc#1222790
* bsc#1222792
* bsc#1222829
* bsc#1222876
* bsc#1222881
* bsc#1222883
* bsc#1222894
* bsc#1222976
* bsc#1223016
* bsc#1223057
* bsc#1223111
* bsc#1223187
* bsc#1223202
* bsc#1223475
* bsc#1223482
* bsc#1223509
* bsc#1223513
* bsc#1223522
* bsc#1223824
* bsc#1223921
* bsc#1223923
* bsc#1223931
* bsc#1223941
* bsc#1223948
* bsc#1223952
* bsc#1223963
Cross-References:
* CVE-2021-46955
* CVE-2021-47041
* CVE-2021-47074
* CVE-2021-47113
* CVE-2021-47131
* CVE-2021-47184
* CVE-2021-47194
* CVE-2021-47198
* CVE-2021-47201
* CVE-2021-47203
* CVE-2021-47206
* CVE-2021-47207
* CVE-2021-47212
* CVE-2021-47216
* CVE-2022-48631
* CVE-2022-48638
* CVE-2022-48650
* CVE-2022-48651
* CVE-2022-48654
* CVE-2022-48672
* CVE-2022-48686
* CVE-2022-48687
* CVE-2022-48693
* CVE-2022-48695
* CVE-2022-48701
* CVE-2022-48702
* CVE-2024-0639
* CVE-2024-23307
* CVE-2024-26610
* CVE-2024-26688
* CVE-2024-26689
* CVE-2024-26739
* CVE-2024-26744
* CVE-2024-26816
* CVE-2024-26840
* CVE-2024-26852
* CVE-2024-26862
* CVE-2024-26898
* CVE-2024-26903
* CVE-2024-26906
* CVE-2024-27043
CVSS scores:
* CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-47041 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47074 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2021-47113 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47131 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47184 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47194 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47194 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47198 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47198 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47203 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47206 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47207 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47212 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47216 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2022-48631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-48638 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-48650 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48654 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2022-48672 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2022-48686 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2022-48687 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2022-48693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-48695 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-48701 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2022-48702 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2024-0639 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0639 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26688 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26689 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26816 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26840 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26898 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26898 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26903 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26903 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26906 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-27043 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
An update that solves 41 vulnerabilities and has 12 security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various
security bugfixes.
The following security bugs were fixed:
* CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
* CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second
ref (bsc#1221543).
* CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up
(bsc#1221545).
* CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in
ip6_route_mpath_notify() (bsc#1223057).
* CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when
fragmenting IPv4 packets (bsc#1220513).
* CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing
(bsc#1223111).
* CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock
found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
* CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places
(bsc#1223824).
* CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries
== 0 and eh_depth > 0 (bsc#1223475).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1219169).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223513).
* CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault()
(bsc#1223202).
* CVE-2024-26816: Fixed relocations in .notes section when building with
CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
* CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus
(bsc#1222790).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
* CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
* CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755).
* CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854).
* CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid
parameter in rdma/srpt (bsc#1222449).
The following non-security bugs were fixed:
* dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113).
* dm: rearrange core declarations for extended use from dm-zone.c
(bsc#1221113).
* net/tls: Remove the context from the list in tls_device_down (bsc#1221545).
* tls: Fix context leak on tls_device_down (bsc#1221545).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-1645=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1645=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1645=1
## Package List:
* SUSE Linux Enterprise Micro 5.1 (nosrc x86_64)
* kernel-rt-5.3.18-150300.169.1
* SUSE Linux Enterprise Micro 5.1 (x86_64)
* kernel-rt-debugsource-5.3.18-150300.169.1
