{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"kernel-devel-6.8.9-1.1 on GA media","title":"Title of the patch"},{"category":"description","text":"These are all security issues fixed in the kernel-devel-6.8.9-1.1 package on the GA media of openSUSE Tumbleweed.","title":"Description of the patch"},{"category":"details","text":"openSUSE-Tumbleweed-2024-13959","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13959-1.json"},{"category":"self","summary":"SUSE CVE CVE-2024-26862 page","url":"https://www.suse.com/security/cve/CVE-2024-26862/"},{"category":"self","summary":"SUSE CVE CVE-2024-26865 page","url":"https://www.suse.com/security/cve/CVE-2024-26865/"}],"title":"kernel-devel-6.8.9-1.1 on GA media","tracking":{"current_release_date":"2024-06-15T00:00:00Z","generator":{"date":"2024-06-15T00:00:00Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2024:13959-1","initial_release_date":"2024-06-15T00:00:00Z","revision_history":[{"date":"2024-06-15T00:00:00Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-devel-6.8.9-1.1.aarch64","product":{"name":"kernel-devel-6.8.9-1.1.aarch64","product_id":"kernel-devel-6.8.9-1.1.aarch64"}},{"category":"product_version","name":"kernel-macros-6.8.9-1.1.aarch64","product":{"name":"kernel-macros-6.8.9-1.1.aarch64","product_id":"kernel-macros-6.8.9-1.1.aarch64"}},{"category":"product_version","name":"kernel-source-6.8.9-1.1.aarch64","product":{"name":"kernel-source-6.8.9-1.1.aarch64","product_id":"kernel-source-6.8.9-1.1.aarch64"}},{"category":"product_version","name":"kernel-source-vanilla-6.8.9-1.1.aarch64","product":{"name":"kernel-source-vanilla-6.8.9-1.1.aarch64","product_id":"kernel-source-vanilla-6.8.9-1.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"kernel-devel-6.8.9-1.1.ppc64le","product":{"name":"kernel-devel-6.8.9-1.1.ppc64le","product_id":"kernel-devel-6.8.9-1.1.ppc64le"}},{"category":"product_version","name":"kernel-macros-6.8.9-1.1.ppc64le","product":{"name":"kernel-macros-6.8.9-1.1.ppc64le","product_id":"kernel-macros-6.8.9-1.1.ppc64le"}},{"category":"product_version","name":"kernel-source-6.8.9-1.1.ppc64le","product":{"name":"kernel-source-6.8.9-1.1.ppc64le","product_id":"kernel-source-6.8.9-1.1.ppc64le"}},{"category":"product_version","name":"kernel-source-vanilla-6.8.9-1.1.ppc64le","product":{"name":"kernel-source-vanilla-6.8.9-1.1.ppc64le","product_id":"kernel-source-vanilla-6.8.9-1.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"kernel-devel-6.8.9-1.1.s390x","product":{"name":"kernel-devel-6.8.9-1.1.s390x","product_id":"kernel-devel-6.8.9-1.1.s390x"}},{"category":"product_version","name":"kernel-macros-6.8.9-1.1.s390x","product":{"name":"kernel-macros-6.8.9-1.1.s390x","product_id":"kernel-macros-6.8.9-1.1.s390x"}},{"category":"product_version","name":"kernel-source-6.8.9-1.1.s390x","product":{"name":"kernel-source-6.8.9-1.1.s390x","product_id":"kernel-source-6.8.9-1.1.s390x"}},{"category":"product_version","name":"kernel-source-vanilla-6.8.9-1.1.s390x","product":{"name":"kernel-source-vanilla-6.8.9-1.1.s390x","product_id":"kernel-source-vanilla-6.8.9-1.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"kernel-devel-6.8.9-1.1.x86_64","product":{"name":"kernel-devel-6.8.9-1.1.x86_64","product_id":"kernel-devel-6.8.9-1.1.x86_64"}},{"category":"product_version","name":"kernel-macros-6.8.9-1.1.x86_64","product":{"name":"kernel-macros-6.8.9-1.1.x86_64","product_id":"kernel-macros-6.8.9-1.1.x86_64"}},{"category":"product_version","name":"kernel-source-6.8.9-1.1.x86_64","product":{"name":"kernel-source-6.8.9-1.1.x86_64","product_id":"kernel-source-6.8.9-1.1.x86_64"}},{"category":"product_version","name":"kernel-source-vanilla-6.8.9-1.1.x86_64","product":{"name":"kernel-source-vanilla-6.8.9-1.1.x86_64","product_id":"kernel-source-vanilla-6.8.9-1.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-devel-6.8.9-1.1.aarch64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.aarch64"},"product_reference":"kernel-devel-6.8.9-1.1.aarch64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-devel-6.8.9-1.1.ppc64le as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.ppc64le"},"product_reference":"kernel-devel-6.8.9-1.1.ppc64le","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-devel-6.8.9-1.1.s390x as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.s390x"},"product_reference":"kernel-devel-6.8.9-1.1.s390x","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-devel-6.8.9-1.1.x86_64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.x86_64"},"product_reference":"kernel-devel-6.8.9-1.1.x86_64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-macros-6.8.9-1.1.aarch64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.aarch64"},"product_reference":"kernel-macros-6.8.9-1.1.aarch64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-macros-6.8.9-1.1.ppc64le