SUSE-IU-2024:331-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2024:331-1 Interim 1 1 2025-01-26T22:27:46Z current 2024-04-26T01:00:00Z 2024-04-26T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2024:331-1 / google/sles-12-sp5-sap-byos-v20240426-x86-64 This image update for google/sles-12-sp5-sap-byos-v20240426-x86-64 contains the following changes: Package perl-Bootloader was updated: - merge gh#openSUSE/perl-bootloader#166- log grub2-install errors correctly (bsc#1221470) - 0.947 - merge gh#openSUSE/perl-bootloader#161 - support old grub versions (&lt;= 2.02) that used /usr/lib (bsc#1218842) - create EFI boot fallback directory if necessary - 0.946 - merge gh#openSUSE/perl-bootloader#157 - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode - 0.945 Package graphviz was updated: - Add patch graphviz-2.28.0-reproducibledate.patch * Reproducibility of the builds (bsc#1212157) Package libzypp was updated: - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - version 16.22.12 (0) Package util-linux was updated: - Properly neutralize escape sequences in wall (util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085, and its prerequisites: util-linux-fputs_careful1.patch, util-linux-wall-migrate-to-memstream.patch util-linux-fputs_careful2.patch). Package wicked was updated: - client: do not convert sec to msec twice (bsc#1222105) [+ 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch] - addrconf: fix fallback-lease drop (bsc#1220996) [+ 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch] - extensions/nbft: use upstream `nvme nbft show` (bsc#1221358) [+ 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch] - hide secrets in debug log (bsc#1221194) [+ 0003-move-all-attribute-definitions-to-compiler-h.patch] [+ 0004-hide-secrets-in-debug-log-bsc-1221194.patch] - update to version 0.6.74 + team: add new options like link_watch_policy (jsc#PED-7183) + Fix memory leaks in dbus variant destroy and fsm free (gh#openSUSE/wicked#1001) + xpath: allow underscore in node identifier (gh#openSUSE/wicked#999) + vxlan: don't format unknown rtnl attrs (bsc#1219751) - removed patches included in the source archive: [- 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch] [- 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch] [- 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch] [- 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch] [- 0005-duid-fix-comment-for-v6time.patch] [- 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch] [- 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch] [- 0002-system-updater-Parse-updater-format-from-XML-configu.patch] [- 0001-fix_arp_notify_loop_and_burst_sending.patch] - ifreload: VLAN changes require device deletion (bsc#1218927) [+ 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch] - ifcheck: fix config changed check (bsc#1218926) [+ 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch] - client: fix exit code for no-carrier status (bsc#1219265) [+ 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch] - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) [+ 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch] - duid: fix comment for v6time (https://github.com/openSUSE/wicked/pull/989) [+ 0005-duid-fix-comment-for-v6time.patch] - rtnl: fix peer address parsing for non ptp-interfaces (https://github.com/openSUSE/wicked/pull/987, https://github.com/openSUSE/wicked/pull/988) [+ 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch] [+ 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch] - system-updater: Parse updater format from XML configuration to ensure install calls can run. (https://github.com/openSUSE/wicked/pull/985) [+ 0002-system-updater-Parse-updater-format-from-XML-configu.patch] Package sudo was updated: - Fix NOPASSWD issue introduced by patches for CVE-2023-42465 [bsc#1221151, bsc#1221134] * Update sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch * Enable running regression selftests during build time. - Security fix: [bsc#1219026, bsc#1220389, CVE-2023-42465] * Try to make sudo less vulnerable to ROWHAMMER attacks. * Add sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch Package SAPHanaSR was updated: - Version bump to 0.162.3 * Fix the hexdump log for empty node states * catch monitor calls for non-cloned resources and report them as unsupported instead of 'command not found' (bsc#1218333) * fix scope of variable 'site' to be global (bsc#1219194) * susChkSrv.py - relocate function logTimestamp() * update man pages: SAPHanaSR.7 ocf_suse_SAPHana.7 SAPHanaSR_maintenance_examples.7 SAPHanaSR.py.7 SAPHanaSR-showAttr.8 Package python3 was updated: - Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing gh#python/cpython#108310, backport from upstream patch gh#python/cpython#108315 (bsc#1214692, CVE-2023-40217) - (bsc#1219666, CVE-2023-6597) Add CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory. - Repurpose skip-failing-tests.patch to increase timeout for test.test_asyncio.test_tasks.TimeoutTests.test_timeout_time, which fails on slow machines in IBS (s390x). - Refresh CVE-2023-27043-email-parsing-errors.patch from gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). Package cpio was updated: - Fix cpio not working after the fix in bsc#1218571, fixes bsc#1219238 * fix-bsc1219238.patch - Fix CVE-2023-7207, path traversal vulnerability (bsc#1218571) * fix-CVE-2023-7207.patch Package python-idna was updated: - Add CVE-2024-3651.patch, backported from upstream commit gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7 (bsc#1222842, CVE-2024-3651) Package systemd was updated: - Import commit 15ca9f01c18a8037bf26b1a85fee344c65944268 eedf77456d util: improve comments why we ignore EACCES and EPERM 2018a0d492 util: bind_remount_recursive_with_mountinfo(): ignore submounts which cannot be accessed 4c98cb57e2 namespace: don't fail on masked mounts (#3794) (bsc#1220285) 7dd5e84ab6 man: Document ranges for distributions config files and local config files 7282534592 Recommend drop-ins over modifications to the main config file 29e632c34a man: reword the description of &quot;main conf file&quot; e903f529e8 man: rework section about configuration file precedence 4438e1be12 man: document paths under /usr/local in standard-conf.xml Package cloud-netconfig was updated: - Update to version 1.14 + Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757) - Add version settings to Provides/Obsoletes - Update to version 1.12 (bsc#1221202) + If token access succeeds using IPv4 do not use the IPv6 endpoint only use the IPv6 IMDS endpoint if IPv4 access fails. - Add Provides/Obsoletes for dropped cloud-netconfig-nm - Install dispatcher script into /etc/NetworkManager/dispatcher.d on older distributions - Add BuildReqires: NetworkManager to avoid owning dispatcher.d parent directory - Update to version 1.11: + Revert address metadata lookup in GCE to local lookup (bsc#1219454) + Fix hang on warning log messages + Check whether getting IPv4 addresses from metadata failed and abort if true + Only delete policy rules if they exist + Skip adding/removing IPv4 ranges if metdata lookup failed + Improve error handling and logging in Azure + Set SCRIPTDIR when installing netconfig wrapper - Update to version 1.10: + Drop cloud-netconfig-nm sub package and include NM dispatcher script in main packages (bsc#1219007) + Spec file cleanup - Update to version 1.9: + Drop package dependency on sysconfig-netconfig + Improve log level handling + Support IPv6 IMDS endpoint in EC2 (bsc#1218069) Package xterm was updated: - xterm-reset-parsing-state.patch: A bug in the parser for several escape sequences causes the first character following the sequence to be ignored (bsc#1220585). Patch backported from version 335n. Package google-guest-agent was updated: - Add explicit versioned dependency on google-guest-oslogin (bsc#1219642) - Update to version 20231031.01 (bsc#1216547, bsc#1216751) * Add prefix to scheduler logs (#325) - from version 20231030.00 * Test configuration files are loaded in the documented order. Fix initial integration test. (#324) * Enable mTLS by default (#323) - from version 20231026.00 * Rotate MDS root certificate (#322) - from version 20231020.00 * Update response struct, add tests (#315) * Don't try to schedule mTLS job twice (#317) - from version 20231019.00 * snapshot: Add context cancellation handling (#318) - Bump the golang compiler version to 1.21 (bsc#1216546) - Update to version 20231016.00 * instance setup: trust/rely on metadata package's retry (#316) - from version 20231013.01 * Update known cert dirs for updaters (#314) - from version 20231011.00 * Verify cert refresher is enabled before running (#312) - from version 20231009.00 * Add support for the SSH key options (#296) - from version 20231006.01 * Events interface improvement (#290) - from version 20231006.00 * Refactor script runner to use common metadata package (#311) * Schedule MTLS job before notifying systemd (#310) * Refactor authorized keys to use metadata package (#300) - from version 20231005.00 * docs update: add configuration and event manager's docs. (#309) - from version 20231004.01 * Fix license header (#301) * packaging(deb): add epoch to oslogin dep declaration (#308) - from version 20231004.00 * packaging(deb): ignore suffix of version (#306) * packaging: force epoch and ignore suffix of version (#305) - from version 20231003.01 * oslogin: declare explicitly dependency (#304) * oslogin: remove Unstable.pamless_auth_stack feature flag (#303) - from version 20231003.00 * oslogin: resort ssh configuration keys (#299) - from version 20230925.00 * oslogin: introduce a feature flag to cert auth (#298) - from version 20230923.00 * gitignore: unify ignore in the root dir (#297) - from version 20230921.01 * managers: we accidentally disabled addressMgr, bring it back (#295) * cfg: fix typos (#294) * cfg: config typos (#293) * cfg: introduce a configuration management package (#288) - from version 20230921.00 * mtls: bring it back (#292) - from version 20230920.01 * Fix permissions on file created by SaferWriteFile() (#291) - from version 20230920.00 * sshca: re-enable the event watcher &amp; handler (#289) - from version 20230919.01 * oslogin: add PAMless Authorization Stack configuration (#285) - from version 20230919.00 * Preparing it for review (#287) * sshca: make sure to restore SELinux context of the pipe (#286) * remove deprecated usage, fix warnings (#282) * Update system store (#278) * Update workload certificate endpoints, use metadata package (#275) * metadata: use url package to form metadata URLs (#284) - from version 20230913.00 * release prep: disable ssh trusted ca module (#281) - from version 20230912.00 * New Guest Agent Release (#280) - from version 20230909.00 * Revert &quot;service: remove the use of the service library (#273)&quot; (#276) * service: remove the use of the service library (#273) - from version 20230906.01 * Store keys to machine keyset (#272) - from version 20230905.00 * restorecon: first try to determine if it's installed (#271) * run: change all commands to use CommandContext (#268) * Notify systemd after scheduling required jobs (#270) * Store certs in ProgramData instead of Program Files (#269) * metadata watcher: remove local retry &amp; implement unit tests (#267) * run: split command running utilities into its own package (#265) - Update to version 20230828.00 * snapshot: Use main context rather than create its own (#266) - from version 20230825.01 * Verify if cert was successfully added to certpool (#264) - from version 20230825.00 * Find previous cert for cleanup using one stored on disk (#263) - from version 20230823.00 * Revert &quot;sshtrustedca: configure selinux context for sshtrustedca pipe (#256)&quot; (#262) * Update credentials directory on Linux (#260) - from version 20230821.00 * Update owners (#261) - from version 20230819.00 * Revert &quot;guest-agent: prepare for public release (#258)&quot; (#259) - from version 20230817.00 * guest-agent: prepare for public release (#258) - from version 20230816.01 * Enable telemetry collection by default (#253) - from version 20230816.00 * Add pkcs12 license and update retry logic (#257) * sshtrustedca: Configure selinux context for sshtrustedca pipe (#256) * Store windows certs in certstore (#255) * events: Multiplex event watchers (#250) * Scheduler fixes (#254) * Update license files (#251) * Run telemetry every 24 hours, record pretty name on linux (#248) - Update to version 20230811.00 * sshca: move the event handler to its own package (#247) - from version 20230809.02 * Move scheduler package to google_guest_agent (#249) - from version 20230809.01 * Add scheduler utility to run jobs at interval (#244) - from version 20230809.00 * sshca: transform the format from json to openssh (#246) - from version 20230803.00 * Add support for reading UEFI variables on windows (#243) - from version 20230801.03 * sshtrustedca watcher: fix concurrency error (#242) - from version 20230801.02 * metadata: add a delta between http client timeout and hang (#241) - from version 20230801.00 * metadata: properly set request config (#240) * main: bring back the mds client initialization (#239) * metadata: don't try to use metadata before agentInit() is done (#238) * Add (disabled) telemetry logic to GuestAgent (#219) * metadata event handler: updates and bug fixes (#235) * Verify client credentials are signed by root CA before writing on disk (#236) * metadata: properly handle context cancelation (#234) * metadata: fix context cancelation error check (#233) * metadata: remove the sleep around metadata in instance setup (#232) * metadata: implement backoff strategy (#231) * Decrypt and store client credentials on disk (#230) * Upgrade Go version 1.20 (#228) * Fetch guest credentials and add MDS response proto (#226) * metadata: pass main context to WriteGuestAttributes() (#227) * Support for reading &amp; writing Root CA cert from UEFI variable (#225) * ssh_trusted_ca: enable the feature (#224) * sshTrustedCA: add pipe event handler (#222) * events: start using events layer (#223) - from version 20230726.00 * events: introducing a events handling subsystem (#221) - from version 20230725.00 * metadata: add metadata client interface (#220) - from version 20230711.00 * metadata: moving to its own package (#218) - from version 20230707.00 * snapshot: fix request handling error (#217) - Bump Go API version to 1.20 Package grub2 was updated: - Make consistent check to enable relative path on btrfs (bsc#1174567) (bsc#1216912) * 0001-Unify-the-check-to-enable-btrfs-relative-path.patch Package supportutils-plugin-suse-public-cloud was updated: - Update to version 1.0.9 (bsc#1218762, bsc#1218763) + Remove duplicate data collection for the plugin itself + Collect archive metering data when available + Query billing flavor status Package less was updated: - Fix CVE-2022-48624, LESSCLOSE handling in less does not quote shell metacharacters, bsc#1219901 * CVE-2022-48624.patch Package libssh2_org was updated: - Fix an issue with Encrypt-then-MAC family. [bsc#1221622] * Test the ETM feature in the remote end's configuration when receiving data. Upstream issue: #1331. * Add libssh2_org-ETM-remote.patch - Always add the KEX pseudo-methods &quot;ext-info-c&quot; and &quot;kex-strict-c-v00@openssh.com&quot; when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, when the default KEX method list is modified or replaced, the extension is not added back automatically. * Add libssh2_org-CVE-2023-48795-ext.patch Package vim was updated: - Updated to version 9.1 with patch level 0111, fixes the following security problems * Fixing bsc#1217316 (CVE-2023-48231) - VUL-0: CVE-2023-48231: vim: Use-After-Free in win_close() * Fixing bsc#1217320 (CVE-2023-48232) - VUL-0: CVE-2023-48232: vim: Floating point Exception in adjust_plines_for_skipcol() * Fixing bsc#1217321 (CVE-2023-48233) - VUL-0: CVE-2023-48233: vim: overflow with count for :s command * Fixing bsc#1217324 (CVE-2023-48234) - VUL-0: CVE-2023-48234: vim: overflow in nv_z_get_count * Fixing bsc#1217326 (CVE-2023-48235) - VUL-0: CVE-2023-48235: vim: overflow in ex address parsing * Fixing bsc#1217329 (CVE-2023-48236) - VUL-0: CVE-2023-48236: vim: overflow in get_number * Fixing bsc#1217330 (CVE-2023-48237) - VUL-0: CVE-2023-48237: vim: overflow in shift_line * Fixing bsc#1217432 (CVE-2023-48706) - VUL-0: CVE-2023-48706: vim: heap-use-after-free in ex_substitute * Fixing bsc#1219581 (CVE-2024-22667) - VUL-0: CVE-2024-22667: vim: stack-based buffer overflow in did_set_langmap function in map.c * Fixing bsc#1215005 (CVE-2023-4750) - VUL-0: CVE-2023-4750: vim: Heap use-after-free in function bt_quickfix - Revert the patch which caused GTK incompatibility problem * Add: vim-9.1-revert-v9.1.86.patch * This reverts commit 725c7c31a4c7603e688511d769b0addaab442d07 - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 Package mozilla-nss was updated: - update to NSS 3.90.2 * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS. (bsc#1216198) * bmo#1867408 - add a defensive check for large ssl_DefSend return values. Package kernel-default was updated: - Refresh patches.kabi/cpufeatures-kabi-fix.patch. (bsc#1221287) X86_FEATURE_LFENCE_RDTSC became an extended bit and was set via cpu_set_cap as opposed to setup_force_cpu_cap. So extend the infrastructure to also cover cpu_set_cap. - commit 3fcb500 - blacklist.conf: update blacklist The entries added in the commit are temporary ones so once MU is done I'll revert the commit - commit 874c87d - gve: Fix skb truesize underestimation (git-fixes). - commit 983edc4 - Revert &quot;md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d&quot; (git-fixes). - commit 