* kernel-rt-debuginfo-5.3.18-150300.169.1
* SUSE Linux Enterprise Micro 5.1 (noarch)
* kernel-source-rt-5.3.18-150300.169.1
* SUSE Linux Enterprise Micro 5.2 (nosrc x86_64)
* kernel-rt-5.3.18-150300.169.1
* SUSE Linux Enterprise Micro 5.2 (x86_64)
* kernel-rt-debugsource-5.3.18-150300.169.1
* kernel-rt-debuginfo-5.3.18-150300.169.1
* SUSE Linux Enterprise Micro 5.2 (noarch)
* kernel-source-rt-5.3.18-150300.169.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64)
* kernel-rt-5.3.18-150300.169.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
* kernel-rt-debugsource-5.3.18-150300.169.1
* kernel-rt-debuginfo-5.3.18-150300.169.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
* kernel-source-rt-5.3.18-150300.169.1
## References:
* https://www.suse.com/security/cve/CVE-2021-46955.html
* https://www.suse.com/security/cve/CVE-2021-47041.html
* https://www.suse.com/security/cve/CVE-2021-47074.html
* https://www.suse.com/security/cve/CVE-2021-47113.html
* https://www.suse.com/security/cve/CVE-2021-47131.html
* https://www.suse.com/security/cve/CVE-2021-47184.html
* https://www.suse.com/security/cve/CVE-2021-47194.html
* https://www.suse.com/security/cve/CVE-2021-47198.html
* https://www.suse.com/security/cve/CVE-2021-47201.html
* https://www.suse.com/security/cve/CVE-2021-47203.html
* https://www.suse.com/security/cve/CVE-2021-47206.html
* https://www.suse.com/security/cve/CVE-2021-47207.html
* https://www.suse.com/security/cve/CVE-2021-47212.html
* https://www.suse.com/security/cve/CVE-2021-47216.html
* https://www.suse.com/security/cve/CVE-2022-48631.html
* https://www.suse.com/security/cve/CVE-2022-48638.html
* https://www.suse.com/security/cve/CVE-2022-48650.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48654.html
* https://www.suse.com/security/cve/CVE-2022-48672.html
* https://www.suse.com/security/cve/CVE-2022-48686.html
* https://www.suse.com/security/cve/CVE-2022-48687.html
* https://www.suse.com/security/cve/CVE-2022-48693.html
* https://www.suse.com/security/cve/CVE-2022-48695.html
* https://www.suse.com/security/cve/CVE-2022-48701.html
* https://www.suse.com/security/cve/CVE-2022-48702.html
* https://www.suse.com/security/cve/CVE-2024-0639.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26688.html
* https://www.suse.com/security/cve/CVE-2024-26689.html
* https://www.suse.com/security/cve/CVE-2024-26739.html
* https://www.suse.com/security/cve/CVE-2024-26744.html
* https://www.suse.com/security/cve/CVE-2024-26816.html
* https://www.suse.com/security/cve/CVE-2024-26840.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26862.html
* https://www.suse.com/security/cve/CVE-2024-26898.html
* https://www.suse.com/security/cve/CVE-2024-26903.html
* https://www.suse.com/security/cve/CVE-2024-26906.html
* https://www.suse.com/security/cve/CVE-2024-27043.html
* https://bugzilla.suse.com/show_bug.cgi?id=1190576
* https://bugzilla.suse.com/show_bug.cgi?id=1192145
* https://bugzilla.suse.com/show_bug.cgi?id=1200313
* https://bugzilla.suse.com/show_bug.cgi?id=1201489
* https://bugzilla.suse.com/show_bug.cgi?id=1203906
* https://bugzilla.suse.com/show_bug.cgi?id=1203935
* https://bugzilla.suse.com/show_bug.cgi?id=1204614
* https://bugzilla.suse.com/show_bug.cgi?id=1211592
* https://bugzilla.suse.com/show_bug.cgi?id=1218562
* https://bugzilla.suse.com/show_bug.cgi?id=1218917
* https://bugzilla.suse.com/show_bug.cgi?id=1219169
* https://bugzilla.suse.com/show_bug.cgi?id=1219170
* https://bugzilla.suse.com/show_bug.cgi?id=1219264
* https://bugzilla.suse.com/show_bug.cgi?id=1220513
* https://bugzilla.suse.com/show_bug.cgi?id=1220755
* https://bugzilla.suse.com/show_bug.cgi?id=1220854
* https://bugzilla.suse.com/show_bug.cgi?id=1221113
* https://bugzilla.suse.com/show_bug.cgi?id=1221299
* https://bugzilla.suse.com/show_bug.cgi?id=1221543
* https://bugzilla.suse.com/show_bug.cgi?id=1221545
* https://bugzilla.suse.com/show_bug.cgi?id=1222449
* https://bugzilla.suse.com/show_bug.cgi?id=1222482
* https://bugzilla.suse.com/show_bug.cgi?id=1222503
* https://bugzilla.suse.com/show_bug.cgi?id=1222559
* https://bugzilla.suse.com/show_bug.cgi?id=1222624
* https://bugzilla.suse.com/show_bug.cgi?id=1222666
* https://bugzilla.suse.com/show_bug.cgi?id=1222709
* https://bugzilla.suse.com/show_bug.cgi?id=1222790
* https://bugzilla.suse.com/show_bug.cgi?id=1222792
* https://bugzilla.suse.com/show_bug.cgi?id=1222829
* https://bugzilla.suse.com/show_bug.cgi?id=1222876
* https://bugzilla.suse.com/show_bug.cgi?id=1222881
* https://bugzilla.suse.com/show_bug.cgi?id=1222883
* https://bugzilla.suse.com/show_bug.cgi?id=1222894
* https://bugzilla.suse.com/show_bug.cgi?id=1222976
* https://bugzilla.suse.com/show_bug.cgi?id=1223016
* https://bugzilla.suse.com/show_bug.cgi?id=1223057
* https://bugzilla.suse.com/show_bug.cgi?id=1223111
* https://bugzilla.suse.com/show_bug.cgi?id=1223187
* https://bugzilla.suse.com/show_bug.cgi?id=1223202
* https://bugzilla.suse.com/show_bug.cgi?id=1223475
* https://bugzilla.suse.com/show_bug.cgi?id=1223482
* https://bugzilla.suse.com/show_bug.cgi?id=1223509
* https://bugzilla.suse.com/show_bug.cgi?id=1223513
* https://bugzilla.suse.com/show_bug.cgi?id=1223522
* https://bugzilla.suse.com/show_bug.cgi?id=1223824
* https://bugzilla.suse.com/show_bug.cgi?id=1223921
* https://bugzilla.suse.com/show_bug.cgi?id=1223923
* https://bugzilla.suse.com/show_bug.cgi?id=1223931
* https://bugzilla.suse.com/show_bug.cgi?id=1223941
* https://bugzilla.suse.com/show_bug.cgi?id=1223948
* https://bugzilla.suse.com/show_bug.cgi?id=1223952
* https://bugzilla.suse.com/show_bug.cgi?id=1223963
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240514/3377a5e4/attachment.htm>
More information about the sle-updates
mailing list