Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3189-1 Final 1 1 2024-09-10T08:45:03Z current 2024-09-10T08:45:03Z 2024-09-10T08:45:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-43907: drm/amdgpu/pm: fix the null pointer dereference in apply_state_adjust_rules (bsc#1229787). - CVE-2024-43905: drm/amd/pm: fix the null pointer dereference for vega10_hwmgr (bsc#1229784). - CVE-2024-43902: Add null checker before passing variables (bsc#1229767). - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756). - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43879: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (bsc#1229482). - CVE-2024-43872: RDMA/hns: Fix soft lockup under heavy CEQE load (bsc#1229489). - CVE-2024-43871: devres: Fix memory leakage caused by driver API devm_free_percpu() (bsc#1229490). - CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-43863: drm/vmwgfx: Fix a deadlock in dma buf fence polling (bsc#1229497). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2024-43856: dma: fix call order in dmam_free_coherent (bsc#1229346). - CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes). - CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-42310: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (bsc#1229358). - CVE-2024-42309: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (bsc#1229359). - CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42285: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (bsc#1229381). - CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388) - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-42259: drm/i915/gem: fix Virtual Memory mapping boundaries calculation (bsc#1229156). - CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42244: usb: serial: mos7840: fix crash on resume (bsc#1228967). - CVE-2024-42236: usb: gadget: configfs: prevent OOB read/write in usb_string_copy() (bsc#1228964). - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667). - CVE-2024-42226: usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709). - CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727). - CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-42101: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (bsc#1228495). - CVE-2024-42090: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (bsc#1228449). - CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-41098: ata: libata-core: Fix null pointer dereference on error (bsc#1228467). - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466). - CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576). - CVE-2024-41035: usb: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (bsc#1228485). - CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-40984: ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (bsc#1227820). - CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-38618: ALSA: timer: Set lower bound of start tick time (bsc#1226754). - CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578). - CVE-2024-35965: Bluetooth: L2CAP: Fix not validating setsockopt user input (bsc#1224579). - CVE-2024-35933: Bluetooth: btintel: Fix null ptr deref in btintel_read_version (bsc#1224640). - CVE-2024-35915: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (bsc#1224479). - CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803). - CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808). - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335). - CVE-2023-52907: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (bsc#1229526). - CVE-2023-52893: gsmi: fix null-deref in gsmi_get_variable (bsc#1229535). - CVE-2023-52708: mmc: mmc_spi: fix error handling in mmc_spi_probe() (bsc#1225483). - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658). - CVE-2022-48910: net: ipv6: ensure we call