as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.ppc64le"},"product_reference":"kernel-macros-6.8.9-1.1.ppc64le","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-macros-6.8.9-1.1.s390x as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.s390x"},"product_reference":"kernel-macros-6.8.9-1.1.s390x","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-macros-6.8.9-1.1.x86_64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.x86_64"},"product_reference":"kernel-macros-6.8.9-1.1.x86_64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-6.8.9-1.1.aarch64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-source-6.8.9-1.1.aarch64"},"product_reference":"kernel-source-6.8.9-1.1.aarch64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-6.8.9-1.1.ppc64le as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-source-6.8.9-1.1.ppc64le"},"product_reference":"kernel-source-6.8.9-1.1.ppc64le","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-6.8.9-1.1.s390x as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-source-6.8.9-1.1.s390x"},"product_reference":"kernel-source-6.8.9-1.1.s390x","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-6.8.9-1.1.x86_64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-source-6.8.9-1.1.x86_64"},"product_reference":"kernel-source-6.8.9-1.1.x86_64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-vanilla-6.8.9-1.1.aarch64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.aarch64"},"product_reference":"kernel-source-vanilla-6.8.9-1.1.aarch64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-vanilla-6.8.9-1.1.ppc64le as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.ppc64le"},"product_reference":"kernel-source-vanilla-6.8.9-1.1.ppc64le","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-vanilla-6.8.9-1.1.s390x as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.s390x"},"product_reference":"kernel-source-vanilla-6.8.9-1.1.s390x","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-vanilla-6.8.9-1.1.x86_64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.x86_64"},"product_reference":"kernel-source-vanilla-6.8.9-1.1.x86_64","relates_to_product_reference":"openSUSE Tumbleweed"}]},"vulnerabilities":[{"cve":"CVE-2024-26862","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-26862"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\npacket: annotate data-races around ignore_outgoing\n\nignore_outgoing is read locklessly from dev_queue_xmit_nit()\nand packet_getsockopt()\n\nAdd appropriate READ_ONCE()/WRITE_ONCE() annotations.\n\nsyzbot reported:\n\nBUG: KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt\n\nwrite to 0xffff888107804542 of 1 bytes by task 22618 on cpu 0:\n packet_setsockopt+0xd83/0xfd0 net/packet/af_packet.c:4003\n do_sock_setsockopt net/socket.c:2311 [inline]\n __sys_setsockopt+0x1d8/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0x66/0x80 net/socket.c:2340\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nread to 0xffff888107804542 of 1 bytes by task 27 on cpu 1:\n dev_queue_xmit_nit+0x82/0x620 net/core/dev.c:2248\n xmit_one net/core/dev.c:3527 [inline]\n dev_hard_start_xmit+0xcc/0x3f0 net/core/dev.c:3547\n __dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n batadv_send_skb_packet+0x264/0x300 net/batman-adv/send.c:108\n batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127\n batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline]\n batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline]\n batadv_iv_send_outstanding_bat_ogm_packet+0x3f0/0x4b0 net/batman-adv/bat_iv_ogm.c:1700\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335\n worker_thread+0x526/0x730 kernel/workqueue.c:3416\n kthread+0x1d1/0x210 kernel/kthread.c:388\n ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n\nvalue changed: 0x00 -> 0x01\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 27 Comm: kworker/u8:1 Tainted: G        W          6.8.0-syzkaller-08073-g480e035fc4c7 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-26862","url":"https://www.suse.com/security/cve/CVE-2024-26862"},{"category":"external","summary":"SUSE Bug 1223111 for CVE-2024-26862","url":"https://bugzilla.suse.com/1223111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"products":["openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2024-26862"},{"cve":"CVE-2024-26865","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-26865"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nrds: tcp: Fix use-after-free of net in reqsk_timer_handler().