3ea2575 - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (bsc#1220340,CVE-2024-26600) - commit 20e2c08 - RDMA/rxe: Clear all QP fields if creation failed (bsc#1220863 CVE-2021-47078) - commit f8dcd39 - RDMA/rxe: Return CQE error if invalid lkey was supplied (bsc#1220860 CVE-2021-47076) - commit 3f60a4e - ACPI: extlog: fix NULL pointer dereference check (bsc#1221039 CVE-2023-52605). - commit b0968bd - blacklist.conf: Add d4ccd54d28d3 exit: Put an upper limit on how often we can oops and its dependant. - commit 64ce341 - KVM: s390: fix setting of fpc register (bsc#1221040 CVE-2023-52597). - commit 0f89ca1 - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - commit d69a5b8 - net: nfc: llcp: Add lock when modifying device list (git-fixes). - commit b462198 - igb: clean up in all error paths when enabling SR-IOV (git-fixes). - commit 0f0e6a7 - net/sched: tcindex: search key must be 16 bits (git-fixes). - commit 190e0f5 - stmmac: fix potential division by 0 (git-fixes). - commit 40876e6 - kcm: fix strp_init() order and cleanup (git-fixes). - commit b31a598 - ipv6: fix typos in __ip6_finish_output() (git-fixes). - commit 54553b6 - kabi: team: Hide new member header_ops (bsc#1220870 CVE-2023-52574). - commit 9fab77a - blacklist.conf: update blacklist - commit 9263a68 - wcn36xx: fix RX BD rate mapping for 5GHz legacy rates (git-fixes). - commit c4e8a82 - wcn36xx: Fix discarded frames due to wrong sequence number (git-fixes). - commit 8553436 - x86/srso: Add SRSO mitigation for Hygon processors (bsc#1220735 CVE-2023-52482). - commit c7d3dd8 - Revert &quot;wcn36xx: Disable bmps when encryption is disabled&quot; (git-fixes). - commit e5924b8 - vt: fix memory overlapping when deleting chars in the buffer (bsc#1220845 CVE-2022-48627). - commit 6d7d615 - wcn36xx: Fix (QoS) null data frame bitrate/modulation (git-fixes). - commit 405ced7 - ipv6: Fix handling of LLA with VRF and sockets bound to VRF (git-fixes). - commit 519a8b2 - kcm: Call strp_stop before strp_done in kcm_attach (git-fixes). - commit b01e9bb - blacklist.conf: update blacklist - commit 347e348 - KVM: x86: Export RFDS_NO and RFDS_CLEAR to guests (bsc#1213456 CVE-2023-28746). - commit 789616b - x86/rfds: Mitigate Register File Data Sampling (RFDS) (bsc#1213456 CVE-2023-28746). - Update config files. - Refresh patches.kabi/cpufeatures-kabi-fix.patch. - commit 47b68f4 - Documentation/hw-vuln: Add documentation for RFDS (bsc#1213456 CVE-2023-28746). - commit 959a93f - scsi: qedf: Add pointer checks in qedf_update_link_speed() (bsc#1220861 CVE-2021-47077). - commit 499d19e - Refresh patches.suse/0001-powerpc-pseries-memhp-Fix-access-beyond-end-of-drmem.patch. Refresh patch metadata and sort. - commit 15cb428 - ravb: Fix use-after-free issue in ravb_tx_timeout_work() (bsc#1212514 CVE-2023-35827). - team: fix null-ptr-deref when team device type is changed (bsc#1220870 CVE-2023-52574). - commit 36ef587 - net: mana: Fix TX CQE error handling (bsc#1220932 CVE-2023-52532). - commit d388327 - Update reference of bpf-Fix-masking-negation-logic-upon-negative-dst-reg.patch (bsc#1186484,CVE-2021-33200,bsc#1220700,CVE-2021-46974). - commit d334f65 - nfsd: Do not refuse to serve out of cache (bsc#1220957). - commit 828470f - wifi: mac80211: fix potential key use-after-free (CVE-2023-52530 bsc#1220930). - wifi: iwlwifi: mvm: Fix a memory corruption issue (CVE-2023-52531 bsc#1220931). - commit 4749167 - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (CVE-2023-52502 bsc#1220831). - commit d0dd97d - tls: fix race between tx work scheduling and socket close (CVE-2024-26585 bsc#1220187). - commit 2d824be - kabi: restore return type of dst_ops::gc() callback (CVE-2023-52340 bsc#1219295). - ipv6: remove max_size check inline with ipv4 (CVE-2023-52340 bsc#1219295). - commit dd00c24 - netfilter: nf_tables: fix 64-bit load issue in nft_byteorder_eval() (CVE-2024-0607 bsc#1218915). - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (CVE-2024-0607 bsc#1218915). - commit b635ad7 - Update patches.suse/sctp-use-call_rcu-to-free-endpoint.patch (CVE-2022-20154 CVE-2021-46929 bsc#1200599 bsc#1220482). - commit 23c3231 - tomoyo: fix UAF write bug in tomoyo_write_control() (bsc#1220825 CVE-2024-26622). - commit e934259 - Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - commit 8e9750e - Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - commit e3ec875 - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (CVE-2021-46921 bsc#1220468 bsc#1185041). - commit 9f2e845 - locking/barriers: Introduce smp_cond_load_relaxed() and atomic_cond_read_relaxed() (bsc#1220468 bsc#1050549). - commit 76b2073 - Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - commit 3114978 - Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - commit 40c2728 - Input: appletouch - initialize work before device registration (CVE-2021-46932 bsc#1220444). - commit 02010d5 - powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1220250,CVE-2023-52451). - commit 22d7587 - ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure (bsc#1220599 CVE-2021-46953). - commit 69d8de2 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238 CVE-2023-52449). - commit a845e8b - Input: powermate - fix use-after-free in powermate_config_complete (CVE-2023-52475 bsc#1220649). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (CVE-2023-52478 bsc#1220796). - commit 6daf909 - i2c: Fix a potential use after free (bsc#1220409 CVE-2019-25162). - commit 0be34df - i2c: cadence: fix reference leak when pm_runtime_get_sync fails (bsc#1220570 CVE-2020-36784). - commit 8727379 - bus: qcom: Put child node before return (CVE-2021-47054 bsc#1220767). - commit 0c0fa8d - NFC: st21nfca: Fix memory leak in device probe and remove (CVE-2021-46924 bsc#1220459). - commit 01b7814 - netfilter: nft_limit: avoid possible divide error in nft_limit_init (CVE-2021-46915 bsc#1220436). - commit 9130a3d - HID: usbhid: fix info leak in hid_submit_ctrl (CVE-2021-46906 bsc#1220421). - commit 1d243b9 - media: pvrusb2: fix use after free on context disconnection (CVE-2023-52445 bsc#1220241). - commit f8f3542 - media: dvbdev: Fix memory leak in dvb_media_device_free() (CVE-2020-36777 bsc#1220526). - commit cd311ab - apparmor: avoid crash when parsed profile name is empty (CVE-2023-52443 bsc#1220240). - commit 8387a56 - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (bsc#1219125 CVE-2023-46343). - commit 7ff1724 - md: bypass block throttle for superblock update (git-fixes). - commit e6ba7c9 - blacklist.conf: add non-backport md git-fixes commits. - commit d3c59de - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). - commit 4a3997c - netfilter: nftables: avoid overflows in nft_hash_buckets() (CVE-2021-46992 bsc#1220638). - commit c79b980 - netfilter: nft_set_hash: add nft_hash_buckets() (CVE-2021-46992 bsc#1220638). - commit 5542c1b - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013 bsc#1220641). - commit a848ac2 - net: fec: Better handle pm_runtime_get() failing in .remove() (git-fixes). - commit 60e6dbc - net: fec: fix use-after-free in fec_drv_remove (git-fixes). - commit 192ab42 - i40e: Fix use-after-free in i40e_client_subtask() (CVE-2021-46991 bsc#1220575). - commit 27d6f39 - KVM: s390: vsie: fix race during shadow creation (git-fixes bsc#1220613). - commit a2a5381 - s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220607). - commit 0823e37 - mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path (bsc#1220344 CVE-2024-26595). - commit 71c942e - net: fec: fix clock count mis-match (git-fixes). - commit 90008dd - net: hns3: add compatible handling for MAC VLAN switch parameter configuration (git-fixes). - commit 9cbe2e0 - net: phy: initialise phydev speed and duplex sanely (git-fixes). - commit 5fc404a - bnx2x: Fix PF-VF communication over multi-cos queues (git-fixes). - commit 58f28c6 - ixgbe: protect TX timestamping from API misuse (git-fixes). - commit c740900 - net: phy: dp83867: enable robust auto-mdix (git-fixes). - commit 51f918b - net: fec: add missed clk_disable_unprepare in remove (git-fixes). - commit 26193da - e1000: fix memory leaks (git-fixes). - commit 63cea05 - igb: Fix constant media auto sense switching when no cable is connected (git-fixes). - commit ecbd46c - net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write() (git-fixes). - commit 467a700 - net: hns3: not allow SSU loopback while execute ethtool -t dev (git-fixes). - commit feac716 - net/mlx5e: ethtool, Avoid setting speed to 56GBASE when autoneg off (git-fixes). - commit 38e0f13 - blacklist.conf: update blacklist - commit 803afb1 - blacklist.conf: add ep93xx_eth the config option is not enabled - commit aed74c8 - blacklist.conf: add emac_rockchip the config option is not enabled - commit 27c4413 - Update metadata - commit fca1f53 - net: openvswitch: limit the number of recursions from action sets (bsc#1219835 CVE-2024-1151). - commit 9353f4f - EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330, CVE-2023-52464) - commit a228c17 - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - commit 7dad6e2 - blacklist.conf: Blacklist a clang fix - commit e954d52 - net: lpc-enet: fix printk format strings (git-fixes). - commit dcd5e66 - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context (git-fixes). - commit 3fddc2a - net: hisilicon: Fix dma_map_single failed on arm64 (git-fixes). - commit 65f9c53 - net: hisilicon: fix hip04-xmit never return TX_BUSY (git-fixes). - commit b56984b - net: hisilicon: make hip04_tx_reclaim non-reentrant (git-fixes). - Refresh patches.suse/net-hisilicon-Fix-ping-latency-when-deal-with-high-t.patch. - commit 1de9297 - net: sfp: add mutex to prevent concurrent state checks (git-fixes). - commit 4badb38 - blacklist.conf: update blacklist - commit eb0a485 - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). - commit 4772961 - media: uvcvideo: Set capability in s_param (git-fixes). - commit df9234c - media: dw2102: Fix use after free (git-fixes). - commit 6909f5e - media: dw2102: make dvb_usb_device_description structures const (git-fixes). - Refresh patches.suse/media-dw2102-Fix-memleak-on-sequence-of-probes.patch. - commit cfe8bf2 - media: dvb-usb: Add memory free on error path in dw2102_probe() (git-fixes). - Refresh patches.suse/media-dw2102-Fix-memleak-on-sequence-of-probes.patch. - commit 60bfc4d - [media] media drivers: annotate fall-through (git-fixes). - commit 550adce - rpm/check-for-config-changes: add GCC_ASM_GOTO_OUTPUT_WORKAROUND to IGNORED_CONFIGS_RE Introduced by commit 68fb3ca0e408 (&quot;update workarounds for gcc &quot;asm goto&quot; issue&quot;). - commit be1bdab - media: rc: ir-rc6-decoder: enable toggle bit for Kathrein RCU-676 remote (git-fixes). - commit 40a7cdd - media: rc: do not remove first bit if leader pulse is present (git-fixes). - commit 055036d - blacklist.conf: feature fixed hasn't been backported - commit 299071b - media: coda: reuse coda_s_fmt_vid_cap to propagate format in coda_s_fmt_vid_out (git-fixes). - commit 346be28 - media: coda: set min_buffers_needed (git-fixes). - commit 9e4f67c - media: coda: constify platform_device_id (git-fixes). - commit da6a628 - media: coda: reduce iram size to leave space for suspend to ram (git-fixes). - commit 015f50d - media: coda: explicitly request exclusive reset control (git-fixes). - commit 19dcce2 - media: coda: wake up capture queue on encoder stop after output streamoff (git-fixes). - Refresh patches.suse/media-coda-fix-last-buffer-handling-in-V4L2_ENC_CMD_.patch. - commit 4fba70d - [media] coda: simplify optional reset handling (git-fixes). - commit bc3f552 - [media] media: platform: coda: remove variable self assignment (git-fixes). - commit 6d6901a - blacklist.conf: driver not backported - commit c5ae253 - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - commit abccca4 - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - commit 4716702 - media: m920x: don't use stack on USB reads (git-fixes). - commit 45368d1 - media: dw2102: Fix memleak on sequence of probes (git-fixes). - commit d5c69b6 - blacklist.conf: false positive - commit 7722626 - blacklist.conf: renames a module. direct breakage of user space - commit bf0df5d - usb: musb: dsps: Fix the probe error path (git-fixes). - commit 2f6dfb0 - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - commit 3b8e34e - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - commit 9ef2688 - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - commit bcd63df - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - commit f16fc26 - compute-PATCHVERSION: Do not produce output when awk fails compute-PATCHVERSION uses awk to produce a shell script that is subsequently executed to update shell variables which are then printed as the patchversion. Some versions of awk, most notably bysybox-gawk do not understand the awk program and fail to run. This results in no script generated as output, and printing the initial values of the shell variables as the patchversion. When the awk program fails to run produce 'exit 1' as the shell script to run instead. That prevents printing the stale values, generates no output, and generates invalid rpm spec file down the line. Then the problem is flagged early and should be easier to diagnose. - commit 8ef8383 - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes). - commit 55e0925 - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes). - commit aebeb2d - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes). - commit 9c96097 - KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes). - commit 5a997a6 - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). - commit 54b16df - KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). - KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add mds_user_clear to kABI severity as it's used purely for mitigation so it's low risk. - x86/entry_32: Add VERW just before userspace transition (git-fixes). - x86/entry_64: Add VERW just before userspace transition (git-fixes). - x86/bugs: Add asm helpers for executing VERW (bsc#1213456). - commit 7cd11ce - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127 CVE-2024-23849). - commit e941df3 - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (bsc#1218527). - commit aaefb30 - blacklist.conf: add macsonic ethernet driver - commit 1c0cfbf - blacklist.conf: update blacklist - commit b541c7e - net: bonding: debug: avoid printing debug logs when bond is not notifying peers (git-fixes). - commit f58ad69 - usb: typec: tcpci: clear the fault status bit (git-fixes). - commit fbeda7b - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes). - commit 2012056 - Update to add CVE-2024-23851 tag, patches.suse/dm-limit-the-number-of-targets-and-parameter-size-ar.patch (bsc#1219827, bsc#1219146, CVE-2023-52429, CVE-2024-23851). - commit 7dd5c42 - blacklist.conf: cleanup of comments - commit d4049bd - blacklist.conf: documentation only - commit 3d84250 - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - commit a347e97 - blacklist.conf: not a fix but a cleanup - commit a5da3c1 - blacklist.conf: only comments cleanup - commit 2e15690 - blacklist.conf: at this time kerneldocs no longer matter - commit ed23d03 - ASN.1: Fix check for strdup() success (git-fixes). - commit 26b2327 - blacklist.conf: attributed to wrong commit id in fixes tag - commit 652fa5d - dm: limit the number of targets and parameter size area (bsc#1219827, bsc#1219146, CVE-2023-52429). - commit 3ddaf98 - scripts/PMU: Add option to skip livepatch submission Kernel resubmissions that don't involve livepatches can be done without kgraft package(s) and channel updates. - commit 8373df8 - Update patches.suse/nvmet-tcp-fix-a-crash-in-nvmet_req_complete.patch (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356). - commit 1a6bd68 - nvmet-tcp: Fix the H2C expected PDU len calculation (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356). - nvmet-tcp: remove boilerplate code (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356). - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356). - commit 3e8a84f - Refresh patches.kabi/cpufeatures-kabi-fix.patch. Simple arithmetic fix. - commit df1ea97 - vhost: use kzalloc() instead of kmalloc() followed by memset() (CVE-2024-0340, bsc#1218689). - commit 265772f - blacklist.conf: add Korina ethernet controleer - commit 754d7b6 - blacklist.conf: update blacklist - commit 65ec0f0 - mlx4: handle non-napi callers to napi_poll (git-fixes). - commit 13aca9d - bnxt_en: Log unknown link speed appropriately (git-fixes). - commit cab91f3 - net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow (git-fixes). - commit 30b8d5c - net: mvneta: fix double free of txq-&gt;buf (git-fixes). - commit abfb85a - r8169: fix data corruption issue on RTL8402 (git-fixes). - commit a389731 - rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) They are put into -devel subpackage. And a proper link to /usr/share/gdb/auto-load/ is created. - commit 1dccf2a - net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting (git-fixes). - commit 51f13e8 - net: fec: Do not use netdev messages too early (git-fixes). - commit 24b07f8 - net: stmmac: dwmac4/5: Clear unused address entries (git-fixes). - commit 156e8fc - net: stmmac: dwmac1000: Clear unused address entries (git-fixed). - commit b89c3f6 - blacklist.conf: add mediatek ethernet - commit ed969c9 - net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0 (git-fixed). - commit 63f7ed7 - blacklist.conf: update blacklist - commit ba8fcb7 - net: xilinx: fix possible object reference leak (git-fixed). - commit 0884dff - net: macb: Add null check for PCLK and HCLK (git-fixed). - Refresh patches.suse/0006-net-macb-fix-error-format-in-dev_err.patch. - commit 1fdfc75 - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (CVE-2024-1086 bsc#1219434). - commit 1f42903 - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - commit 839bbef - chardev: fix error handling in cdev_device_add() (git-fixes). - commit 76071ad - fs: don't audit the capability check in simple_xattr_list() (git-fixes). - commit 32c621d - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - commit 165619a - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - commit 6c26e9c - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - commit 1e4394d - kernfs: Separate kernfs_pr_cont_buf and rename_lock (git-fixes). - commit 302cbf3 - configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes). - commit ff1ac8a - vfs: make freeze_super abort when sync_filesystem returns error (git-fixes). - commit a0e15ea - fs: orangefs: fix error return code of orangefs_revalidate_lookup() (git-fixes). - commit 05692b2 - fs: warn about impending deprecation of mandatory locks (git-fixes). - commit d313c61 - configfs: fix memleak in configfs_release_bin_file (git-fixes). - commit e182771 - 9p: missing chunk of &quot;fs/9p: Don't update file type when updating file attributes&quot; (git-fixes). - commit d7f7957 - kernfs: bring names in comments in line with code (git-fixes). - commit b2412a4 - configfs: fix config_item refcnt leak in configfs_rmdir() (git-fixes). - commit a4e6173 - help_next should increase position index (git-fixes). - commit a734d52 - configfs: fix a deadlock in configfs_symlink() (git-fixes). - commit 31f30f9 - locks: print a warning when mount fails due to lack of &quot;mand&quot; support (git-fixes). - commit 4a54942 - configfs: provide exclusion between IO and removals (git-fixes). - commit be9e3af - configfs: new object reprsenting tree fragments (git-fixes). - commit 727fecd - configfs: stash the data we need into configfs_buffer at open time (git-fixes). - commit 57d5998 - pstore/ram: Run without kernel crash dump region (git-fixes). - Refresh patches.suse/pstore-backend-autoaction. - commit 27a20a7 - fs/file.c: initialize init_files.resize_wait (git-fixes). - commit 4e99111 - fs: ratelimit __find_get_block_slow() failure message (git-fixes). - commit 066abb3 - iomap: sub-block dio needs to zeroout beyond EOF (git-fixes). - commit c176969 - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() (git-fixes). - commit 97bf06c - proc: fix /proc/*/map_files lookup (git-fixes). - commit 66524a9 - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes). - commit 3b8a874 - pstore/ram: Check start of empty przs during init (git-fixes). - commit 86b8610 - statfs: enforce statfs[64] structure initialization (git-fixes). - commit e9ab62b - aio: fix mremap after fork null-deref (git-fixes). - commit f633071 - drm/amdgpu: Fix potential fence use-after-free v2 (bsc#1219128 CVE-2023-51042). - commit 78c123f - rpm/mkspec: sort entries in _multibuild Otherwise it creates unnecessary diffs when tar-up-ing. It's of course due to readdir() using &quot;random&quot; order as served by the underlying filesystem. See for example: https://build.opensuse.org/request/show/1144457/changes - commit d1155de - nvmet-tcp: fix a crash in nvmet_req_complete() (git-fixes). - commit 45b3590 - scsi: qla0xxx: Fix system crash due to bad pointer access (git-fixes). - commit 9c33792 - atm: Fix Use-After-Free in do_vcc_ioctl (CVE-2023-51780 bsc#1218730). - commit 42f1cd3 - mm,mremap: bail out earlier in mremap_to under map pressure (bsc#1123986). - commit d63623c - scripts/PMU: Rework option parsing, support user branches This converts optional arguments into more traditional option arguments and parses them with popular getopt. Drop explicit product specification and use the derived default because the 'prod' variable is rather an internal implementation detail. Additionally, prepare prompts for a possible (embargoed) submission from a user branch. - commit c3590b1 - xen-netback: don't produce zero-size SKB frags (CVE-2023-46838, XSA-448, bsc#1218836). - commit 6d25bad - USB: serial: option: fix FM101R-GL defines (git-fixes). - commit c34221c - blacklist.conf: Add baa9be4ffb55 sched/fair: Fix throttle_list starvation with low CFS quota - commit f2444c0 - libceph: use kernel_connect() (bsc#1219446). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1219445). - commit 92ba85d - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - commit 9c63fba - USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - commit e18b083 - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - commit 3c25206 - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (CVE-2021-33631 bsc#1219412). - commit 019d3a9 - kernel-source: Fix description typo - commit 8abff35 - blacklist.conf: remove a merge relic Remove a merge relic introduced in 44aaf966aab (&quot;Merge remote-tracking branch 'origin/SLE12-SP4' into SLE12-SP5-UPDATE&quot;). - commit 78c957f - blacklist.conf: add a not-relevant jump_label commit - commit 7bff5db - tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes). - commit 57e8982 - blacklist.conf: Blacklist 447ae316670230d7d29430e2cbf1f5db4f49d14c It reworks header inclusion to no real benefit for out kernel and results in massive kABI breakage. Just blacklist it. - commit 879fd91 - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach (CVE-2023-47233 bsc#1216702). - commit d2e0155 - net: stmmac: don't overwrite discard_frame status (git-fixes). - commit af86f48 - net: ethernet: ti: fix possible object reference leak (git-fixes). - commit 8292c78 - blacklist.conf: update blacklist - commit 3ec6d28 - blacklist.conf: update blacklist - commit b305f8c - rpm/constraints.in: set jobs for riscv to 8 The same workers are used for x86 and riscv and the riscv builds take ages. So align the riscv jobs count to x86. - commit b2c82b9 - net: ks8851: Set initial carrier state to down (git-fixes). - commit 667be0a - net: ks8851: Delay requesting IRQ until opened (git-fixes). - commit 605f94a - net: ks8851: Reassert reset pin if chip ID check fails (git-fixes). - commit 93e9e83 - net: dsa: qca8k: Enable delay for RGMII_ID mode (git-fixes). - commit 94c1dc4 - net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 (git-fixes). - commit d97991c - blacklist.conf: update blacklist - commit 23ba946 - blacklist.conf: Black unapplicable patch This one requires 45b575c00d8e72d69d75dd8c112f044b7b01b069 which is blacklisted. So black list this one as well. - commit 8ad7e95 - x86/unwind/orc: Fix unreliable stack dump with gcov (git-fixes). - commit db29225 - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - commit 0b71917 - x86/kvm/lapic: always disable MMIO interface in x2APIC mode (git-fixes). - commit 42aa4b1 - x86/purgatory: Don't generate debug info for purgatory.ro (git-fixes). - commit ad7d236 - x86/cpu: Add another Alder Lake CPU to the Intel family (git-fixes). - commit 5e43536 - x86/build: Turn off -fcf-protection for realmode targets (git-fixes). - commit 06f5589 - x86/build: Treat R_386_PLT32 relocation as R_386_PC32 (git-fixes). - commit c5cf689 - x86/lib: Fix overflow when counting digits (git-fixes). - commit 0070bad - x86/asm: Ensure asm/proto.h can be included stand-alone (git-fixes). - commit b6c5df9 - x86: __always_inline __{rd,wr}msr() (git-fixes). - commit 8507f62 - x86: Mark stop_this_cpu() __noreturn (git-fixes). - commit 47a8413 - x86: Clear .brk area at early boot (git-fixes). - commit 63c0fc3 - mkspec: Use variant in constraints template Constraints are not applied consistently with kernel package variants. Add variant to the constraints template as appropriate, and expand it in mkspec. - commit cc68ab9 - rpm/constraints.in: add static multibuild packages Commit 841012b049a5 (rpm/mkspec: use kernel-source: prefix for constraints on multibuild) added &quot;kernel-source:&quot; prefix to the dynamically generated kernels. But there are also static ones like kernel-docs. Those fail to build as the constraints are still not applied. So add the prefix also to the static ones. Note kernel-docs-rt is given kernel-source-rt prefix. I am not sure it will ever be multibuilt... - commit c2e0681 - bs-check-kernel-results: Handle multibuild packages correctly The package prefix was stripped too early leading to errors while getting logfiles in bs-check-kernel-results. Strip it just before passing the data to handle-kernel-result. Fixes: #61 - commit 4422573 - MyBS.pm: Do not use the 'ports' repository for ALP The ALP project has 'ports' repository that does not have useful content, skip it when searching for repository to build against. - commit 761463e - drm/atomic: Fix potential use-after-free in nonblocking commits (bsc#1219120 CVE-2023-51043). - commit a69e3d8 - Refresh patches.kabi/cpufeatures-kabi-fix.patch. Adjust the cpuid check when applying alternatives. Fixes false BUG_ON in the presence of extra bugints/capints. - commit 48af78f - Revert &quot;Limit kernel-source build to architectures for which the kernel binary&quot; This reverts commit 08a9e44c00758b5f3f3b641830ab6affff041132. The fix for bsc#1108281 directly causes bsc#1218768, revert. - commit 2943b8a - mkspec: Include constraints for both multibuild and plain package always There is no need to check for multibuild flag, the constraints can be always generated for both cases. - commit 308ea09 - rpm/mkspec: use kernel-source: prefix for constraints on multibuild Otherwise the constraints are not applied with multibuild enabled. - commit 841012b - wd-functions.sh: Use pixz for xz compresion when available. This makes xz compression highly non-deterministic but deterministic results were not provided by xz in the first place. - commit 1524b56 - rpm/kernel-source.rpmlintrc: add action-ebpf Upstream commit a79d8ba734bd (selftests: tc-testing: remove buildebpf plugin) added this precompiled binary blob. Adapt rpmlintrc for kernel-source. - commit b5ccb33 - Refresh patches.suse/mce-fix-set_mce_nospec-to-always-unmap-the-whole-page.patch. - commit 97df026 - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - commit f9ab50f - blacklist.conf: not a bug fix - commit 89a46f3 - blacklist.conf: driver not compiled - commit e4d38bb - blacklist.conf: false positive - commit be0a82f - blacklist.conf: not a bug fix - commit 3adfd09 - blacklist.conf: false positive - commit 9076062 - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1212152). Refresh: - patches.suse/scsi-qedf-correctly-handle-refcounting-of-rdata - patches.suse/scsi-qedf-print-message-during-bailout-conditions - patches.suse/scsi-qedf-print-scsi_cmd-backpointer-in-good-completion-path-if-the-command-is-still-being-used - commit e171158 - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - commit 3433e7a - writeback: Export inode_io_list_del() (bsc#1216989). patches/patches.suse/writeback-Protect-inode-i_io_list-with-inode-i_lock.patch: Refresh - commit c969261 - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017 bsc#1219053 CVE-2024-0775). - commit 3bb0d48 - Update patches.suse/ext4-improve-error-recovery-code-paths-in-__ext4_rem.patch (bsc#1213017 bsc#1219053 CVE-2024-0775). - commit a5b396b - scripts/tar-up.sh: don't add spurious entry from kernel-sources.changes.old The previous change added the manual entry from kernel-sources.change.old to old_changelog.txt unnecessarily. Let's fix it. - commit fb033e8 - Refresh patches.suse/ipmi-Cleanup-oops-on-initialization-failure.patch. Alt-commit added - commit 5093b56 - x86: Pin task-stack in __get_wchan() (git-fixes). - commit 96f1d7b - rpm/kernel-docs.spec.in: fix build with 6.8 Since upstream commit f061c9f7d058 (Documentation: Document each netlink family), the build needs python yaml. - commit 6a7ece3 - x86: Fix __get_wchan() for !STACKTRACE (git-fixes). - commit 23a1a0e - asix: Add check for usbnet_get_endpoints (git-fixes). - commit d1fcea8 - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). - commit d9f49bd - x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes). - commit 79b1f36 - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - commit 2dcf8c9 - x86/alternatives: Sync core before enabling interrupts (git-fixes). - commit d500914 - x86/cpu/hygon: Fix the CPU topology evaluation for real (git-fixes). - commit 01e7093 - x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes). - commit 293b127 - x86: Fix get_wchan() to support the ORC unwinder (git-fixes). - commit 1693c4c - x86/pat: Pass valid address to sanitize_phys() (git-fixes). - commit 9776480 - x86/pat: Fix x86_has_pat_wp() (git-fixes). - blacklist.conf: - commit 0a8ce61 - x86/mm: Add a x86_has_pat_wp() helper (git-fixes). - commit 794f377 - veth: Fixing transmit return status for dropped packets (git-fixes). - commit c39655b - preserve KABI for struct sfp_socket_ops (git-fixes). - commit 58a9bc4 - blacklist.conf: - Delete patches.suse/NFSD-Fix-possible-sleep-during-nfsd4_release_lockown.patch. This patch is harmful on all kernels, and irrelevant on kernels before v5.4 bsc#1218968 - commit 5365a0a - KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1219022). - commit 16098a4 - net: phylink: avoid resolving link state too early (git-fixes). - commit 67b00b5 - gtp: change NET_UDP_TUNNEL dependency to select (git-fixes). - commit dd6be0d - mlxsw: spectrum: Avoid -Wformat-truncation warnings (git-fixes). - commit bd062d1 - mlxsw: spectrum: Set LAG port collector only when active (git-fixes). - commit 42cb04e - net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() (git-fixes). - commit 5db0cbe - net: systemport: Fix reception of BPDUs (git-fixes). - commit 54f0189 - sfc: initialise found bitmap in efx_ef10_mtd_probe (git-fixes). - commit 36c912f - net: sfp: do not probe SFP module before we're attached (git-fixes). - commit b335b5c - net: phy: sfp: warn the user when no tx_disable pin is available (git-fixes). - commit 921c51c - blacklist.conf: update blacklist - commit 0fefc1a - net: stmmac: Disable EEE mode earlier in XMIT callback (git-fixes). - commit 42ea2f4 - blacklist.conf: update blacklist - commit 16074da - preserve KABI for struct plat_stmmacenet_data (git-fixes). - commit be0b5cc - net: stmmac: Fallback to Platform Data clock in Watchdog conversion (git-fixes). - commit c0e8ae4 - net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() (git-fixes). - commit 1f97aba - blacklist.conf: update blacklist - commit 160c442 - net: dsa: bcm_sf2: Propagate error value from mdio_write (git-fixes). - commit 042ff8c - net: (cpts) fix a missing check of clk_prepare (git-fixes). - commit a0511a4 - blacklist.conf: update blacklist - commit 778d638 - mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG (git-fixes). - commit 65b3a7e - blacklist.conf: update blacklist - commit 72f91b3 - nfsd: drop st_mutex and rp_mutex before calling move_to_close_lru() (bsc#1217525). - commit d08e536 - blacklist.conf: add wont-backport commit - commit 65861c5 - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes). - nvdimm: Fix badblocks clear off-by-one error (git-fixes). - nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes). - nvdimm/btt: do not call del_gendisk() if not needed (git-fixes). - libnvdimm/region: Fix label activation vs errors (git-fixes). - commit dc5bee2 - libnvdimm: cover up changes in struct nvdimm_bus_descriptor (git-fixes). - libnvdimm: Validate command family indices (git-fixes). - commit 27f581b - libnvdimm: Out of bounds read in __nd_ioctl() (git-fixes). - acpi/nfit: improve bounds checking for 'func' (git-fixes). - libnvdimm/btt: fix variable 'rc' set but not used (git-fixes). - libnvdimm/pmem: Delete include of nd-core.h (git-fixes). - =?UTF-8?q?libnvdimm:=20Fix=20endian=20conversion=20issues?= =?UTF-8?q?=C2=A0?