ipv6_mc_down() at most once (bsc#1229632). - CVE-2022-48875: wifi: mac80211: sdata can be NULL during AMPDU start (bsc#1229516). - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065). - CVE-2022-48822: usb: f_fs: fix use-after-free for epfile (bsc#1228040). - CVE-2022-48786: vsock: remove vsock from connected table when connect is interrupted by a signal (bsc#1227996). - CVE-2022-48769: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines (bsc#1226629). - CVE-2022-48751: net/smc: transitional solution for clcsock race issue (bsc#1226653). - CVE-2021-47549: sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (bsc#1225508). - CVE-2021-47425: i2c: acpi: fix resource leak in reconfiguration device addition (bsc#1225223). - CVE-2021-47373: irqchip/gic-v3-its: Fix potential VPE leak on error (bsc#1225190). - CVE-2021-47341: KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (bsc#1224923). - CVE-2021-47289: ACPI: fix NULL pointer dereference (bsc#1224984). - CVE-2021-47257: net: ieee802154: fix null deref in parse dev addr (bsc#1224896). - CVE-2021-4440: x86/xen: drop USERGS_SYSRET64 paravirt call (bsc#1227069). The following non-security bugs were fixed: - Bluetooth: L2CAP: Fix deadlock (git-fixes). - KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID (git-fixes bsc#1229222). - Revert 'irqdomain: Fixed unbalanced fwnode get and put (git-fixes).' (bsc#1229851) - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes) - btrfs: Remove unused op_key var from add_delayed_refs (bsc#1228982). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1228982). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - char: tpm: Protect tpm_pm_suspend with locks (bsc#1082555). - cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229457). - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes). - genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes). - genirq/irqdesc: Do not try to remove non-existing sysfs files (git-fixes). - genirq/irqdomain: Check pointer in irq_domain_alloc_irqs_hierarchy() (git-fixes). - genirq/msi: Activate Multi-MSI early when MSI_FLAG_ACTIVATE_EARLY is set (git-fixes). - genirq/msi: Ensure deactivation on teardown (git-fixes). - genirq/proc: Reject invalid affinity masks (again) (git-fixes). - genirq: Delay deactivation in free_irq() (git-fixes). - genirq: Make sure the initial affinity is not empty (git-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - ip6_tunnel: Fix broken GRO (bsc#1226323). - irqdomain: Drop bogus fwspec-mapping error handling (git-fixes). - irqdomain: Fix association race (git-fixes). - irqdomain: Fix domain registration race (git-fixes). - irqdomain: Fix mapping-creation race (git-fixes). - irqdomain: Fixed unbalanced fwnode get and put (git-fixes). - irqdomain: Look for existing mapping only once (git-fixes). - irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes). - kABI: Do not rename tpm_getcap (bsc#1082555). - kABI: Hide the new last_cc member in a hole in struct tpm_chip (bsc#1082555). - kABI: Instead of changing the pcr argument type add a local variable of the desired type, and assign it from the actual argument (bsc#1082555). - kABI: do not change return type of tpm_tis_update_timeouts (bsc#1082555). - kABI: do not rename tpm_do_selftest, tpm_pcr_read_dev, and tpm1_getcap (bsc#1082555). - kABI: genirq: Delay deactivation in free_irq() (kabi git-fixes). - kABI: no need to store the tpm long long duration in tpm_chip struct, it is an arbitrary hardcoded value (bsc#1082555). - kABI: re-export tpm2_calc_ordinal_duration (bsc#1082555). - kABI: tpm-interface: Hide new include from genksyms (bsc#1082555). - kABI: tpm2-space: Do not add buf_size to struct tpm_space (bsc#1082555). - kabi/severities: Ignore tpm_transmit_cmd and tpm_tis_core_init (bsc#1082555). - memcg: protect concurrent access to mem_cgroup_idr (git-fixes). - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - net: mana: Fix race on per-CQ variable napi work_done (bsc#1229154). - netfilter: nf_conntrack_h323: restore boundary check correctness (bsc#1223074) - netfilter: nf_ct_h323: Convert CHECK_BOUND macro to function (bsc#1223074) - netfilter: nf_ct_h323: Extend nf_h323_error_boundary to work on bits as well (bsc#1223074) - netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack (bsc#1223074) - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix kcov check in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229229). - scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252 bsc#1229462). - tpm, tpm: Implement usage counter for locality (bsc#1082555). - tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (bsc#1082555). - tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555). - tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555). - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1082555). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1082555). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (bsc#1082555). - tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1082555). - tpm, tpm_tis: Only handle supported interrupts (bsc#1082555). - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1082555). - tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555). - tpm, tpmrm: Mark tpmrm_write as static (bsc#1082555). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (bsc#1082555). - tpm1: implement tpm1_pcr_read_dev() using tpm_buf structure (bsc#1082555). - tpm1: reimplement SAVESTATE using tpm_buf (bsc#1082555). - tpm1: reimplement tpm1_continue_selftest() using tpm_buf (bsc#1082555). - tpm1: rename tpm1_pcr_read_dev to tpm1_pcr_read() (bsc#1082555). - tpm2: add longer timeouts for creation commands (bsc#1082555). - tpm: Actually fail on TPM errors during 'get random' (bsc#1082555). - tpm: Add a flag to indicate TPM power is managed by firmware (bsc#1082555). - tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555). - tpm: Fix TIS locality timeout problems (bsc#1082555). - tpm: Fix buffer access in tpm2_get_tpm_pt() (bsc#1082555). - tpm: Fix error handling in async work (bsc#1082555). - tpm: Fix null pointer dereference on chip register error path (bsc#1082555). - tpm: Handle negative priv->response_len in tpm_common_read() (bsc#1082555). - tpm: Prevent hwrng from activating during resume (bsc#1082555). - tpm: Remove tpm_dev_wq_lock (bsc#1082555). - tpm: Replace WARN_ONCE() with dev_err_once() in tpm_tis_status() (bsc#1082555). - tpm: Revert 'tpm_tis: reserve chip for duration of tpm_tis_core_init' (bsc#1082555). - tpm: Revert 'tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts' (bsc#1082555). - tpm: Revert 'tpm_tis_core: Turn on the TPM before probing IRQ's' (bsc#1082555). - tpm: Unify the mismatching TPM space buffer sizes (bsc#1082555). - tpm: Wrap the buffer from the caller to tpm_buf in tpm_send() (bsc#1082555). - tpm: access command header through struct in tpm_try_transmit() (bsc#1082555). - tpm: add ptr to the tpm_space struct to file_priv (bsc#1082555). - tpm: add support for nonblocking operation (bsc#1082555). - tpm: add support for partial reads (bsc#1082555). - tpm: add tpm_auto_startup() into tpm-interface.c (bsc#1082555). - tpm: add tpm_calc_ordinal_duration() wrapper (bsc#1082555). - tpm: clean up tpm_try_transmit() error handling flow (bsc#1082555). - tpm: declare struct tpm_header (bsc#1082555). - tpm: do not return bool from update_timeouts (bsc#1082555). - tpm: encapsulate tpm_dev_transmit() (bsc#1082555). - tpm: factor out tpm 1.x duration calculation to tpm1-cmd.c (bsc#1082555). - tpm: factor out tpm 1.x pm suspend flow into tpm1-cmd.c (bsc#1082555). - tpm: factor out tpm1_get_random into tpm1-cmd.c (bsc#1082555). - tpm: factor out tpm_get_timeouts() (bsc#1082555). - tpm: factor out tpm_startup function (bsc#1082555). - tpm: fix Atmel TPM crash caused by too frequent queries (bsc#1082555). - tpm: fix NPE on probe for missing device (bsc#1082555). - tpm: fix an invalid condition in tpm_common_poll (bsc#1082555). - tpm: fix buffer type in tpm_transmit_cmd (bsc#1082555). - tpm: fix byte order related arithmetic inconsistency in tpm_getcap() (bsc#1082555). - tpm: fix invalid locking in NONBLOCKING mode (bsc#1082555). - tpm: fix invalid return value in pubek_show() (bsc#1082555). - tpm: introduce tpm_chip_start() and tpm_chip_stop() (bsc#1082555). - tpm: migrate pubek_show to struct tpm_buf (bsc#1082555). - tpm: migrate tpm2_get_random() to use struct tpm_buf (bsc#1082555). - tpm: migrate tpm2_get_tpm_pt() to use struct tpm_buf (bsc#1082555). - tpm: migrate tpm2_probe() to use struct tpm_buf (bsc#1082555). - tpm: migrate tpm2_shutdown() to use struct tpm_buf (bsc#1082555). - tpm: move TPM 1.2 code of tpm_pcr_extend() to tpm1_pcr_extend() (bsc#1082555). - tpm: move TPM space code out of tpm_transmit() (bsc#1082555). - tpm: move tpm 1.x selftest code from tpm-interface.c tpm1-cmd.c (bsc#1082555). - tpm: move tpm1_pcr_extend to tpm1-cmd.c (bsc#1082555). - tpm: move tpm_getcap to tpm1-cmd.c (bsc#1082555). - tpm: move tpm_validate_commmand() to tpm2-space.c (bsc#1082555). - tpm: print tpm2_commit_space() error inside tpm2_commit_space() (bsc#1082555). - tpm: remove @flags from tpm_transmit() (bsc#1082555). - tpm: remove @space from tpm_transmit() (bsc#1082555). - tpm: remove TPM_TRANSMIT_UNLOCKED flag (bsc#1082555). - tpm: remove struct tpm_pcrextend_in (bsc#1082555). - tpm: rename tpm_chip_find_get() to tpm_find_get_ops() (bsc#1082555). - tpm: replace TPM_TRANSMIT_RAW with TPM_TRANSMIT_NESTED (bsc#1082555). - tpm: return 0 from pcrs_show() when tpm1_pcr_read() fails (bsc#1082555). - tpm: take TPM chip power gating out of tpm_transmit() (bsc#1082555). - tpm: tpm1: rewrite tpm1_get_random() using tpm_buf structure (bsc#1082555). - tpm: tpm1_bios_measurements_next should increase position index (bsc#1082555). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (bsc#1082555). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (bsc#1082555). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (bsc#1082555). - tpm: turn on TPM on suspend for TPM 1.x (bsc#1082555). - tpm: use tpm_buf in tpm_transmit_cmd() as the IO parameter (bsc#1082555). - tpm: use tpm_msleep() value as max delay (bsc#1082555). - tpm: use tpm_try_get_ops() in tpm-sysfs.c (bsc#1082555). - tpm: use u32 instead of int for PCR index (bsc#1082555). - tpm: vtpm_proxy: Avoid reading host log when using a virtual device (bsc#1082555). - tpm: vtpm_proxy: Prevent userspace from sending driver command (bsc#1082555). - tpm_tis: Add a check for invalid status (bsc#1082555). - tpm_tis: Explicitly check for error code (bsc#1082555). - tpm_tis: Fix an error handling path in 'tpm_tis_core_init()' (bsc#1082555). - tpm_tis: Resend command to recover from data transfer errors (bsc#1082555). - tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555). - tpm_tis: reserve chip for duration of tpm_tis_core_init (bsc#1082555). - tpm_tis_core: Turn on the TPM before probing IRQ's (bsc#1082555). - vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes). - xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix uninitialized variable access (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-3189,SUSE-SLE-RT-12-SP5-2024-3189 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ Link for SUSE-SU-2024:3189-1 https://lists.suse.com/pipermail/sle-security-updates/2024-September/019404.html E-Mail link for SUSE-SU-2024:3189-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1082555 