\n\nsyzkaller reported a warning of netns tracker [0] followed by KASAN\nsplat [1] and another ref tracker warning [1].\n\nsyzkaller could not find a repro, but in the log, the only suspicious\nsequence was as follows:\n\n  18:26:22 executing program 1:\n  r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)\n  ...\n  connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4001, 0x0, @loopback}, 0x1c) (async)\n\nThe notable thing here is 0x4001 in connect(), which is RDS_TCP_PORT.\n\nSo, the scenario would be:\n\n  1. unshare(CLONE_NEWNET) creates a per netns tcp listener in\n      rds_tcp_listen_init().\n  2. syz-executor connect()s to it and creates a reqsk.\n  3. syz-executor exit()s immediately.\n  4. netns is dismantled.  [0]\n  5. reqsk timer is fired, and UAF happens while freeing reqsk.  [1]\n  6. listener is freed after RCU grace period.  [2]\n\nBasically, reqsk assumes that the listener guarantees netns safety\nuntil all reqsk timers are expired by holding the listener's refcount.\nHowever, this was not the case for kernel sockets.\n\nCommit 740ea3c4a0b2 (\"tcp: Clean up kernel listener's reqsk in\ninet_twsk_purge()\") fixed this issue only for per-netns ehash.\n\nLet's apply the same fix for the global ehash.\n\n[0]:\nref_tracker: net notrefcnt@0000000065449cc3 has 1/1 users at\n     sk_alloc (./include/net/net_namespace.h:337 net/core/sock.c:2146)\n     inet6_create (net/ipv6/af_inet6.c:192 net/ipv6/af_inet6.c:119)\n     __sock_create (net/socket.c:1572)\n     rds_tcp_listen_init (net/rds/tcp_listen.c:279)\n     rds_tcp_init_net (net/rds/tcp.c:577)\n     ops_init (net/core/net_namespace.c:137)\n     setup_net (net/core/net_namespace.c:340)\n     copy_net_ns (net/core/net_namespace.c:497)\n     create_new_namespaces (kernel/nsproxy.c:110)\n     unshare_nsproxy_namespaces (kernel/nsproxy.c:228 (discriminator 4))\n     ksys_unshare (kernel/fork.c:3429)\n     __x64_sys_unshare (kernel/fork.c:3496)\n     do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n     entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\n...\nWARNING: CPU: 0 PID: 27 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\n\n[1]:\nBUG: KASAN: slab-use-after-free in inet_csk_reqsk_queue_drop (./include/net/inet_hashtables.h:180 net/ipv4/inet_connection_sock.c:952 net/ipv4/inet_connection_sock.c:966)\nRead of size 8 at addr ffff88801b370400 by task swapper/0/0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <IRQ>\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))\n print_report (mm/kasan/report.c:378 mm/kasan/report.c:488)\n kasan_report (mm/kasan/report.c:603)\n inet_csk_reqsk_queue_drop (./include/net/inet_hashtables.h:180 net/ipv4/inet_connection_sock.c:952 net/ipv4/inet_connection_sock.c:966)\n reqsk_timer_handler (net/ipv4/inet_connection_sock.c:979 net/ipv4/inet_connection_sock.c:1092)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2038)\n run_timer_softirq (kernel/time/timer.c:2053)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:554)\n irq_exit_rcu (kernel/softirq.c:427 kernel/softirq.c:632 kernel/softirq.c:644)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1076 (discriminator 14))\n </IRQ>\n\nAllocated by task 258 on cpu 0 at 83.612050s:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:68)\n __kasan_slab_alloc (mm/kasan/common.c:343)\n kmem_cache_alloc (mm/slub.c:3813 mm/slub.c:3860 mm/slub.c:3867)\n copy_net_ns (./include/linux/slab.h:701 net/core/net_namespace.c:421 net/core/net_namespace.c:480)\n create_new_namespaces (kernel/nsproxy.c:110)\n unshare_nsproxy_name\n---truncated---","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-26865","url":"https://www.suse.com/security/cve/CVE-2024-26865"},{"category":"external","summary":"SUSE Bug 1223062 for CVE-2024-26865","url":"https://bugzilla.suse.com/1223062"},{"category":"external","summary":"SUSE Bug 1223063 for CVE-2024-26865","url":"https://bugzilla.suse.com/1223063"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-devel-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-macros-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-source-6.8.9-1.1.x86_64","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.aarch64","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.ppc64le","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.s390x","openSUSE Tumbleweed:kernel-source-vanilla-6.8.9-1.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"important"}],"title":"CVE-2024-26865"}]}