= (git-fixes). - libnvdimm: Fix compilation warnings with W=1 (git-fixes). - libnvdimm/pmem: fix a possible OOB access when read and write pmem (git-fixes). - libnvdimm/btt: Fix a kmemdup failure check (git-fixes). - libnvdimm/namespace: Fix a potential NULL pointer dereference (git-fixes). - libnvdimm/btt: Fix LBA masking during 'free list' population (git-fixes). - libnvdimm/btt: Remove unnecessary code in btt_freelist_init (git-fixes). - acpi/nfit: Require opt-in for read-only label configurations (git-fixes). - UAPI: ndctl: Fix g++-unsupported initialisation in headers (git-fixes). - commit e6b26fa - blacklist.conf: false positive - commit de6f57b - blacklist.conf: blacklist Huawei HiNIC - commit d68e629 - s390/dasd: fix double module refcount decrement (bsc#1141539). - commit 1d573b9 - scripts: Add commit-msg check for patch references References in the commit message are important when generating the RPM changelog. Although scripts/log takes into account References: header, a reference may possibly be missed out when the script is skipped or the message misedited. Add a new hook that validates that the commit message contains all newly added references. - commit 500dd98 - scripts/install-git-hooks: Simplify relative path detection - commit 0415010 - scripts/git_sort/git_sort.py: Add 'perf-tools' branch - commit 7ef21eb - netfilter: nf_tables: Reject tables of unsupported family (CVE-2023-6040 bsc#1218752). - commit 9e6d9d4 - net/rose: Fix Use-After-Free in rose_ioctl (CVE-2023-51782 bsc#1218757). - commit 5e6770d - powerpc/pseries/memhotplug: Quieten some DLPAR operations (bsc#1065729). - commit 4d451a9 - powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729). - powerpc: Don't clobber f0/vs0 during fp|altivec register save (bsc#1065729). - commit d5de04b - Store the old kernel changelog entries in kernel-docs package (bsc#1218713) The old entries are found in kernel-docs/old_changelog.txt in docdir. rpm/old_changelog.txt can be an optional file that stores the similar info like rpm/kernel-sources.changes.old. It can specify the commit range that have been truncated. scripts/tar-up.sh expands from the git log accordingly. - commit c9a2566 - fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes). - commit 37053b5 - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes). - commit 22c7474 - orangefs: Fix sysfs not cleanup when dev init failed (git-fixes). - commit 3dc6f72 - fat: add ratelimit to fat*_ent_bread() (git-fixes). - commit 2e4dd8d - orangefs: fix orangefs df output (git-fixes). - commit 14af1e9 - fs/fat/file.c: issue flush after the writeback of FAT (git-fixes). - commit 4b5cf8c - fs/exofs: fix potential memory leak in mount option parsing (git-fixes). - commit c3e2f19 - orangefs: rate limit the client not running info message (git-fixes). - commit 9ffd7ce - gfs2: ignore negated quota changes (git-fixes). - commit 65c2047 - gfs2: Fix possible data races in gfs2_show_options() (git-fixes). - commit 57d66df - gfs2: Fix inode height consistency check (git-fixes). - commit d7ee5ae - gfs2: Check sb_bsize_shift after reading superblock (git-fixes). - commit 381ce29 - gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes). - commit 59f59dc - gfs2: assign rgrp glock before compute_bitstructs (git-fixes). - commit 8e79a5c - gfs2: Don't call dlm after protocol is unmounted (git-fixes). - commit 0e0a651 - gfs2: Fix use-after-free in gfs2_glock_shrink_scan (git-fixes). - commit 4dff329 - gfs2: report &quot;already frozen/thawed&quot; errors (git-fixes). - commit e5108bb - gfs2: Don't skip dlm unlock if glock has an lvb (git-fixes). - commit 38230f9 - gfs2: check for empty rgrp tree in gfs2_ri_update (git-fixes). - commit 3484422 - gfs2: Wake up when sd_glock_disposal becomes zero (git-fixes). - commit 6e96bc8 - gfs2: check for live vs. read-only file system in gfs2_fitrim (git-fixes). - commit dece8b9 - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free (git-fixes). - commit 5f11647 - gfs2: add validation checks for size of superblock (git-fixes). - commit 4bfdec0 - gfs2: fix use-after-free on transaction ail lists (git-fixes). - commit 3c0934a - gfs2: initialize transaction tr_ailX_lists earlier (git-fixes). - commit a3dcb8b - gfs2: Allow lock_nolock mount to specify jid=X (git-fixes). - commit c3d10eb - gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache (git-fixes). - commit 50b2782 - gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps (git-fixes). - commit 0638ce6 - gfs2: Fix sign extension bug in gfs2_update_stats (git-fixes). - commit 6905d0e - gfs2: Fix lru_count going negative (git-fixes). - commit 22c6d6f - gfs2: take jdata unstuff into account in do_grow (git-fixes). - commit f6cafad - gfs2: Fix marking bitmaps non-full (git-fixes). - commit 27f21b4 - GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads (git-fixes). - commit c0d61c2 - gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated (git-fixes). - commit ca05c1f - gfs2: Special-case rindex for gfs2_grow (git-fixes). - commit 77ffe3d - reiserfs: Replace 1-element array with C99 style flex-array (git-fixes). - commit ed361ae - reiserfs: Check the return value from __getblk() (git-fixes). - commit c984c17 - affs: fix basic permission bits to actually work (git-fixes). - commit 6abe668 Package python-base was updated: - Add CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). Package python3-base was updated: - Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing gh#python/cpython#108310, backport from upstream patch gh#python/cpython#108315 (bsc#1214692, CVE-2023-40217) - (bsc#1219666, CVE-2023-6597) Add CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory. - Repurpose skip-failing-tests.patch to increase timeout for test.test_asyncio.test_tasks.TimeoutTests.test_timeout_time, which fails on slow machines in IBS (s390x). - Refresh CVE-2023-27043-email-parsing-errors.patch from gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). Package timezone was updated: - update to 2024a: * Kazakhstan unifies on UTC+5. This affects Asia/Almaty and Asia/Qostanay which together represent the eastern portion of the country that will transition from UTC+6 on 2024-03-01 at 00:00 to join the western portion. (Thanks to Zhanbolat Raimbekov.) * Palestine springs forward a week later than previously predicted in 2024 and 2025. (Thanks to Heba Hamad.) Change spring-forward predictions to the second Saturday after Ramadan, not the first; this also affects other predictions starting in 2039. * Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00. (Thanks to Đoàn Trần Công Danh.) * From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00. (Thanks to Chris Walton.) * In 1911 Miquelon adopted standard time on June 15, not May 15. * The FROM and TO columns of Rule lines can no longer be &quot;minimum&quot; or an abbreviation of &quot;minimum&quot;, because TZif files do not support DST rules that extend into the indefinite past - although these rules were supported when TZif files had only 32-bit data, this stopped working when 64-bit TZif files were introduced in 1995. This should not be a problem for realistic data, since DST was first used in the 20th century. As a transition aid, FROM columns like &quot;minimum&quot; are now diagnosed and then treated as if they were the year 1900; this should suffice for TZif files on old systems with only 32-bit time_t, and it is more compatible with bugs in 2023c-and-earlier localtime.c. (Problem reported by Yoshito Umaoka.) * localtime and related functions no longer mishandle some timestamps that occur about 400 years after a switch to a time zone with a DST schedule. In 2023d data this problem was visible for some timestamps in November 2422, November 2822, etc. in America/Ciudad_Juarez. (Problem reported by Gilmore Davidson.) * strftime %s now uses tm_gmtoff if available. (Problem and draft patch reported by Dag-Erling Smørgrav.) * The strftime man page documents which struct tm members affect which conversion specs, and that tzset is called. (Problems reported by Robert Elz and Steve Summit.) - update to 2023d: * Ittoqqortoormiit, Greenland changes time zones on 2024-03-31. * Vostok, Antarctica changed time zones on 2023-12-18. * Casey, Antarctica changed time zones five times since 2020. * Code and data fixes for Palestine timestamps starting in 2072. * A new data file zonenow.tab for timestamps starting now. * Fix predictions for DST transitions in Palestine in 2072-2075, correcting a typo introduced in 2023a. * Vostok, Antarctica changed to +05 on 2023-12-18. It had been at +07 (not +06) for years. * Change data for Casey, Antarctica to agree with timeanddate.com, by adding five time zone changes since 2020. Casey is now at +08 instead of +11. * Much of Greenland, represented by America/Nuuk, changed its standard time from -03 to -02 on 2023-03-25, not on 2023-10-28. * localtime.c no longer mishandles TZif files that contain a single transition into a DST regime. Previously, it incorrectly assumed DST was in effect before the transition too. * tzselect no longer creates temporary files. * tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/. * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments. * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension. * zic no longer mishandles data for Palestine after the year 2075. - Refresh tzdata-china.diff Package libxml2 was updated: - Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader * Added libxml2-CVE-2024-25062.patch Package compat-openssl098 was updated: - Security fix: [bsc#1219243, CVE-2024-0727] * Add NULL checks where ContentInfo data can be NULL * Add openssl-CVE-2024-0727.patch Package openssl-1_1 was updated: - Security fix: [bsc#1219243, CVE-2024-0727] * Add NULL checks where ContentInfo data can be NULL * Add openssl-CVE-2024-0727.patch Package google-cloud-sap-agent was updated: - Update to version 3.2 (bsc#1222215, bsc#1222216) * Remove internal gensupport package. * Restore additional error handling and response checking to internal data warehouse client. * Updating the aggregate function in HANA insight rules * Remove a leftover debug log * Allow multipart uploads for PIPE file types. * Update go-hdb version to v1.8.0 * Perform log restores in serial rather than parallel. * Add sample usage examples to commandlineexecutor * Small update to configureinstance OTE * Add nil check in backup and restore flows to protect against panics. * Close http response body in WriteInsight() and soap.go * Record topology type. * Initialize usagemetrics for OTEs * Add Instance Number to SAP System instance properties * Set `min_version` for WLM `os_settings` system metric. * Increase timeout for saptune re-apply commands. * Adding handling for encrypted snapshots in backup and restore * Change the version check comparisons to account for versions older than those listed in SAP Note. * Skip the Netweaver metrics that need dpmon on NW kernels affected by SAP Note: 3366597 * Fix imports * No public description * Use internal data warehouse client. * Fix disp+work command invocation for Netweaver Kernel version discovery. * Add note about default parameter values to installbackint. * Add mutex in multipart writer for potential data races. * Update go.mod and go.sum * Skip XFS freeze by default unless user passes a parameter to do it explicitly * configureinstance minor updates. * Add safety check for usage metrics on BMS * Storage Class parameter added to Backint. * Update configureinstance's X4 saptune conf. * XML Multipart Write() and Close() methods completed. * Fixes the vmmanager policies for sles12 and sles15 used in the cloud console removes the individual cloud console policies and consolidates them into one Adds a general gcloud command line policy * Standardize logging for workloadmanager package. * Multipart XML API Uploads for Backint. * Add database system SID to database properties. * Fix NW HA node identification for RedHat deployments. * Add workload properties to discovery object returned by discoverSAPSystems * Add ASCS instance number to application data * Add Workload Manager validation rule for checking OS settings. * Enable WLM metric collection by default, disable submission of data to Cloud Monitoring. * Decoupling primary executable command and providing an alternative to lsof * Added HANA version in support bundle collection * Add WorkloadProperties to merged system details and to WLM Insights * Replace the link placeholder with the actual link * Add instance number to SAP discovery data * Tranche 12: HRE Rules * Minor typo fix in workloadmanager's hana metrics module * Add pacemaker metrics with SID labels to process metrics * updating the regex for backup and backint files to take care of log rotation in support bundle * Add support for disk snapshot labels for easy lifecycle management of snapshots * Added new OTE for changedisktype workflow * Add WorkloadProperties to SapSystemDetails for apps_discovery * Testing the timeseries in unit tests instead of just checking the count * Record Netweaver kernel version. * Tranche 12: HRE Rules * Testing the timeseries in unit tests instead of just checking the count * Testing the timeseries in unit tests instead of just checking the count * Relocating pacemaker collection related packages to internal/pacemaker for common use between process metrics and WLM * Use results from latest round of discovery for the collection of process metrics. * Handling zero rows returned case better in HANA insights * Adding docstrings to workloadmanager package * Adding docstring to configure OTE * adding docstrings to methods in support bundle * Add X4 specific configurations to configureinstance OTE. * Add helper functions to configureinstance OTE. * Display updates for HANA Insights WLM rules rollout. * configureinstance OTE * We expect the command to return a non-zero exit code and we should not be returning an error. Execute treats non-zero exit code as error. * Removing the sap control process command line params * Revert &quot;Fixing system replication status code being returned&quot; * configureinstance OTE * We expect the command to return a non-zero exit code and we should not be returning an error. Execute treats non-zero exit code as error. * Removing the sap control process command line params * Fixing system replication status code being returned * Wait for hdbindex server to stop after HANA is stopped * Log error to console in cases where LVM is not being used * Adding JournalCTL logs to support bunddle * hanadiskbckup - Add missing params to the Usage string * Move usagemetrics package into shared folder * Fixed data race error in TestCollectAndSendSlowMovingMetrics() * Disk backup/restore - Enable send-metrics-to-monitoring by default - Update to version 3.1 (bsc#1220010, bsc#1220111) * Fixing system replication status code being returned * Reduce disk snapshot wait durations * Fix test flakes in workloadcollector test. * adding metrics for db freeze time and total workflow time * Fix for SAP System discovery adding the current host to all components. * Restore default WLM metric collection settings. * change description of validate OTE * fix a typo in the command name and add a delay before we try the unmount * Use underscore as separator for flags in place of hyphens * Enable host_metrics and disable reliability_metrics by default in configure OTE * Collect reliability metrics in the free namespace * Remove user from cmd params for HANA Replication * Enable workload manager metric collection by default. * Add support configuration flag to enable legacy WLM metric data submission workflow. * Lowers the log level of discovery to info * Fix for HANA Replication Config * Add additional instance-id parameter for users who do not want to provide port number * Use _ instead of - for parameters in configurebackint * Implementing panic recovery to HANA Monitoring: CreateWorkerPool * Fix issue with process metrics subroutine starting. * Add a flag to enable or disable workload discovery. * Reduce logs in sapdiscovery to debug, these are now run a lot more frequently and are flooding the logs * Use bucket `cloudsapdeploystaging` for staging environment. * Updates default value handling for system discovery flag. * Added default values to some frequency flags in configure OTE * force a sync before unmounting to clear out stale file handles * Retain recoverable routine in process metrics. * Ensures slow metrics workers stop on context cancellation. * Log lsof output if unmount fails during restore * SAP Discovery - Discover R3trans data * Add panic recovery to collectiondefinition update routine * configurebackint OTE. * Adding panic recovery to remote.go * Prevent host metrics from restarting the daily metrics report if it has already been started. * Add panic recovery to agent metrics * Implementing panic recovery for hana monitoring: logging action daily * Routines now use their own context and cancel in the event of a panic recovery. * Add panic recovery to host metrics routines * Removed -path flag and fixed usage string * Add workload properties to the SAP System definition. * Add panic recovery to collectMetricsFromConfig routines. * Add panic recovery to fast metric collection routine. * Reduces the log severity to debug for the exponential backoff policy * Add panic recovery to heartbeat routine. * Updating configuration.json file to remove deprecated sap_discovery field * Use protojson instead of custom function for snake_case marshaling * Add panic recovery to WLM metrics collection * HANA Insights rules tranche 11: Create unit tests and add to auto push * Add panic recovery to workload collector daily usage metrics. * Processmetrics - suppress Error and Warn logs that really need to be debug * Formatting the output of messages printed by configure OTE * Changing flag names of configure OTE to align better with configuration.json fields * Add automatic panic recovery to slow metrics collection * Add panic recovery to goroutine collectAndSend * Add panic recovery to goroutine * Retain recoverable routines beyond function scope. * Implement recovery handler for SAP System discovery package * Tranche 11: HRE Rules * Update github build * Adds generic panic recovery to SAP System discovery package * Initialize the sidadm env to ensure restore can be run as root user * not pacaking gcbdr scripts till launch of the feature * Change datatype of frequency flags from string to int * Breaking down --frequency flag into separate flags for different features for better isolation * Fix configuration.json file from being written in camelCase to snake_case * Tranche 6,7,8,9,10: HRE Rules * Suppress pacemaker related log from Error to Debug * creating the OTE for GCBDR discovery * Update HA node identification * Tranche 10: HRE Rules * Update file permissions and ownership for installbackint when running as root. * Adding newline after version print. * Exposing HANA Logical volumes availability metrics * Make workloadmanager parameters test more robust. * Fix panic in cloud discovery * Tranche 10: HRE Rules * Add recovery_folder_prefix parameter to Backint. * Mark process_metrics_send_frequency as deprecated * Add snapshot-type param to hanadiskbackup with default as STANDARD type. Users can override to ARCHIVE type if needed. * Add new folder_prefix parameter to Backint. * Add HANA new HANA insight rules to BUILD file and embed sources * Tranche 10a: HRE Rules * Tranche 6b: HRE Rules * Tranche 8b: HRE Rules * Fix for sending isABAP value * Updating logusage command line flags - Update to version 3.0 (bsc#1218736, bsc#1218737) * Suppress packemaker command error to debug to avoid log flooding * Expand load balancing cluster discovery. * Log