SUSE Bug 1082555 https://bugzilla.suse.com/1190317 SUSE Bug 1190317 https://bugzilla.suse.com/1196516 SUSE Bug 1196516 https://bugzilla.suse.com/1205462 SUSE Bug 1205462 https://bugzilla.suse.com/1210629 SUSE Bug 1210629 https://bugzilla.suse.com/1214285 SUSE Bug 1214285 https://bugzilla.suse.com/1216834 SUSE Bug 1216834 https://bugzilla.suse.com/1221252 SUSE Bug 1221252 https://bugzilla.suse.com/1222335 SUSE Bug 1222335 https://bugzilla.suse.com/1222387 SUSE Bug 1222387 https://bugzilla.suse.com/1222808 SUSE Bug 1222808 https://bugzilla.suse.com/1223074 SUSE Bug 1223074 https://bugzilla.suse.com/1223803 SUSE Bug 1223803 https://bugzilla.suse.com/1224479 SUSE Bug 1224479 https://bugzilla.suse.com/1224579 SUSE Bug 1224579 https://bugzilla.suse.com/1224640 SUSE Bug 1224640 https://bugzilla.suse.com/1224896 SUSE Bug 1224896 https://bugzilla.suse.com/1224923 SUSE Bug 1224923 https://bugzilla.suse.com/1224984 SUSE Bug 1224984 https://bugzilla.suse.com/1225190 SUSE Bug 1225190 https://bugzilla.suse.com/1225223 SUSE Bug 1225223 https://bugzilla.suse.com/1225483 SUSE Bug 1225483 https://bugzilla.suse.com/1225508 SUSE Bug 1225508 https://bugzilla.suse.com/1225578 SUSE Bug 1225578 https://bugzilla.suse.com/1226323 SUSE Bug 1226323 https://bugzilla.suse.com/1226629 SUSE Bug 1226629 https://bugzilla.suse.com/1226653 SUSE Bug 1226653 https://bugzilla.suse.com/1226754 SUSE Bug 1226754 https://bugzilla.suse.com/1226798 SUSE Bug 1226798 https://bugzilla.suse.com/1226801 SUSE Bug 1226801 https://bugzilla.suse.com/1226885 SUSE Bug 1226885 https://bugzilla.suse.com/1227069 SUSE Bug 1227069 https://bugzilla.suse.com/1227623 SUSE Bug 1227623 https://bugzilla.suse.com/1227820 SUSE Bug 1227820 https://bugzilla.suse.com/1227996 SUSE Bug 1227996 https://bugzilla.suse.com/1228040 SUSE Bug 1228040 https://bugzilla.suse.com/1228065 SUSE Bug 1228065 https://bugzilla.suse.com/1228247 SUSE Bug 1228247 https://bugzilla.suse.com/1228410 SUSE Bug 1228410 https://bugzilla.suse.com/1228427 SUSE Bug 1228427 https://bugzilla.suse.com/1228449 SUSE Bug 1228449 https://bugzilla.suse.com/1228466 SUSE Bug 1228466 https://bugzilla.suse.com/1228467 SUSE Bug 1228467 https://bugzilla.suse.com/1228482 SUSE Bug 1228482 https://bugzilla.suse.com/1228485 SUSE Bug 1228485 https://bugzilla.suse.com/1228487 SUSE Bug 1228487 https://bugzilla.suse.com/1228493 SUSE Bug 1228493 https://bugzilla.suse.com/1228495 SUSE Bug 1228495 https://bugzilla.suse.com/1228501 SUSE Bug 1228501 https://bugzilla.suse.com/1228513 SUSE Bug 1228513 https://bugzilla.suse.com/1228516 SUSE Bug 1228516 https://bugzilla.suse.com/1228576 SUSE Bug 1228576 https://bugzilla.suse.com/1228579 SUSE Bug 1228579 https://bugzilla.suse.com/1228667 SUSE Bug 1228667 https://bugzilla.suse.com/1228706 SUSE Bug 1228706 https://bugzilla.suse.com/1228709 SUSE Bug 1228709 https://bugzilla.suse.com/1228720 SUSE Bug 1228720 https://bugzilla.suse.com/1228727 SUSE Bug 1228727 https://bugzilla.suse.com/1228733 SUSE Bug 1228733 https://bugzilla.suse.com/1228801 SUSE Bug 1228801 https://bugzilla.suse.com/1228850 SUSE Bug 1228850 https://bugzilla.suse.com/1228959 SUSE Bug 1228959 https://bugzilla.suse.com/1228964 SUSE Bug 1228964 https://bugzilla.suse.com/1228966 SUSE Bug 1228966 https://bugzilla.suse.com/1228967 SUSE Bug 1228967 https://bugzilla.suse.com/1228982 SUSE Bug 1228982 https://bugzilla.suse.com/1228989 SUSE Bug 1228989 https://bugzilla.suse.com/1229154 SUSE Bug 1229154 https://bugzilla.suse.com/1229156 SUSE Bug 1229156 https://bugzilla.suse.com/1229222 SUSE Bug 1229222 https://bugzilla.suse.com/1229229 SUSE Bug 1229229 https://bugzilla.suse.com/1229290 SUSE Bug 1229290 https://bugzilla.suse.com/1229292 SUSE Bug 1229292 https://bugzilla.suse.com/1229301 SUSE Bug 1229301 https://bugzilla.suse.com/1229309 