kernel-devel-6.7.9-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13767-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kernel-devel-6.7.9-1.1 on GA media These are all security issues fixed in the kernel-devel-6.7.9-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13767 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-52456/ SUSE CVE CVE-2023-52456 page https://www.suse.com/security/cve/CVE-2023-52457/ SUSE CVE CVE-2023-52457 page https://www.suse.com/security/cve/CVE-2023-52459/ SUSE CVE CVE-2023-52459 page https://www.suse.com/security/cve/CVE-2023-52461/ SUSE CVE CVE-2023-52461 page https://www.suse.com/security/cve/CVE-2024-26605/ SUSE CVE CVE-2024-26605 page openSUSE Tumbleweed kernel-devel-6.7.9-1.1 kernel-macros-6.7.9-1.1 kernel-source-6.7.9-1.1 kernel-source-vanilla-6.7.9-1.1 kernel-devel-6.7.9-1.1 as a component of openSUSE Tumbleweed kernel-macros-6.7.9-1.1 as a component of openSUSE Tumbleweed kernel-source-6.7.9-1.1 as a component of openSUSE Tumbleweed kernel-source-vanilla-6.7.9-1.1 as a component of openSUSE Tumbleweed In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TX_EN pin. When the TTY port is closed in the middle of a transmission (for instance during userland application crash), imx_uart_shutdown disables the interface and disables the Transmission Complete interrupt. afer that, imx_uart_stop_tx bails on an incomplete transmission, to be retriggered by the TC interrupt. This interrupt is disabled and therefore the tx statemachine never transitions out of SEND. The statemachine is in deadlock now, and the TX_EN remains low, making the interface useless. imx_uart_stop_tx now checks for incomplete transmission AND whether TC interrupts are enabled before bailing to be retriggered. This makes sure the state machine handling is reached, and is properly set to WAIT_AFTER_SEND. CVE-2023-52456 openSUSE Tumbleweed:kernel-devel-6.7.9-1.1 openSUSE Tumbleweed:kernel-macros-6.7.9-1.1 openSUSE Tumbleweed:kernel-source-6.7.9-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-52456.html CVE-2023-52456 https://bugzilla.suse.com/1220364 SUSE Bug 1220364 In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Returning an error code from .remove() makes the driver core emit the little helpful error message: remove callback returned a non-zero value. This will be ignored. and then remove the device anyhow. So all resources that were not freed are leaked in this case. Skipping serial8250_unregister_port() has the potential to keep enough of the UART around to trigger a use-after-free. So replace the error return (and with it the little helpful error message) by a more useful error message and continue to cleanup. CVE-2023-52457 openSUSE Tumbleweed:kernel-devel-6.7.9-1.1 openSUSE Tumbleweed:kernel-macros-6.7.9-1.1 openSUSE Tumbleweed:kernel-source-6.7.9-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-52457.html CVE-2023-52457 https://bugzilla.suse.com/1220350 SUSE Bug 1220350 In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix duplicated list deletion The list deletion call dropped here is already called from the helper function in the line before. Having a second list_del() call results in either a warning (with CONFIG_DEBUG_LIST=y): list_del corruption, c46c8198->next is LIST_POISON1 (00000100) If CONFIG_DEBUG_LIST is disabled the operation results in a kernel error due to NULL pointer dereference. CVE-2023-52459 openSUSE Tumbleweed:kernel-devel-6.7.9-1.1 openSUSE Tumbleweed:kernel-macros-6.7.9-1.1 openSUSE Tumbleweed:kernel-source-6.7.9-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-52459.html CVE-2023-52459 https://bugzilla.suse.com/1220318 SUSE Bug 1220318 In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drm_sched_entity_init()--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the expression which sets this limit. CVE-2023-52461 openSUSE Tumbleweed:kernel-devel-6.7.9-1.1 openSUSE Tumbleweed:kernel-macros-6.7.9-1.1 openSUSE Tumbleweed:kernel-source-6.7.9-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-52461.html CVE-2023-52461 https://bugzilla.suse.com/1220322 SUSE Bug 1220322 In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep: ============================================ WARNING: possible recursive locking detected 6.7.0 #40 Not tainted -------------------------------------------- kworker/u16:5/90 is trying to acquire lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc but task is already holding lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(pci_bus_sem); lock(pci_bus_sem); *** DEADLOCK *** Call trace: print_deadlock_bug+0x25c/0x348 __lock_acquire+0x10a4/0x2064 lock_acquire+0x1e8/0x318 down_read+0x60/0x184 pcie_aspm_pm_state_change+0x58/0xdc pci_set_full_power_state+0xa8/0x114 pci_set_power_state+0xc4/0x120 qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom] pci_walk_bus+0x64/0xbc qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom] The deadlock can easily be reproduced on machines like the Lenovo ThinkPad X13s by adding a delay to increase the race window during asynchronous probe where another thread can take a write lock. Add a new pci_set_power_state_locked() and associated helper functions that can be called with the PCI bus semaphore held to avoid taking the read lock twice. CVE-2024-26605 openSUSE Tumbleweed:kernel-devel-6.7.9-1.1 openSUSE Tumbleweed:kernel-macros-6.7.9-1.1 openSUSE Tumbleweed:kernel-source-6.7.9-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-26605.html CVE-2024-26605 https://bugzilla.suse.com/1220336 SUSE Bug 1220336