success messages in OTEs to STDOUT instead of STDERR used by log.Print * Use bash always to avoid variation of behavior across OS/Shell types * Minor updates to installbackint. * Backint compose step properly saves metadata. * Fix issue with discovery on ASCS instances. * hanadiskrestore - fix the format of disktype string for disk create API * Fix issue with PCS cluster address discovery. * Update transform to insight * Rename HANA backup/restore OTEs to reflect they are supported for all disks and not just persistent disk * Increase the timeout for HDB stop to account for busy DBs * Adding project sap-ecs-testing to the list. * PD Restore - Support provisioned-iops and provisioned-throughput * Integration test for configure OTE * Added precondition in hana pd backup for stripped LVM * Add a precondition check to verify user has passed a valid snapshot name that is present in the current project * Update the usage to reflect additional required param * Minor path update for supportbundle OTE. * Fixing bug in slow moving metrics partial collection scenarios * Adding check for agent status after restart. * Ensure Backint ComposeChunks has a valid bucket handle * Discover whether a Netweaver instance is ABAP or Java * Replace standard slices package with third party version * WLM HANA metric `ha_in_same_zone` now reports instance names for HA nodes in the same zone * Fix data race condition for Backint Backup with new client connections * Make -new-disk-name a required parameter to avoid the 63 char limit in the name length due to auto-generated names * Fix command for collecting Corosync metric `two_node_runtime` * Make snapshot name similar to disk name * Bump golang.org/x/crypto from 0.15.0 to 0.17.0 * Enable Discovery config flag controls submission to Data Warehouse and Cloud Logging * Create new clients for each operation in Backint * Add `client_endpoint` to Backint proto. * Getting the build number into the version for display * Backint config name change: service_account to service_account_key * Add HANA HA metrics to collection definition. * Fix sorting bug in a diff in apps_discovery_test.go * Add discoverHANATenantDBs to main code path * Change PIPE filemode to WRONLY to allow us to detect broken pipes * Deprecate `sap_system_discovery` config field in favor of `enable_discovery` * Move the validation of whether user passed correct PD, before stopping HANA * Add a placeholder for public doc link with next steps after hanapdrestore workflow has completed * Fix executable path for HDB version command * Add optional param `new-disk-name` to hanapdrestore for users that wish to override the default * Sort the skipmetrics in unit test to avoid order related flakes * Generalizing configure OTE * Discover Netweaver kernel version * Fix Sprintf call * Use SAP System data to determine if HANA HA nodes share the same zone. * hanapdrestore - do not delete PDs in case of failures * Create discoverHANATenantDBs method to support multiple SIDs for HANA tenant DBs * Send additional fields in Data Warehouse WriteInsightRequest * Updating the username parameters for hana pd backup and restore * Retrieve Reliability data every 2 hours instead of 24 * Discover HANA version * Fix import for GitHub build * Add instance properties, and topology information to system data * Keep the device nam and disk name same after restore * Move sapdiscovery package into system package * Changer the default name of the disk created by restore workflow * Updates the generated protobuf go for system.proto * Update generated system proto * Update go.yml * Add topology and instance properties info to SAP System data * Add a check to verify the disk is attached to instance, fail if disk is not attached * Add application and database software properties to system representation * Fix race condition in heartbeat test case * Add error handling to restore workflow to try and keep the HANA system in a clean state on failures * Enable LogToCloud by default for both OTE and Daemon modes * Bump Agent version to 3.0 * Reliability OTE added to SAP Agent * Declare public Get interface for SAP System discovery data * Integration testing for Networkstats Package * Adding project sap-ecs-testing to the list * Adding one time execution for enabling/disabling of features * Change to using custom retries for initial bucket connection * Default collection definition to be fetched from GCS * Add a 2 minute context timeout for initial bucket connection * Add `collection_config_version` as a WLM system metric * Make project, host param optional for hanapdbackup, in addition make user param optional for hanapdrestore * Fix potential nil dereference WLM metrics collection * Add force-stop-hana to restore workflow to forcefully stop HANA when the param is passed * Rename the HANA PD snapshot and restore workflows * Add unit tests for GetProvisionIOps and GetProvisionedThoughput * Remove the TestCollect unit test which relies on nc command which can be flaky in unit tests * Increase Backint timeout for PIPE files to 3 minutes * Add XFS freeze and unfreeze to PD based snapshot Package libvirt was updated: - CVE-2024-2494: remote: check for negative array lengths before allocation 8a3f8d95-CVE-2024-2494.patch bsc#1221815 - CVE-2024-2496: interface: fix udev_device_get_sysattr_value return value check 2ca94317-CVE-2024-2496.patch bsc#1221468 - CVE-2024-1441: Fix off-by-one error in udevListInterfacesByStatus c664015f-CVE-2024-1441.patch bsc#1221237 Package cloud-regionsrv-client was updated: - Update to version 10.1.7 (bsc#1220164, bsc#1220165) + Fix the failover path to a new target update server. At present a new server is not found since credential validation fails. We targeted the server detected in down condition to verify the credentials instead of the replacement server. - Update EC2 plugin to 1.0.4 (bsc#1219156, bsc#1219159) + Fix the algorithm to determine the region from the availability zone information retrieved from IMDS. - Update to version 10.1.6 + Support specifying an IPv6 address for a manually configured target update server. Package supportutils-plugin-ha-sap was updated: - Update to version 0.0.5+git.1709295499.1c8e8cd * adapt documentation links * add support for SAP systemd services regarding SID retrieval * add information about SAP related systemd services * add information about sapcontrol function GetStartProfile * add information from daemon.ini * collect hook script logs (suschksrv and saphanasr_multitarget_hook) * collect logs of sap_suse_cluster_connector and sapstartsrv * Add python version * Check sudoers for srhook configuration Package openssl-1_0_0 was updated: - Security fix: [bsc#1219243, CVE-2024-0727] * Add NULL checks where ContentInfo data can be NULL * Add openssl-CVE-2024-0727.patch Package tiff was updated: - security update: * CVE-2023-40745[bsc#1214687] CVE-2023-41175[bsc#1214686] [bsc#1221187] CVE-2023-38288[bsc#1213590] Fix potential int overflow in raw2tiff.c and tiffcp.c Rename tiff-CVE-2023-38288.patch into tiff-CVE-2023-38288,CVE-2023-40745,CVE-2023-41175.patch - security update: * CVE-2015-8668 [bsc#960589] Fix heap based buffer overflow in bmp2tiff PackBitsEncode() + tiff-CVE-2015-8668.patch - security update: * CVE-2023-52356 [bsc#1219213] Fix segfault in TIFFReadRGBATileExt() + tiff-CVE-2023-52356.patch Package google-guest-oslogin was updated: - Add explicit versioned dependency on google-guest-agent (bsc#1219642) - Update to version 20231101.00 (bsc#1216548, bsc#1216750) * Fix HTTP calls retry logic (#117) - Update to version 20231004 * packaging: Make the dependency explicit (#120) - update to 20230926.00: * fix suse build * selinux: fix selinux build (#114) * test: align CXX Flags * sshca: Make the implementation more C++ like * sshca: Add a SysLog wrapper * oslogin_utils: introduce AuthorizeUser() API * sshca: move it out of pam dir * pam: start disabling the use of oslogin_sshca * sshca: consider sshca API to assume a cert only * authorized principals: introduce the new command * authorize keys: update to use new APIs * pam modules: remove pam_*_admin and update pam_*_login * cache_refresh: should be catching by reference. - Update to version 20230823.00 * selinux: Add sshd_key_t type enforcement to trusted user ca (#113) - from version 20230822.00 * sshca: Add tests with fingerprint and multiple extensions (#111) - from version 20230821.01 * sshca: Support method token and handle multi line (#109) - from version 20230821.00 * Update owners (#110) - Update to version 20230808.00 * byoid: extract and apply the ca fingerprint to policy call (#106) - Update to version 20230502.00 * Improve the URL in 2fa prompt (#104) - from version 20230406.02 * Check open files (#101) - from version 20230406.01 * Initialize variables (#100) * Fix formatting (#102) - from version 20230406.00 * PAM cleanup: remove duplicates (#97) - from version 20230405.00 * NSS cleanup (#98) - from version 20230403.01 * Cleanup Makefiles (#95) - from version 20230403.00 * Add anandadalton to the owners list (#96) - Update to version 20230217.00 * Update OWNERS (#91) - from version 20230202.00 * Update owners file (#89) - Update to version 20220721.00 (bsc#1202100, bsc#1202101) * prune outdated info from readme (#86) - from version 20220714.00 * strip json-c version symbol (#84) - from version 20220622.00 * pam login: split conditions for logging (#83) - use pam_moduledir (boo#1191036) * Support UsrMerge project - Update to version 20220411.00 * pam login: split conditions for logging (#83) Package util-linux-systemd was updated: - Properly neutralize escape sequences in wall (util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085, and its prerequisites: util-linux-fputs_careful1.patch, util-linux-wall-migrate-to-memstream.patch util-linux-fputs_careful2.patch). Package python36 was updated: - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). Package curl was updated: - Security fix: [bsc#1221665, CVE-2024-2004] * Usage of disabled protocol * Add curl-CVE-2024-2004.patch - Security fix: [bsc#1221667, CVE-2024-2398] * curl: HTTP/2 push headers memory-leak * Add curl-CVE-2024-2398.patch Package krb5 was updated: - Fix memory leaks, add patch 0015-Fix-two-unlikely-memory-leaks.patch * CVE-2024-26458, bsc#1220770 * CVE-2024-26461, bsc#1220771 - Update to krb5 1.16.3 (jsc#PED-7884). Most relevant changes: * Remove the triple-DES and RC4 encryption types from the default value of supported_enctypes, which determines the default key and salt types for new password-derived keys. By default, keys will only created only for AES128 and AES256. This mitigates some types of password guessing attacks. * Add support for the AES-SHA2 enctypes, which allows sites to conform to Suite B crypto requirements. - Removed patches, useless or upstreamed * krb5-1.10-kpasswd_tcp.patch * krb5-1.7-doublelog.patch * krb5-1.9-kprop-mktemp.patch * krb5-1.10-ksu-access.patch * krb5-kvno-230379.patch * krb5-1.12-doxygen.patch * bnc#897874-CVE-2014-5351.diff * krb5-1.13-work-around-replay-cache-creation-race.patch * 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch * 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch * 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch * 0109-Preserve-GSS-context-on-init-accept-failure.patch * 0115-Remove-incorrect-KDC-assertion.patch * 0116-Implement-GSS_KRB5_CRED_NO_CI_FLAGS_X-cred-option.patch * 0117-Add-tests-for-GSS_KRB5_CRED_NO_CI_FLAGS_X.patch * 0118-Implement-GSS_KRB5_CRED_NO_CI_FLAGS_X-for-SPNEGO.patch * 0119-Load-mechglue-config-files-from-etc-gss-mech.d.patch * 0120-Document-etc-gss-mech.d-.conf.patch * 0121-Fix-impersonate_name-to-work-with-interposers.patch * 0122-Use-preauth-options-when-changing-password.patch * 0123-Improve-extended-gic-option-support.patch * 0124-Use-responder-for-non-preauth-AS-requests.patch - New patches: * 0011-Fix-KDC-null-deref-on-bad-encrypted-challenge.patch * 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch - Renamed patches: * Patch krb5-1.12-pam.patch -&gt; 0001-krb5-1.12-pam.patch * Patch krb5-1.9-manpaths.dif -&gt; 0002-krb5-1.9-manpaths.patch * Patch krb5-1.12-buildconf.patch -&gt; 0003-krb5-1.12-buildconf.patch * Patch krb5-1.6.3-gssapi_improve_errormessages.dif -&gt; 0004-krb5-1.6.3-gssapi_improve_errormessages.patch * Patch krb5-1.6.3-ktutil-manpage.dif -&gt; 0005-krb5-1.6.3-ktutil-manpage.patch * Patch krb5-1.12-api.patch -&gt; 0006-krb5-1.12-api.patch * Patch krb5-1.12-ksu-path.patch -&gt; 0007-krb5-1.12-ksu-path.patch * Patch krb5-1.12-selinux-label.patch -&gt; 0008-krb5-1.12-selinux-label.patch * Patch krb5-1.9-debuginfo.patch -&gt; 0009-krb5-1.9-debuginfo.patch * Patch 0125-Add-recursion-limit-for-ASN.1-indefinite-lengths.patch -&gt; 0010-Add-recursion-limit-for-ASN.1-indefinite-lengths.patch * Patch 0126-Fix-integer-overflows-in-PAC-parsing.patch -&gt; 0013-Fix-integer-overflows-in-PAC-parsing.patch * Patch 0127-Ensure-array-count-consistency-in-kadm5-RPC.patch -&gt; 0014-Ensure-array-count-consistency-in-kadm5-RPC.patch Package libssh was updated: - Update to 0.9.8: [jsc#PED-7719, bsc#1218126, CVE-2023-48795] * Rebase 0001-disable-timeout-test-on-slow-buildsystems.patch * Remove patches fixed in the update: - CVE-2019-14889.patch - 0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-A.patch - Update to version 0.9.8 * Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209) * Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126) * Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186) * Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing (bsc#1211188) * Fix CVE-2023-2283: a possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) * Fix several memory leaks in GSSAPI handling code - Update to version 0.9.6 (bsc#1189608, CVE-2021-3634) * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 - Add missing BR for openssh needed for tests - update to 0.9.5 (bsc#1174713, CVE-2020-16135): * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232) * Improve handling of library initialization (T222) * Fix parsing of subsecond times in SFTP (T219) * Make the documentation reproducible * Remove deprecated API usage in OpenSSL * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN * Define version in one place (T226) * Prevent invalid free when using different C runtimes than OpenSSL (T229) * Compatibility improvements to testsuite - Update to version 0.9.4 * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ * Fix possible Denial of Service attack when using AES-CTR-ciphers CVE-2020-1730 (bsc#1168699) Package avahi was updated: - Add avahi-CVE-2023-38471.patch: Extract host name using avahi_unescape_label (bsc#1216594, CVE-2023-38471). - Add avahi-CVE-2023-38469.patch: Reject overly long TXT resource records (bsc#1216598, CVE-2023-38469). Package crmsh was updated: - Update to version 4.1.1+git.1711953398.2356ae42: * Fix: bootstrap: Remove unused -i option when calling csync2_remote and ssh_remote stage (bsc#1212080, bsc#1221912) Package shadow was updated: - bsc#1188307: Fix passwd segfault Add shadow-bsc1188307-passwd-segfault.patch Package python was updated: - Add CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). Package python-instance-billing-flavor-check was updated: - Version 0.0.6 (bsc#1218561) Support proxy setup on the client to access the update infrastructure API - Version 0.0.5 Add IPv6 support (bsc#1218739) Package openssh was updated: - also remember the active state of the service, so openssh8.4 can pick it up. bsc#1220110 - handle these when we do go from openssh8.4-server back to openssh - remember the enabled state of sshd state, so openssh8,4 can pick it up. bsc#1220110 - Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385). This limits the use of shell metacharacters in host- and user names. Package jasper was updated: - bsc#1223155 CVE-2024-31744: Add missing check to jpc_dec_process_sod() Add jasper-CVE-2024-31744.patch - bsc#1218802 CVE-2023-51257: Fix invalid memory write on jas_icctxt_input() Add jasper-CVE-CVE-2023-51257.patch Package ncurses was updated: - Add patch ncurses-5.9-bsc1220061.patch (bsc#1220061, CVE-2023-45918) * Backport from ncurses-6.4-20230615.patch improve checks in convert_string() for corrupt terminfo entry Package nghttp2 was updated: - security update- added patches fix CVE-2024-28182 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks + nghttp2-CVE-2024-28182-1.patch fix CVE-2024-28182-2 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks + nghttp2-CVE-2024-28182-2.patch Package suseconnect-ng was updated: - Allow &quot;--rollback&quot; flag to run on readonly filesystem (bsc#1220679) - Update to version 1.7.0 * Allow SUSEConnect on read write transactional systems (bsc#1219425) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/sles-12-sp5-sap-byos-v20240426-x86-64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 SAPHanaSR-0.162.3-3.39.1 SAPHanaSR-doc-0.162.3-3.39.1 cloud-netconfig-gce-1.14-35.1 cloud-regionsrv-client-10.1.7-52.108.