SUSE Bug 1229309 https://bugzilla.suse.com/1229327 SUSE Bug 1229327 https://bugzilla.suse.com/1229345 SUSE Bug 1229345 https://bugzilla.suse.com/1229346 SUSE Bug 1229346 https://bugzilla.suse.com/1229347 SUSE Bug 1229347 https://bugzilla.suse.com/1229357 SUSE Bug 1229357 https://bugzilla.suse.com/1229358 SUSE Bug 1229358 https://bugzilla.suse.com/1229359 SUSE Bug 1229359 https://bugzilla.suse.com/1229381 SUSE Bug 1229381 https://bugzilla.suse.com/1229382 SUSE Bug 1229382 https://bugzilla.suse.com/1229386 SUSE Bug 1229386 https://bugzilla.suse.com/1229388 SUSE Bug 1229388 https://bugzilla.suse.com/1229392 SUSE Bug 1229392 https://bugzilla.suse.com/1229395 SUSE Bug 1229395 https://bugzilla.suse.com/1229398 SUSE Bug 1229398 https://bugzilla.suse.com/1229399 SUSE Bug 1229399 https://bugzilla.suse.com/1229400 SUSE Bug 1229400 https://bugzilla.suse.com/1229407 SUSE Bug 1229407 https://bugzilla.suse.com/1229457 SUSE Bug 1229457 https://bugzilla.suse.com/1229462 SUSE Bug 1229462 https://bugzilla.suse.com/1229482 SUSE Bug 1229482 https://bugzilla.suse.com/1229489 SUSE Bug 1229489 https://bugzilla.suse.com/1229490 SUSE Bug 1229490 https://bugzilla.suse.com/1229495 SUSE Bug 1229495 https://bugzilla.suse.com/1229497 SUSE Bug 1229497 https://bugzilla.suse.com/1229500 SUSE Bug 1229500 https://bugzilla.suse.com/1229503 SUSE Bug 1229503 https://bugzilla.suse.com/1229516 SUSE Bug 1229516 https://bugzilla.suse.com/1229526 SUSE Bug 1229526 https://bugzilla.suse.com/1229531 SUSE Bug 1229531 https://bugzilla.suse.com/1229535 SUSE Bug 1229535 https://bugzilla.suse.com/1229536 SUSE Bug 1229536 https://bugzilla.suse.com/1229540 SUSE Bug 1229540 https://bugzilla.suse.com/1229604 SUSE Bug 1229604 https://bugzilla.suse.com/1229623 SUSE Bug 1229623 https://bugzilla.suse.com/1229624 SUSE Bug 1229624 https://bugzilla.suse.com/1229630 SUSE Bug 1229630 https://bugzilla.suse.com/1229632 SUSE Bug 1229632 https://bugzilla.suse.com/1229657 SUSE Bug 1229657 https://bugzilla.suse.com/1229658 SUSE Bug 1229658 https://bugzilla.suse.com/1229664 SUSE Bug 1229664 https://bugzilla.suse.com/1229707 SUSE Bug 1229707 https://bugzilla.suse.com/1229756 SUSE Bug 1229756 https://bugzilla.suse.com/1229759 SUSE Bug 1229759 https://bugzilla.suse.com/1229761 SUSE Bug 1229761 https://bugzilla.suse.com/1229767 SUSE Bug 1229767 https://bugzilla.suse.com/1229784 SUSE Bug 1229784 https://bugzilla.suse.com/1229787 SUSE Bug 1229787 https://bugzilla.suse.com/1229851 SUSE Bug 1229851 https://www.suse.com/security/cve/CVE-2021-4440/ SUSE CVE CVE-2021-4440 page https://www.suse.com/security/cve/CVE-2021-47257/ SUSE CVE CVE-2021-47257 page https://www.suse.com/security/cve/CVE-2021-47289/ SUSE CVE CVE-2021-47289 page https://www.suse.com/security/cve/CVE-2021-47341/ SUSE CVE CVE-2021-47341 page https://www.suse.com/security/cve/CVE-2021-47373/ SUSE CVE CVE-2021-47373 page https://www.suse.com/security/cve/CVE-2021-47425/ SUSE CVE CVE-2021-47425 page https://www.suse.com/security/cve/CVE-2021-47549/ SUSE CVE CVE-2021-47549 page https://www.suse.com/security/cve/CVE-2022-48751/ SUSE CVE CVE-2022-48751 page https://www.suse.com/security/cve/CVE-2022-48769/ SUSE CVE CVE-2022-48769 page https://www.suse.com/security/cve/CVE-2022-48786/ SUSE CVE CVE-2022-48786 page https://www.suse.com/security/cve/CVE-2022-48822/ SUSE CVE CVE-2022-48822 page https://www.suse.com/security/cve/CVE-2022-48865/ SUSE CVE CVE-2022-48865 page https://www.suse.com/security/cve/CVE-2022-48875/ SUSE CVE CVE-2022-48875 page https://www.suse.com/security/cve/CVE-2022-48896/ SUSE CVE CVE-2022-48896 page https://www.suse.com/security/cve/CVE-2022-48899/ SUSE CVE CVE-2022-48899 page https://www.suse.com/security/cve/CVE-2022-48905/ SUSE CVE CVE-2022-48905 page https://www.suse.com/security/cve/CVE-2022-48910/ SUSE CVE CVE-2022-48910 