{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)","title":"Title of the patch"},{"category":"description","text":"This update for the Linux Kernel 5.3.18-150300_59_144 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733).\n- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2024-4179,SUSE-SLE-Module-Live-Patching-15-SP3-2024-4179","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4179-1.json"},{"category":"self","summary":"URL for SUSE-SU-2024:4179-1","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20244179-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2024:4179-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2024-December/019919.html"},{"category":"self","summary":"SUSE Bug 1225733","url":"https://bugzilla.suse.com/1225733"},{"category":"self","summary":"SUSE Bug 1229553","url":"https://bugzilla.suse.com/1229553"},{"category":"self","summary":"SUSE CVE CVE-2024-36904 page","url":"https://www.suse.com/security/cve/CVE-2024-36904/"},{"category":"self","summary":"SUSE CVE CVE-2024-43861 page","url":"https://www.suse.com/security/cve/CVE-2024-43861/"}],"title":"Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)","tracking":{"current_release_date":"2024-12-04T21:05:56Z","generator":{"date":"2024-12-04T21:05:56Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2024:4179-1","initial_release_date":"2024-12-04T21:05:56Z","revision_history":[{"date":"2024-12-04T21:05:56Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.ppc64le","product":{"name":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.ppc64le","product_id":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.s390x","product":{"name":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.s390x","product_id":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.x86_64","product":{"name":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.x86_64","product_id":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.x86_64"}},{"category":"product_version","name":"kernel-livepatch-5_3_18-150300_59_144-preempt-14-150300.2.1.x86_64","product":{"name":"kernel-livepatch-5_3_18-150300_59_144-preempt-14-150300.2.1.x86_64","product_id":"kernel-livepatch-5_3_18-150300_59_144-preempt-14-150300.2.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Live Patching 15 SP3","product":{"name":"SUSE Linux Enterprise Live Patching 15 SP3","product_id":"SUSE Linux Enterprise Live Patching 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-live-patching:15:sp3"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3","product_id":"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.ppc64le"},"product_reference":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3","product_id":"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.s390x"},"product_reference":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3","product_id":"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.x86_64"},"product_reference":"kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP3"}]},"vulnerabilities":[{"cve":"CVE-2024-36904","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-36904"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Use refcount_inc_not_zero() in tcp_twsk_unique().\n\nAnderson Nascimento reported a use-after-free splat in tcp_twsk_unique()\nwith nice analysis.\n\nSince commit ec94c2696f0b (\"tcp/dccp: avoid one atomic operation for\ntimewait hashdance\"), inet_twsk_hashdance() sets TIME-WAIT socket's\nsk_refcnt after putting it into ehash and releasing the bucket lock.\n\nThus, there is a small race window where other threads could try to\nreuse the port during connect() and call sock_hold() in tcp_twsk_unique()\nfor the TIME-WAIT socket with zero refcnt.\n\nIf that happens, the refcnt taken by tcp_twsk_unique() is overwritten\nand sock_put() will cause underflow, triggering a real use-after-free\nsomewhere else.\n\nTo avoid the use-after-free, we need to use refcount_inc_not_zero() in\ntcp_twsk_unique() and give up on reusing the port if it returns false.\n\n[0]:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110\nCPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1\nHardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023\nRIP: 0010:refcount_warn_saturate+0xe5/0x110\nCode: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff <0f> 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8\nRSP: 0018:ffffc90006b43b60 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027\nRDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0\nRBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0\nR10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84\nR13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0\nFS:  00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? refcount_warn_saturate+0xe5/0x110\n ? __warn+0x81/0x130\n ? refcount_warn_saturate+0xe5/0x110\n ? report_bug+0x171/0x1a0\n ? refcount_warn_saturate+0xe5/0x110\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? refcount_warn_saturate+0xe5/0x110\n tcp_twsk_unique+0x186/0x190\n __inet_check_established+0x176/0x2d0\n __inet_hash_connect+0x74/0x7d0\n ? __pfx___inet_check_established+0x10/0x10\n tcp_v4_connect+0x278/0x530\n __inet_stream_connect+0x10f/0x3d0\n inet_stream_connect+0x3a/0x60\n __sys_connect+0xa8/0xd0\n __x64_sys_connect+0x18/0x20\n do_syscall_64+0x83/0x170\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7f62c11a885d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d\nRDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003\nRBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0\nR13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0\n </TASK>","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-36904","url":"https://www.suse.com/security/cve/CVE-2024-36904"},{"category":"external","summary":"SUSE Bug 1225732 for CVE-2024-36904","url":"https://bugzilla.suse.com/1225732"},{"category":"external","summary":"SUSE Bug 1225733 for CVE-2024-36904","url":"https://bugzilla.suse.com/1225733"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-12-04T21:05:56Z","details":"important"}],"title":"CVE-2024-36904"},{"cve":"CVE-2024-43861","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-43861"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-43861","url":"https://www.suse.com/security/cve/CVE-2024-43861"},{"category":"external","summary":"SUSE Bug 1229500 for CVE-2024-43861","url":"https://bugzilla.suse.com/1229500"},{"category":"external","summary":"SUSE Bug 1229553 for CVE-2024-43861","url":"https://bugzilla.suse.com/1229553"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_144-default-14-150300.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-12-04T21:05:56Z","details":"important"}],"title":"CVE-2024-43861"}]}