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.108.1 cluster-md-kmp-default-4.12.14-122.201.1 cpio-2.11-36.21.1 crmsh-4.1.1+git.1711953398.2356ae42-2.83.1 crmsh-scripts-4.1.1+git.1711953398.2356ae42-2.83.1 curl-8.0.1-11.86.2 dlm-kmp-default-4.12.14-122.201.1 gfs2-kmp-default-4.12.14-122.201.1 google-cloud-sap-agent-3.2-6.28.1 google-guest-agent-20231031.01-1.35.1 google-guest-oslogin-20231101.00-1.29.1 graphviz-2.28.0-29.9.1 graphviz-gd-2.28.0-29.9.1 grub2-2.02-172.1 grub2-i386-pc-2.02-172.1 grub2-x86_64-efi-2.02-172.1 kernel-default-4.12.14-122.201.1 krb5-1.16.3-46.6.1 krb5-client-1.16.3-46.6.1 less-458-7.12.1 libavahi-client3-0.6.32-32.24.1 libavahi-common3-0.6.32-32.24.1 libblkid1-2.33.2-4.36.1 libcurl4-8.0.1-11.86.2 libfdisk1-2.33.2-4.36.1 libfreebl3-3.90.2-58.111.1 libjasper1-1.900.14-195.40.1 libmount1-2.33.2-4.36.1 libncurses5-5.9-88.1 libncurses6-5.9-88.1 libnghttp2-14-1.39.2-3.18.1 libopenssl0_9_8-0.9.8j-106.64.1 libopenssl1_0_0-1.0.2p-3.90.1 libopenssl1_1-1.1.1d-2.104.1 libpython2_7-1_0-2.7.18-33.29.1 libpython3_4m1_0-3.4.10-25.124.1 libpython3_6m1_0-3.6.15-52.1 libsmartcols1-2.33.2-4.36.1 libsoftokn3-3.90.2-58.111.1 libssh2-1-1.11.0-29.15.2 libssh4-0.9.8-3.12.2 libsuseconnect-1.8.0-3.12.1 libsystemd0-228-157.60.1 libtiff5-4.0.9-44.80.1 libudev1-228-157.60.1 libuuid1-2.33.2-4.36.1 libvirt-client-5.1.0-13.42.1 libvirt-libs-5.1.0-13.42.1 libxml2-2-2.9.4-46.71.1 libxml2-tools-2.9.4-46.71.1 libzypp-16.22.12-62.1 mozilla-nss-3.90.2-58.111.1 mozilla-nss-certs-3.90.2-58.111.1 ncurses-utils-5.9-88.1 ocfs2-kmp-default-4.12.14-122.201.1 openssh-7.2p2-81.17.1 openssl-1_0_0-1.0.2p-3.90.1 perl-Bootloader-0.947-3.9.1 python-2.7.18-33.29.1 python-base-2.7.18-33.29.1 python-idna-2.5-3.13.1 python-instance-billing-flavor-check-0.0.6-1.11.1 python-xml-2.7.18-33.29.1 python3-3.4.10-25.124.1 python3-base-3.4.10-25.124.1 python3-curses-3.4.10-25.124.1 python3-idna-2.5-3.13.1 python36-base-3.6.15-52.1 shadow-4.2.1-36.9.1 sudo-1.8.27-4.48.2 supportutils-plugin-ha-sap-0.0.5+git.1709295499.1c8e8cd-1.15.1 supportutils-plugin-suse-public-cloud-1.0.9-6.22.1 suseconnect-ng-1.8.0-3.12.1 suseconnect-ruby-bindings-1.8.0-3.12.1 systemd-228-157.60.1 systemd-sysvinit-228-157.60.1 terminfo-5.9-88.1 terminfo-base-5.9-88.1 timezone-2024a-74.79.1 udev-228-157.60.1 util-linux-2.33.2-4.36.1 util-linux-systemd-2.33.2-4.36.1 uuidd-2.33.2-4.36.1 vim-9.1.0111-17.29.1 vim-data-common-9.1.0111-17.29.1 wicked-0.6.74-3.35.1 wicked-service-0.6.74-3.35.1 xterm-308-5.12.1 SAPHanaSR-0.162.3-3.39.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 SAPHanaSR-doc-0.162.3-3.39.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 cloud-netconfig-gce-1.14-35.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 cloud-regionsrv-client-10.1.7-52.108.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 cloud-regionsrv-client-plugin-gce-1.0.0-52.108.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 cluster-md-kmp-default-4.12.14-122.201.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 cpio-2.11-36.21.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 crmsh-4.1.1+git.1711953398.2356ae42-2.83.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 crmsh-scripts-4.1.1+git.1711953398.2356ae42-2.83.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 curl-8.0.1-11.86.2 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 dlm-kmp-default-4.12.14-122.201.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 gfs2-kmp-default-4.12.14-122.201.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 google-cloud-sap-agent-3.2-6.28.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 google-guest-agent-20231031.01-1.35.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 google-guest-oslogin-20231101.00-1.29.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 graphviz-2.28.0-29.9.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 graphviz-gd-2.28.0-29.9.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 grub2-2.02-172.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 grub2-i386-pc-2.02-172.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 grub2-x86_64-efi-2.02-172.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 kernel-default-4.12.14-122.201.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 krb5-1.16.3-46.6.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 krb5-client-1.16.3-46.6.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 less-458-7.12.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libavahi-client3-0.6.32-32.24.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libavahi-common3-0.6.32-32.24.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libblkid1-2.33.2-4.36.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libcurl4-8.0.1-11.86.2 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libfdisk1-2.33.2-4.36.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libfreebl3-3.90.2-58.111.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libjasper1-1.900.14-195.40.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libmount1-2.33.2-4.36.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libncurses5-5.9-88.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libncurses6-5.9-88.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libnghttp2-14-1.39.2-3.18.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libopenssl0_9_8-0.9.8j-106.64.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libopenssl1_0_0-1.0.2p-3.90.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libopenssl1_1-1.1.1d-2.104.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libpython2_7-1_0-2.7.18-33.29.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libpython3_4m1_0-3.4.10-25.124.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libpython3_6m1_0-3.6.15-52.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libsmartcols1-2.33.2-4.36.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libsoftokn3-3.90.2-58.111.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libssh2-1-1.11.0-29.15.2 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libssh4-0.9.8-3.12.2 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libsuseconnect-1.8.0-3.12.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libsystemd0-228-157.60.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libtiff5-4.0.9-44.80.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libudev1-228-157.60.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libuuid1-2.33.2-4.36.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libvirt-client-5.1.0-13.42.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libvirt-libs-5.1.0-13.42.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libxml2-2-2.9.4-46.71.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libxml2-tools-2.9.4-46.71.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 libzypp-16.22.12-62.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 mozilla-nss-3.90.2-58.111.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 mozilla-nss-certs-3.90.2-58.111.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 ncurses-utils-5.9-88.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 ocfs2-kmp-default-4.12.14-122.201.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 openssh-7.2p2-81.17.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 openssl-1_0_0-1.0.2p-3.90.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 perl-Bootloader-0.947-3.9.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 python-2.7.18-33.29.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 python-base-2.7.18-33.29.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 python-idna-2.5-3.13.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 python-instance-billing-flavor-check-0.0.6-1.11.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 python-xml-2.7.18-33.29.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 python3-3.4.10-25.124.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 python3-base-3.4.10-25.124.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 python3-curses-3.4.10-25.124.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 python3-idna-2.5-3.13.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 python36-base-3.6.15-52.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 shadow-4.2.1-36.9.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 sudo-1.8.27-4.48.2 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 supportutils-plugin-ha-sap-0.0.5+git.1709295499.1c8e8cd-1.15.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 supportutils-plugin-suse-public-cloud-1.0.9-6.22.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 suseconnect-ng-1.8.0-3.12.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 suseconnect-ruby-bindings-1.8.0-3.12.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 systemd-228-157.60.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 systemd-sysvinit-228-157.60.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 terminfo-5.9-88.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 terminfo-base-5.9-88.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 timezone-2024a-74.79.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 udev-228-157.60.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 util-linux-2.33.2-4.36.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 util-linux-systemd-2.33.2-4.36.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 uuidd-2.33.2-4.36.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 vim-9.1.0111-17.29.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 vim-data-common-9.1.0111-17.29.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 wicked-0.6.74-3.35.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 wicked-service-0.6.74-3.35.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 xterm-308-5.12.1 as a component of Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64 The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. CVE-2014-5351 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:krb5-1.16.3-46.6.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:krb5-client-1.16.3-46.6.1 moderate 2.1 AV:N/AC:H/Au:S/C:P/I:N/A:N The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. CVE-2015-8629 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:krb5-1.16.3-46.6.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:krb5-client-1.16.3-46.6.1 low 2.1 AV:N/AC:H/Au:S/C:P/I:N/A:N The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. CVE-2015-8630 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:krb5-1.16.3-46.6.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:krb5-client-1.16.3-46.6.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. CVE-2015-8631 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:krb5-1.16.3-46.6.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:krb5-client-1.16.3-46.6.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. CVE-2015-8668 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libtiff5-4.0.9-44.80.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. CVE-2019-14889 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libssh4-0.9.8-3.12.2 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, added Fixes tag] CVE-2019-25162 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. CVE-2020-16135 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libssh4-0.9.8-3.12.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. CVE-2020-1730 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libssh4-0.9.8-3.12.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn` before setting it to NULL, as documented in include/media/media-device.h: "The media_entity instance itself must be freed explicitly by the driver if required." CVE-2020-36777 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 low In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions cdns_i2c_master_xfer and cdns_reg_slave. However, pm_runtime_get_sync will increment pm usage counter even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. CVE-2020-36784 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 low kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. CVE-2021-33200 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0. CVE-2021-33631 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange. CVE-2021-3634 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libssh4-0.9.8-3.12.2 low 4 AV:N/AC:L/Au:S/C:N/I:N/A:P In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes. To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl(). CVE-2021-46906 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init div_u64() divides u64 by u32. nft_limit_init() wants to divide u64 by u64, use the appropriate math function (div64_u64) divide error: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8390 Comm: syz-executor188 Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:div_u64_rem include/linux/math64.h:28 [inline] RIP: 0010:div_u64 include/linux/math64.h:127 [inline] RIP: 0010:nft_limit_init+0x2a2/0x5e0 net/netfilter/nft_limit.c:85 Code: ef 4c 01 eb 41 0f 92 c7 48 89 de e8 38 a5 22 fa 4d 85 ff 0f 85 97 02 00 00 e8 ea 9e 22 fa 4c 0f af f3 45 89 ed 31 d2 4c 89 f0 <49> f7 f5 49 89 c6 e8 d3 9e 22 fa 48 8d 7d 48 48 b8 00 00 00 00 00 RSP: 0018:ffffc90009447198 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000200000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff875152e6 RDI: 0000000000000003 RBP: ffff888020f80908 R08: 0000200000000000 R09: 0000000000000000 R10: ffffffff875152d8 R11: 0000000000000000 R12: ffffc90009447270 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 000000000097a300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200001c4 CR3: 0000000026a52000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: nf_tables_newexpr net/netfilter/nf_tables_api.c:2675 [inline] nft_expr_init+0x145/0x2d0 net/netfilter/nf_tables_api.c:2713 nft_set_elem_expr_alloc+0x27/0x280 net/netfilter/nf_tables_api.c:5160 nf_tables_newset+0x1997/0x3150 net/netfilter/nf_tables_api.c:4321 nfnetlink_rcv_batch+0x85a/0x21b0 net/netfilter/nfnetlink.c:456 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:580 [inline] nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:598 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae CVE-2021-46915 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queued_write_lock_slowpath() While this code is executed with the wait_lock held, a reader can acquire the lock without holding wait_lock. The writer side loops checking the value with the atomic_cond_read_acquire(), but only truly acquires the lock when the compare-and-exchange is completed successfully which isn't ordered. This exposes the window between the acquire and the cmpxchg to an A-B-A problem which allows reads following the lock acquisition to observe values speculatively before the write lock is truly acquired. We've seen a problem in epoll where the reader does a xchg while holding the read lock, but the writer can see a value change out from under it. Writer | Reader -------------------------------------------------------------------------------- ep_scan_ready_list() | |- write_lock_irq() | |- queued_write_lock_slowpath() | |- atomic_cond_read_acquire() | | read_lock_irqsave(&ep->lock, flags); --> (observes value before unlock) | chain_epi_lockless() | | epi->next = xchg(&ep->ovflist, epi); | | read_unlock_irqrestore(&ep->lock, flags); | | | atomic_cmpxchg_relaxed() | |-- READ_ONCE(ep->ovflist); | A core can order the read of the ovflist ahead of the atomic_cmpxchg_relaxed(). Switching the cmpxchg to use acquire semantics addresses this issue at which point the atomic_cond_read can be switched to use relaxed semantics. [peterz: use try_cmpxchg()] CVE-2021-46921 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy->pending_skb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unreferenced object 0xffff88800bc06800 (size 512): comm "8", pid 11775, jiffies 4295159829 (age 9.032s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000d66c09ce>] __kmalloc_node_track_caller+0x1ed/0x450 [<00000000c93382b3>] kmalloc_reserve+0x37/0xd0 [<000000005fea522c>] __alloc_skb+0x124/0x380 [<0000000019f29f9a>] st21nfca_hci_i2c_probe+0x170/0x8f2 Fix it by freeing 'pending_skb' in error and remove. CVE-2021-46924 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may happen, since input_dev->close() calls cancel_work_sync(&dev->work), but dev->work initalization happens _after_ input_register_device() call. So this patch moves dev->work initialization before registering input device CVE-2021-46932 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 low In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware properties, the GTDT driver unmaps the interrupt that it mapped earlier. However, it never checks whether the mapping of the interrupt actially succeeded. Even more, should the firmware report an illegal interrupt number that overlaps with the GIC SGI range, this can result in an IPI being unmapped, and subsequent fireworks (as reported by Dann Frazier). Rework the driver to have a slightly saner behaviour and actually check whether the interrupt has been mapped before unmapping things. CVE-2021-46953 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: i40e: Fix use-after-free in i40e_client_subtask() Currently the call to i40e_client_del_instance frees the object pf->cinst, however pf->cinst->lan_info is being accessed after the free. Fix this by adding the missing return. Addresses-Coverity: ("Read from pointer after free") CVE-2021-46991 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nft_hash_buckets() Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nft_hash_buckets() syzbot injected a size == 0x40000000 and reported: UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 29539 Comm: syz-executor.4 Not tainted 5.12.