page https://www.suse.com/security/cve/CVE-2022-48919/ SUSE CVE CVE-2022-48919 page https://www.suse.com/security/cve/CVE-2022-48920/ SUSE CVE CVE-2022-48920 page https://www.suse.com/security/cve/CVE-2022-48925/ SUSE CVE CVE-2022-48925 page https://www.suse.com/security/cve/CVE-2022-48930/ SUSE CVE CVE-2022-48930 page https://www.suse.com/security/cve/CVE-2022-48931/ SUSE CVE CVE-2022-48931 page https://www.suse.com/security/cve/CVE-2022-48938/ SUSE CVE CVE-2022-48938 page https://www.suse.com/security/cve/CVE-2023-52708/ SUSE CVE CVE-2023-52708 page https://www.suse.com/security/cve/CVE-2023-52893/ SUSE CVE CVE-2023-52893 page https://www.suse.com/security/cve/CVE-2023-52901/ SUSE CVE CVE-2023-52901 page https://www.suse.com/security/cve/CVE-2023-52907/ SUSE CVE CVE-2023-52907 page https://www.suse.com/security/cve/CVE-2024-26668/ SUSE CVE CVE-2024-26668 page https://www.suse.com/security/cve/CVE-2024-26677/ SUSE CVE CVE-2024-26677 page https://www.suse.com/security/cve/CVE-2024-26812/ SUSE CVE CVE-2024-26812 page https://www.suse.com/security/cve/CVE-2024-26851/ SUSE CVE CVE-2024-26851 page https://www.suse.com/security/cve/CVE-2024-27011/ SUSE CVE CVE-2024-27011 page https://www.suse.com/security/cve/CVE-2024-35915/ SUSE CVE CVE-2024-35915 page https://www.suse.com/security/cve/CVE-2024-35933/ SUSE CVE CVE-2024-35933 page https://www.suse.com/security/cve/CVE-2024-35965/ SUSE CVE CVE-2024-35965 page https://www.suse.com/security/cve/CVE-2024-36013/ SUSE CVE CVE-2024-36013 page https://www.suse.com/security/cve/CVE-2024-36270/ SUSE CVE CVE-2024-36270 page https://www.suse.com/security/cve/CVE-2024-36286/ SUSE CVE CVE-2024-36286 page https://www.suse.com/security/cve/CVE-2024-38618/ SUSE CVE CVE-2024-38618 page https://www.suse.com/security/cve/CVE-2024-38662/ SUSE CVE CVE-2024-38662 page https://www.suse.com/security/cve/CVE-2024-39489/ SUSE CVE CVE-2024-39489 page https://www.suse.com/security/cve/CVE-2024-40984/ SUSE CVE CVE-2024-40984 page https://www.suse.com/security/cve/CVE-2024-41012/ SUSE CVE CVE-2024-41012 page https://www.suse.com/security/cve/CVE-2024-41016/ SUSE CVE CVE-2024-41016 page https://www.suse.com/security/cve/CVE-2024-41020/ SUSE CVE CVE-2024-41020 page https://www.suse.com/security/cve/CVE-2024-41035/ SUSE CVE CVE-2024-41035 page https://www.suse.com/security/cve/CVE-2024-41062/ SUSE CVE CVE-2024-41062 page https://www.suse.com/security/cve/CVE-2024-41068/ SUSE CVE CVE-2024-41068 page https://www.suse.com/security/cve/CVE-2024-41087/ SUSE CVE CVE-2024-41087 page https://www.suse.com/security/cve/CVE-2024-41097/ SUSE CVE CVE-2024-41097 page https://www.suse.com/security/cve/CVE-2024-41098/ SUSE CVE CVE-2024-41098 page https://www.suse.com/security/cve/CVE-2024-42077/ SUSE CVE CVE-2024-42077 page https://www.suse.com/security/cve/CVE-2024-42082/ SUSE CVE CVE-2024-42082 page https://www.suse.com/security/cve/CVE-2024-42090/ SUSE CVE CVE-2024-42090 page https://www.suse.com/security/cve/CVE-2024-42101/ SUSE CVE CVE-2024-42101 page https://www.suse.com/security/cve/CVE-2024-42106/ SUSE CVE CVE-2024-42106 page https://www.suse.com/security/cve/CVE-2024-42110/ SUSE CVE CVE-2024-42110 page https://www.suse.com/security/cve/CVE-2024-42148/ SUSE CVE CVE-2024-42148 page https://www.suse.com/security/cve/CVE-2024-42155/ SUSE CVE CVE-2024-42155 page https://www.suse.com/security/cve/CVE-2024-42157/ SUSE CVE CVE-2024-42157 page https://www.suse.com/security/cve/CVE-2024-42158/ SUSE CVE CVE-2024-42158 page https://www.suse.com/security/cve/CVE-2024-42162/ SUSE CVE CVE-2024-42162 page https://www.suse.com/security/cve/CVE-2024-42226/ SUSE CVE CVE-2024-42226 page https://www.suse.com/security/cve/CVE-2024-42228/ SUSE CVE CVE-2024-42228 page https://www.suse.com/security/cve/CVE-2024-42232/ SUSE CVE CVE-2024-42232 page