klp-build-0~20240902.c95cc9e-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14314-1 Final 1 1 2024-09-05T00:00:00Z current 2024-09-05T00:00:00Z 2024-09-05T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z klp-build-0~20240902.c95cc9e-1.1 on GA media These are all security issues fixed in the klp-build-0~20240902.c95cc9e-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14314 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-0775/ SUSE CVE CVE-2024-0775 page https://www.suse.com/security/cve/CVE-2024-35817/ SUSE CVE CVE-2024-35817 page https://www.suse.com/security/cve/CVE-2024-36921/ SUSE CVE CVE-2024-36921 page openSUSE Tumbleweed klp-build-0~20240902.c95cc9e-1.1 klp-build-0~20240902.c95cc9e-1.1 as a component of openSUSE Tumbleweed A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. CVE-2024-0775 openSUSE Tumbleweed:klp-build-0~20240902.c95cc9e-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0775.html CVE-2024-0775 https://bugzilla.suse.com/1219053 SUSE Bug 1219053 https://bugzilla.suse.com/1219082 SUSE Bug 1219082 https://bugzilla.suse.com/1224298 SUSE Bug 1224298 https://bugzilla.suse.com/1224878 SUSE Bug 1224878 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Otherwise after the GTT bo is released, the GTT and gart space is freed but amdgpu_ttm_backend_unbind will not clear the gart page table entry and leave valid mapping entry pointing to the stale system page. Then if GPU access the gart address mistakely, it will read undefined value instead page fault, harder to debug and reproduce the real issue. CVE-2024-35817 openSUSE Tumbleweed:klp-build-0~20240902.c95cc9e-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-35817.html CVE-2024-35817 https://bugzilla.suse.com/1224736 SUSE Bug 1224736 https://bugzilla.suse.com/1225313 SUSE Bug 1225313 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: guard against invalid STA ID on removal Guard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would result in out-of-bounds array accesses. This prevents issues should the driver get into a bad state during error handling. CVE-2024-36921 openSUSE Tumbleweed:klp-build-0~20240902.c95cc9e-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-36921.html CVE-2024-36921 https://bugzilla.suse.com/1225769 SUSE Bug 1225769 https://bugzilla.suse.com/1225850 SUSE Bug 1225850