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327 __roundup_pow_of_two include/linux/log2.h:57 [inline] nft_hash_buckets net/netfilter/nft_set_hash.c:411 [inline] nft_hash_estimate.cold+0x19/0x1e net/netfilter/nft_set_hash.c:652 nft_select_set_ops net/netfilter/nf_tables_api.c:3586 [inline] nf_tables_newset+0xe62/0x3110 net/netfilter/nf_tables_api.c:4322 nfnetlink_rcv_batch+0xa09/0x24b0 net/netfilter/nfnetlink.c:488 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:612 [inline] nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:630 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 CVE-2021-46992 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd(). But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len). As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len, thus my patch assigns skb->len to 'len' before the possible free and use 'len' instead of skb->len later. CVE-2021-47013 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: bus: qcom: Put child node before return Put child node before return to fix potential reference count leak. Generally, the reference count of child is incremented and decremented automatically in the macro for_each_available_child_of_node() and should be decremented manually if the loop is broken in loop body. CVE-2021-47054 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 low In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitly wrong lkey. [leonro@vm ~]$ mkt test test_atomic_invalid_lkey (tests.test_atomic.AtomicTest) ... WARNING: CPU: 5 PID: 263 at drivers/infiniband/sw/rxe/rxe_comp.c:740 rxe_completer+0x1a6d/0x2e30 [rdma_rxe] Modules linked in: crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel rdma_ucm rdma_cm ib_umad ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5_core ptp pps_core CPU: 5 PID: 263 Comm: python3 Not tainted 5.13.0-rc1+ #2936 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:rxe_completer+0x1a6d/0x2e30 [rdma_rxe] Code: 03 0f 8e 65 0e 00 00 3b 93 10 06 00 00 0f 84 82 0a 00 00 4c 89 ff 4c 89 44 24 38 e8 2d 74 a9 e1 4c 8b 44 24 38 e9 1c f5 ff ff <0f> 0b e9 0c e8 ff ff b8 05 00 00 00 41 bf 05 00 00 00 e9 ab e7 ff RSP: 0018:ffff8880158af090 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888016a78000 RCX: ffffffffa0cf1652 RDX: 1ffff9200004b442 RSI: 0000000000000004 RDI: ffffc9000025a210 RBP: dffffc0000000000 R08: 00000000ffffffea R09: ffff88801617740b R10: ffffed1002c2ee81 R11: 0000000000000007 R12: ffff88800f3b63e8 R13: ffff888016a78008 R14: ffffc9000025a180 R15: 000000000000000c FS: 00007f88b622a740(0000) GS:ffff88806d540000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f88b5a1fa10 CR3: 000000000d848004 CR4: 0000000000370ea0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rxe_do_task+0x130/0x230 [rdma_rxe] rxe_rcv+0xb11/0x1df0 [rdma_rxe] rxe_loopback+0x157/0x1e0 [rdma_rxe] rxe_responder+0x5532/0x7620 [rdma_rxe] rxe_do_task+0x130/0x230 [rdma_rxe] rxe_rcv+0x9c8/0x1df0 [rdma_rxe] rxe_loopback+0x157/0x1e0 [rdma_rxe] rxe_requester+0x1efd/0x58c0 [rdma_rxe] rxe_do_task+0x130/0x230 [rdma_rxe] rxe_post_send+0x998/0x1860 [rdma_rxe] ib_uverbs_post_send+0xd5f/0x1220 [ib_uverbs] ib_uverbs_write+0x847/0xc80 [ib_uverbs] vfs_write+0x1c5/0x840 ksys_write+0x176/0x1d0 do_syscall_64+0x3f/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae CVE-2021-47076 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add pointer checks in qedf_update_link_speed() The following trace was observed: [ 14.042059] Call Trace: [ 14.042061] <IRQ> [ 14.042068] qedf_link_update+0x144/0x1f0 [qedf] [ 14.042117] qed_link_update+0x5c/0x80 [qed] [ 14.042135] qed_mcp_handle_link_change+0x2d2/0x410 [qed] [ 14.042155] ? qed_set_ptt+0x70/0x80 [qed] [ 14.042170] ? qed_set_ptt+0x70/0x80 [qed] [ 14.042186] ? qed_rd+0x13/0x40 [qed] [ 14.042205] qed_mcp_handle_events+0x437/0x690 [qed] [ 14.042221] ? qed_set_ptt+0x70/0x80 [qed] [ 14.042239] qed_int_sp_dpc+0x3a6/0x3e0 [qed] [ 14.042245] tasklet_action_common.isra.14+0x5a/0x100 [ 14.042250] __do_softirq+0xe4/0x2f8 [ 14.042253] irq_exit+0xf7/0x100 [ 14.042255] do_IRQ+0x7f/0xd0 [ 14.042257] common_interrupt+0xf/0xf [ 14.042259] </IRQ> API qedf_link_update() is getting called from QED but by that time shost_data is not initialised. This results in a NULL pointer dereference when we try to dereference shost_data while updating supported_speeds. Add a NULL pointer check before dereferencing shost_data. CVE-2021-47077 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxe_qp_do_cleanup() relies on valid pointer values in QP for the properly created ones, but in case rxe_qp_from_init() failed it was filled with garbage and caused tot the following error. refcount_t: underflow; use-after-free. WARNING: CPU: 1 PID: 12560 at lib/refcount.c:28 refcount_warn_saturate+0x1d1/0x1e0 lib/refcount.c:28 Modules linked in: CPU: 1 PID: 12560 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:refcount_warn_saturate+0x1d1/0x1e0 lib/refcount.c:28 Code: e9 db fe ff ff 48 89 df e8 2c c2 ea fd e9 8a fe ff ff e8 72 6a a7 fd 48 c7 c7 e0 b2 c1 89 c6 05 dc 3a e6 09 01 e8 ee 74 fb 04 <0f> 0b e9 af fe ff ff 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55 RSP: 0018:ffffc900097ceba8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000040000 RSI: ffffffff815bb075 RDI: fffff520012f9d67 RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff815b4eae R11: 0000000000000000 R12: ffff8880322a4800 R13: ffff8880322a4940 R14: ffff888033044e00 R15: 0000000000000000 FS: 00007f6eb2be3700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fdbe5d41000 CR3: 000000001d181000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __refcount_sub_and_test include/linux/refcount.h:283 [inline] __refcount_dec_and_test include/linux/refcount.h:315 [inline] refcount_dec_and_test include/linux/refcount.h:333 [inline] kref_put include/linux/kref.h:64 [inline] rxe_qp_do_cleanup+0x96f/0xaf0 drivers/infiniband/sw/rxe/rxe_qp.c:805 execute_in_process_context+0x37/0x150 kernel/workqueue.c:3327 rxe_elem_release+0x9f/0x180 drivers/infiniband/sw/rxe/rxe_pool.c:391 kref_put include/linux/kref.h:65 [inline] rxe_create_qp+0x2cd/0x310 drivers/infiniband/sw/rxe/rxe_verbs.c:425 _ib_create_qp drivers/infiniband/core/core_priv.h:331 [inline] ib_create_named_qp+0x2ad/0x1370 drivers/infiniband/core/verbs.c:1231 ib_create_qp include/rdma/ib_verbs.h:3644 [inline] create_mad_qp+0x177/0x2d0 drivers/infiniband/core/mad.c:2920 ib_mad_port_open drivers/infiniband/core/mad.c:3001 [inline] ib_mad_init_device+0xd6f/0x1400 drivers/infiniband/core/mad.c:3092 add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:717 enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1331 ib_register_device drivers/infiniband/core/device.c:1413 [inline] ib_register_device+0x7c7/0xa50 drivers/infiniband/core/device.c:1365 rxe_register_device+0x3d5/0x4a0 drivers/infiniband/sw/rxe/rxe_verbs.c:1147 rxe_add+0x12fe/0x16d0 drivers/infiniband/sw/rxe/rxe.c:247 rxe_net_add+0x8c/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:503 rxe_newlink drivers/infiniband/sw/rxe/rxe.c:269 [inline] rxe_newlink+0xb7/0xe0 drivers/infiniband/sw/rxe/rxe.c:250 nldev_newlink+0x30e/0x550 drivers/infiniband/core/nldev.c:1555 rdma_nl_rcv_msg+0x36d/0x690 drivers/infiniband/core/netlink.c:195 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x2ee/0x430 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47 entry_SYSCALL_64_after_hwframe+0 ---truncated--- CVE-2021-47078 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel CVE-2022-20154 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. CVE-2022-48624 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:less-458-7.12.1 important In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to memcpy because memcpy does not ensure its behavior if the destination buffer overlaps with the source buffer. The line buffer is not always broken, because the memcpy utilizes the hardware acceleration, whose result is not deterministic. Fix this problem by using replacing the scr_memcpyw with scr_memmovew. CVE-2022-48627 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. CVE-2023-1667 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libssh4-0.9.8-3.12.2 moderate A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. CVE-2023-2283 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libssh4-0.9.8-3.12.2 moderate The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. CVE-2023-27043 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libpython2_7-1_0-2.7.18-33.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libpython3_4m1_0-3.4.10-25.124.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python-2.7.18-33.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python-base-2.7.18-33.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python-xml-2.7.18-33.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python3-3.4.10-25.124.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python3-base-3.4.10-25.124.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python3-curses-3.4.10-25.124.1 moderate Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2023-28746 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. CVE-2023-35827 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate ** REJECT ** Not a Security Issue. CVE-2023-38288 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libtiff5-4.0.9-44.80.1 low A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. CVE-2023-38469 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libavahi-client3-0.6.32-32.24.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libavahi-common3-0.6.32-32.24.1 moderate A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. CVE-2023-38471 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libavahi-client3-0.6.32-32.24.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libavahi-common3-0.6.32-32.24.1 moderate An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) CVE-2023-40217 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libpython3_4m1_0-3.4.10-25.124.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python3-3.4.10-25.124.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python3-base-3.4.10-25.124.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python3-curses-3.4.10-25.124.1 important LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVE-2023-40745 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libtiff5-4.0.9-44.80.1 moderate Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. CVE-2023-42465 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:sudo-1.8.27-4.48.2 moderate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2023-45918 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libncurses5-5.9-88.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libncurses6-5.9-88.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ncurses-utils-5.9-88.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:terminfo-5.9-88.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:terminfo-base-5.9-88.1 low In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. CVE-2023-46343 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. CVE-2023-46838 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. CVE-2023-47233 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate Use After Free in GitHub repository vim/vim prior to 9.0.1857. CVE-2023-4750 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-9.1.0111-17.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-data-common-9.1.0111-17.29.1 important Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48231 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-9.1.0111-17.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-data-common-9.1.0111-17.29.1 low Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48232 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-9.1.0111-17.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-data-common-9.1.0111-17.29.1 low Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48233 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-9.1.0111-17.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-data-common-9.1.0111-17.29.1 low Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48234 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-9.1.0111-17.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-data-common-9.1.0111-17.29.1 low Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48235 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-9.1.0111-17.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-data-common-9.1.0111-17.29.1 low Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48236 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-9.1.0111-17.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-data-common-9.1.0111-17.29.1 low Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-48237 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-9.1.0111-17.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-data-common-9.1.0111-17.29.1 low Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. CVE-2023-48706 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-9.1.0111-17.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-data-common-9.1.0111-17.29.1 low The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. CVE-2023-48795 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libssh2-1-1.11.0-29.15.2 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libssh4-0.9.8-3.12.2 important In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free. CVE-2023-51042 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. CVE-2023-51043 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. CVE-2023-51257 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libjasper1-1.900.14-195.40.1 moderate In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. CVE-2023-51385 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:openssh-7.2p2-81.17.1 moderate An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. CVE-2023-51780 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 important An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition. CVE-2023-51782 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. CVE-2023-52340 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 important A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. CVE-2023-52356 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libtiff5-4.0.9-44.80.1 moderate dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. CVE-2023-52429 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}" a string ":samba-dcerpcd" is unpacked as a fully-qualified name and then passed to aa_splitn_fqname(). aa_splitn_fqname() treats ":samba-dcerpcd" as only containing a namespace. Thus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later aa_alloc_profile() crashes as the new profile name is NULL now. general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:strlen+0x1e/0xa0 Call Trace: <TASK> ? strlen+0x1e/0xa0 aa_policy_init+0x1bb/0x230 aa_alloc_profile+0xb1/0x480 unpack_profile+0x3bc/0x4960 aa_unpack+0x309/0x15e0 aa_replace_profiles+0x213/0x33c0 policy_update+0x261/0x370 profile_replace+0x20e/0x2a0 vfs_write+0x2af/0xe00 ksys_write+0x126/0x250 do_syscall_64+0x46/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK> ---[ end trace 0000000000000000 ]--- RIP: 0010:strlen+0x1e/0xa0 It seems such behaviour of aa_splitn_fqname() is expected and checked in other places where it is called (e.g. aa_remove_profiles). Well, there is an explicit comment "a ns name without a following profile is allowed" inside. AFAICS, nothing can prevent unpacked "name" to be in form like ":samba-dcerpcd" - it is passed from userspace. Deny the whole profile set replacement in such case and inform user with EPROTO and an explaining message. Found by Linux Verification Center (linuxtesting.org). CVE-2023-52443 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on the context object. However, that might happen before the usb hub_event handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack. CVE-2023-52445 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access 'gluebi->desc' in gluebi_read(). ubi_gluebi_init ubi_register_volume_notifier ubi_enumerate_volumes ubi_notify_all gluebi_notify nb->notifier_call() gluebi_create mtd_device_register mtd_device_parse_register add_mtd_device blktrans_notify_add not->add() ftl_add_mtd tr->add_mtd() scan_header mtd_read mtd_read_oob mtd_read_oob_std gluebi_read mtd->read() gluebi->desc - NULL Detailed reproduction information available at the Link [1], In the normal case, obtain gluebi->desc in the gluebi_get_device(), and access gluebi->desc in the gluebi_read(). However, gluebi_get_device() is not executed in advance in the ftl_add_mtd() process, which leads to NULL pointer dereference. The solution for the gluebi module is to run jffs2 on the UBI volume without considering working with ftl or mtdblock [2]. Therefore, this problem can be avoided by preventing gluebi from creating the mtdblock device after creating mtd partition of the type MTD_UBIVOLUME. CVE-2023-52449 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. When the search fails, the cursor is left pointing to &drmem_info->lmbs[drmem_info->n_lmbs], which is one element past the last valid entry in the array. The debug message at the end of the function then dereferences this pointer: pr_debug("Failed to hot-remove memory at %llx\n", lmb->base_addr); This was found by inspection and confirmed with KASAN: pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234 ================================================================== BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658 Read of size 8 at addr c000000364e97fd0 by task bash/949 dump_stack_lvl+0xa4/0xfc (unreliable) print_report+0x214/0x63c kasan_report+0x140/0x2e0 __asan_load8+0xa8/0xe0 dlpar_memory+0x298/0x1658 handle_dlpar_errorlog+0x130/0x1d0 dlpar_store+0x18c/0x3e0 kobj_attr_store+0x68/0xa0 sysfs_kf_write+0xc4/0x110 kernfs_fop_write_iter+0x26c/0x390 vfs_write+0x2d4/0x4e0 ksys_write+0xac/0x1a0 system_call_exception+0x268/0x530 system_call_vectored_common+0x15c/0x2ec Allocated by task 1: kasan_save_stack+0x48/0x80 kasan_set_track+0x34/0x50 kasan_save_alloc_info+0x34/0x50 __kasan_kmalloc+0xd0/0x120 __kmalloc+0x8c/0x320 kmalloc_array.constprop.0+0x48/0x5c drmem_init+0x2a0/0x41c do_one_initcall+0xe0/0x5c0 kernel_init_freeable+0x4ec/0x5a0 kernel_init+0x30/0x1e0 ret_from_kernel_user_thread+0x14/0x1c The buggy address belongs to the object at c000000364e80000 which belongs to the cache kmalloc-128k of size 131072 The buggy address is located 0 bytes to the right of allocated 98256-byte region [c000000364e80000, c000000364e97fd0) ================================================================== pseries-hotplug-mem: Failed to hot-remove memory at 0 Log failed lookups with a separate message and dereference the cursor only when it points to a valid entry. CVE-2023-52451 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr': drivers/edac/thunderx_edac.c:1136:17: error: 'strncat' specified bound 1024 equals destination size [-Werror=stringop-overflow=] 1136 | strncat(msg, other, OCX_MESSAGE_SIZE); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... 1145 | strncat(msg, other, OCX_MESSAGE_SIZE); ... 1150 | strncat(msg, other, OCX_MESSAGE_SIZE); ... Apparently the author of this driver expected strncat() to behave the way that strlcat() does, which uses the size of the destination buffer as its third argument rather than the length of the source buffer. The result is that there is no check on the size of the allocated buffer. Change it to strlcat(). [ bp: Trim compiler output, fixup commit message. ] CVE-2023-52464 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermate_device struct. When an asynchronous control message completes after the kfree and its callback is invoked, the lock does not exist anymore and hence the bug. Use usb_kill_urb() on pm->config to cancel any in-progress requests upon device disconnection. [1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e CVE-2023-52475 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU) races when it races with itself. hidpp_connect_event() primarily runs from a workqueue but it also runs on probe() and if a "device-connected" packet is received by the hw when the thread running hidpp_connect_event() from probe() is waiting on the hw, then a second thread running hidpp_connect_event() will be started from the workqueue. This opens the following races (note the below code is simplified): 1. Retrieving + printing the protocol (harmless race): if (!hidpp->protocol_major) { hidpp_root_get_protocol_version() hidpp->protocol_major = response.rap.params[0]; } We can actually see this race hit in the dmesg in the abrt output attached to rhbz#2227968: [ 3064.624215] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected. [ 3064.658184] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected. Testing with extra logging added has shown that after this the 2 threads take turn grabbing the hw access mutex (send_mutex) so they ping-pong through all the other TOCTOU cases managing to hit all of them: 2. Updating the name to the HIDPP name (harmless race): if (hidpp->name == hdev->name) { ... hidpp->name = new_name; } 3. Initializing the power_supply class for the battery (problematic!): hidpp_initialize_battery() { if (hidpp->battery.ps) return 0; probe_battery(); /* Blocks, threads take turns executing this */ hidpp->battery.desc.properties = devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL); hidpp->battery.ps = devm_power_supply_register(&hidpp->hid_dev->dev, &hidpp->battery.desc, cfg); } 4. Creating delayed input_device (potentially problematic): if (hidpp->delayed_input) return; hidpp->delayed_input = hidpp_allocate_input(hdev); The really big problem here is 3. Hitting the race leads to the following sequence: hidpp->battery.desc.properties = devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL); hidpp->battery.ps = devm_power_supply_register(&hidpp->hid_dev->dev, &hidpp->battery.desc, cfg); ... hidpp->battery.desc.properties = devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL); hidpp->battery.ps = devm_power_supply_register(&hidpp->hid_dev->dev, &hidpp->battery.desc, cfg); So now we have registered 2 power supplies for the same battery, which looks a bit weird from userspace's pov but this is not even the really big problem. Notice how: 1. This is all devm-maganaged 2. The hidpp->battery.desc struct is shared between the 2 power supplies 3. hidpp->battery.desc.properties points to the result from the second devm_kmemdup() This causes a use after free scenario on USB disconnect of the receiver: 1. The last registered power supply class device gets unregistered 2. The memory from the last devm_kmemdup() call gets freed, hidpp->battery.desc.properties now points to freed memory 3. The first registered power supply class device gets unregistered, this involves sending a remove uevent to userspace which invokes power_supply_uevent() to fill the uevent data 4. power_supply_uevent() uses hidpp->battery.desc.properties which now points to freed memory leading to backtraces like this one: Sep 22 20:01:35 eric kernel: BUG: unable to handle page fault for address: ffffb2140e017f08 ... Sep 22 20:01:35 eric kernel: Workqueue: usb_hub_wq hub_event Sep 22 20:01:35 eric kernel: RIP: 0010:power_supply_uevent+0xee/0x1d0 ... Sep 22 20:01:35 eric kernel: ? asm_exc_page_fault+0x26/0x30 Sep 22 20:01:35 eric kernel: ? power_supply_uevent+0xee/0x1d0 Sep 22 20:01:35 eric kernel: ? power_supply_uevent+0x10d/0x1d0 Sep 22 20:01:35 eric kernel: dev_uevent+0x10f/0x2d0 Sep 22 20:01:35 eric kernel: kobject_uevent_env+0x291/0x680 Sep 22 20:01:35 eric kernel: ---truncated--- CVE-2023-52478 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too. CVE-2023-52482 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock should happen before releasing the lock. nfc_llcp_sock_get_sn() has a similar problem. Finally nfc_llcp_recv_snl() needs to make sure the socket found by nfc_llcp_sock_from_sn() does not disappear. CVE-2023-52502 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by returning an error code and converting that to success on the cfg80211 boundary only, leaving the error for bad callers of ieee80211_gtk_rekey_add(). CVE-2023-52530 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + sizeof(struct ieee80211_channel) + sizeof(struct ieee80211_rate) 'mvm->nvm_data' is a 'struct iwl_nvm_data', so it is fine. At the end of this structure, there is the 'channels' flex array. Each element is of type 'struct ieee80211_channel'. So only 1 element is allocated in this array. When doing: mvm->nvm_data->bands[0].channels = mvm->nvm_data->channels; We point at the first element of the 'channels' flex array. So this is fine. However, when doing: mvm->nvm_data->bands[0].bitrates = (void *)((u8 *)mvm->nvm_data->channels + 1); because of the "(u8 *)" cast, we add only 1 to the address of the beginning of the flex array. It is likely that we want point at the 'struct ieee80211_rate' allocated just after. Remove the spurious casting so that the pointer arithmetic works as expected. CVE-2023-52531 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type (probably from a newer hardware), still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by injecting corrupted packets, so replace the WARN_ONCE to ratelimited error logging. CVE-2023-52532 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q] ... Call Trace: <TASK> ? __die+0x24/0x70 ? page_fault_oops+0x82/0x150 ? exc_page_fault+0x69/0x150 ? asm_exc_page_fault+0x26/0x30 ? vlan_dev_hard_header+0x35/0x140 [8021q] ? vlan_dev_hard_header+0x8e/0x140 [8021q] neigh_connected_output+0xb2/0x100 ip6_finish_output2+0x1cb/0x520 ? nf_hook_slow+0x43/0xc0 ? ip6_mtu+0x46/0x80 ip6_finish_output+0x2a/0xb0 mld_sendpack+0x18f/0x250 mld_ifc_work+0x39/0x160 process_one_work+0x1e6/0x3f0 worker_thread+0x4d/0x2f0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe5/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 [1] $ teamd -t team0 -d -c '{"runner": {"name": "loadbalance"}}' $ ip link add name t-dummy type dummy $ ip link add link t-dummy name t-dummy.100 type vlan id 100 $ ip link add name t-nlmon type nlmon $ ip link set t-nlmon master team0 $ ip link set t-nlmon nomaster $ ip link set t-dummy up $ ip link set team0 up $ ip link set t-dummy.100 down $ ip link set t-dummy.100 master team0 When enslave a vlan device to team device and team device type is changed from non-ether to ether, header_ops of team device is changed to vlan_header_ops. That is incorrect and will trigger null-ptr-deref for vlan->real_dev in vlan_dev_hard_header() because team device is not a vlan device. Cache eth_header_ops in team_setup(), then assign cached header_ops to header_ops of team net device when its type is changed from non-ether to ether to fix the bug. CVE-2023-52574 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control (fpc) register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the host process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space / host process fpc register value, however it will be discarded, when returning to user space. In result the host process will incorrectly continue to run with the value that was supposed to be used for a guest cpu. Fix this by simply removing the test. There is another test right before the SIE context is entered which will handles invalid values. This results in a change of behaviour: invalid values will now be accepted instead of that the ioctl fails with -EINVAL. This seems to be acceptable, given that this interface is most likely not used anymore, and this is in addition the same behaviour implemented with the memory mapped interface (replace invalid values with zero) - see sync_regs() in kvm-s390.c. CVE-2023-52597 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2023-52605 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. CVE-2023-5388 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libfreebl3-3.90.2-58.111.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libsoftokn3-3.90.2-58.111.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:mozilla-nss-3.90.2-58.111.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:mozilla-nss-certs-3.90.2-58.111.1 moderate A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. CVE-2023-6004 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libssh4-0.9.8-3.12.2 moderate An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. CVE-2023-6040 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. CVE-2023-6356 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. CVE-2023-6535 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. CVE-2023-6536 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. CVE-2023-6597 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libpython3_4m1_0-3.4.10-25.124.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python3-3.4.10-25.124.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python3-base-3.4.10-25.124.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python3-curses-3.4.10-25.124.1 important A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. CVE-2023-6918 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libssh4-0.9.8-3.12.2 important Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames. CVE-2023-7207 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cpio-2.11-36.21.1 low A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. CVE-2024-0340 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 low A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality. CVE-2024-0607 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. CVE-2024-0727 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libopenssl0_9_8-0.9.8j-106.64.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libopenssl1_0_0-1.0.2p-3.90.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libopenssl1_1-1.1.1d-2.104.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:openssl-1_0_0-1.0.2p-3.90.1 low A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. CVE-2024-0775 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 important A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. CVE-2024-1086 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 important A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. CVE-2024-1151 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. CVE-2024-1441 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libvirt-client-5.1.0-13.42.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libvirt-libs-5.1.0-13.42.1 moderate When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug. CVE-2024-2004 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:curl-8.0.1-11.86.2 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libcurl4-8.0.1-11.86.2 low Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. CVE-2024-22667 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-9.1.0111-17.29.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:vim-data-common-9.1.0111-17.29.1 important In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. CVE-2024-23849 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl. CVE-2024-23851 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application. CVE-2024-2398 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:curl-8.0.1-11.86.2 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libcurl4-8.0.1-11.86.2 moderate A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. CVE-2024-2494 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libvirt-client-5.1.0-13.42.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libvirt-libs-5.1.0-13.42.1 moderate A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. CVE-2024-2496 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libvirt-client-5.1.0-13.42.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libvirt-libs-5.1.0-13.42.1 moderate An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. CVE-2024-25062 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libxml2-2-2.9.4-46.71.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libxml2-tools-2.9.4-46.71.1 important Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. CVE-2024-26458 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:krb5-1.16.3-46.6.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:krb5-client-1.16.3-46.6.1 important Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. CVE-2024-26461 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:krb5-1.16.3-46.6.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:krb5-client-1.16.3-46.6.1 moderate In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do. CVE-2024-26585 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer dereference upon 'region->group->tcam' [1]. Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam(). [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0 [...] Call Trace: mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b CVE-2024-26595 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Ethernet gadget triggering a wakeup for example: configfs-gadget.g1 gadget.0: ECM Suspend configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup ... Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute ... PC is at 0x0 LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc] ... musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core] usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether] eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4 sch_direct_xmit from __dev_queue_xmit+0x334/0xd88 __dev_queue_xmit from arp_solicit+0xf0/0x268 arp_solicit from neigh_probe+0x54/0x7c neigh_probe from __neigh_event_send+0x22c/0x47c __neigh_event_send from neigh_resolve_output+0x14c/0x1c0 neigh_resolve_output from ip_finish_output2+0x1c8/0x628 ip_finish_output2 from ip_send_skb+0x40/0xd8 ip_send_skb from udp_send_skb+0x124/0x340 udp_send_skb from udp_sendmsg+0x780/0x984 udp_sendmsg from __sys_sendto+0xd8/0x158 __sys_sendto from ret_fast_syscall+0x0/0x58 Let's fix the issue by checking for send_srp() and set_vbus() before calling them. For USB peripheral only cases these both could be NULL. CVE-2024-26600 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 moderate In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems. CVE-2024-26622 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:cluster-md-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:dlm-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:gfs2-kmp-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:kernel-default-4.12.14-122.201.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:ocfs2-kmp-default-4.12.14-122.201.1 important wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. CVE-2024-28085 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libblkid1-2.33.2-4.36.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libfdisk1-2.33.2-4.36.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libmount1-2.33.2-4.36.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libsmartcols1-2.33.2-4.36.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libuuid1-2.33.2-4.36.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:util-linux-2.33.2-4.36.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:util-linux-systemd-2.33.2-4.36.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:uuidd-2.33.2-4.36.1 important nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability. CVE-2024-28182 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libnghttp2-14-1.39.2-3.18.1 important In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file. CVE-2024-31744 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:libjasper1-1.900.14-195.40.1 moderate A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. CVE-2024-3651 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python-idna-2.5-3.13.1 Public Cloud Image google/sles-12-sp5-sap-byos-v20240426-x86-64:python3-idna-2.5-3.13.1 moderate