https://www.suse.com/security/cve/CVE-2024-42236/ SUSE CVE CVE-2024-42236 page https://www.suse.com/security/cve/CVE-2024-42240/ SUSE CVE CVE-2024-42240 page https://www.suse.com/security/cve/CVE-2024-42244/ SUSE CVE CVE-2024-42244 page https://www.suse.com/security/cve/CVE-2024-42246/ SUSE CVE CVE-2024-42246 page https://www.suse.com/security/cve/CVE-2024-42259/ SUSE CVE CVE-2024-42259 page https://www.suse.com/security/cve/CVE-2024-42271/ SUSE CVE CVE-2024-42271 page https://www.suse.com/security/cve/CVE-2024-42280/ SUSE CVE CVE-2024-42280 page https://www.suse.com/security/cve/CVE-2024-42281/ SUSE CVE CVE-2024-42281 page https://www.suse.com/security/cve/CVE-2024-42284/ SUSE CVE CVE-2024-42284 page https://www.suse.com/security/cve/CVE-2024-42285/ SUSE CVE CVE-2024-42285 page https://www.suse.com/security/cve/CVE-2024-42286/ SUSE CVE CVE-2024-42286 page https://www.suse.com/security/cve/CVE-2024-42287/ SUSE CVE CVE-2024-42287 page https://www.suse.com/security/cve/CVE-2024-42288/ SUSE CVE CVE-2024-42288 page https://www.suse.com/security/cve/CVE-2024-42289/ SUSE CVE CVE-2024-42289 page https://www.suse.com/security/cve/CVE-2024-42301/ SUSE CVE CVE-2024-42301 page https://www.suse.com/security/cve/CVE-2024-42309/ SUSE CVE CVE-2024-42309 page https://www.suse.com/security/cve/CVE-2024-42310/ SUSE CVE CVE-2024-42310 page https://www.suse.com/security/cve/CVE-2024-42312/ SUSE CVE CVE-2024-42312 page https://www.suse.com/security/cve/CVE-2024-42322/ SUSE CVE CVE-2024-42322 page https://www.suse.com/security/cve/CVE-2024-43819/ SUSE CVE CVE-2024-43819 page https://www.suse.com/security/cve/CVE-2024-43831/ SUSE CVE CVE-2024-43831 page https://www.suse.com/security/cve/CVE-2024-43839/ SUSE CVE CVE-2024-43839 page https://www.suse.com/security/cve/CVE-2024-43853/ SUSE CVE CVE-2024-43853 page https://www.suse.com/security/cve/CVE-2024-43854/ SUSE CVE CVE-2024-43854 page https://www.suse.com/security/cve/CVE-2024-43856/ SUSE CVE CVE-2024-43856 page https://www.suse.com/security/cve/CVE-2024-43861/ SUSE CVE CVE-2024-43861 page https://www.suse.com/security/cve/CVE-2024-43863/ SUSE CVE CVE-2024-43863 page https://www.suse.com/security/cve/CVE-2024-43866/ SUSE CVE CVE-2024-43866 page https://www.suse.com/security/cve/CVE-2024-43871/ SUSE CVE CVE-2024-43871 page https://www.suse.com/security/cve/CVE-2024-43872/ SUSE CVE CVE-2024-43872 page https://www.suse.com/security/cve/CVE-2024-43879/ SUSE CVE CVE-2024-43879 page https://www.suse.com/security/cve/CVE-2024-43882/ SUSE CVE CVE-2024-43882 page https://www.suse.com/security/cve/CVE-2024-43883/ SUSE CVE CVE-2024-43883 page https://www.suse.com/security/cve/CVE-2024-43892/ SUSE CVE CVE-2024-43892 page https://www.suse.com/security/cve/CVE-2024-43893/ SUSE CVE CVE-2024-43893 page https://www.suse.com/security/cve/CVE-2024-43900/ SUSE CVE CVE-2024-43900 page https://www.suse.com/security/cve/CVE-2024-43902/ SUSE CVE CVE-2024-43902 page https://www.suse.com/security/cve/CVE-2024-43905/ SUSE CVE CVE-2024-43905 page https://www.suse.com/security/cve/CVE-2024-43907/ SUSE CVE CVE-2024-43907 page SUSE Linux Enterprise Real Time 12 SP5 cluster-md-kmp-rt-4.12.14-10.200.1 cluster-md-kmp-rt_debug-4.12.14-10.200.1 dlm-kmp-rt-4.12.14-10.200.1 dlm-kmp-rt_debug-4.12.14-10.200.1 gfs2-kmp-rt-4.12.14-10.200.1 gfs2-kmp-rt_debug-4.12.14-10.200.1 kernel-devel-rt-4.12.14-10.200.1 kernel-rt-4.12.14-10.200.1 kernel-rt-base-4.12.14-10.200.1 kernel-rt-devel-4.12.14-10.200.1 kernel-rt-extra-4.12.14-10.200.1 kernel-rt-kgraft-devel-4.12.14-10.200.1 kernel-rt_debug-4.12.14-10.200.1 kernel-rt_debug-base-4.12.14-10.200.1 kernel-rt_debug-devel-4.12.14-10.200.1 kernel-rt_debug-extra-4.12.14-10.200.1 kernel-rt_debug-kgraft-devel-4.12.14-10.200.1 kernel-source-rt-4.12.14-10.200.1 kernel-syms-rt-4.12.14-10.200.1 kselftests-kmp-rt-4.12.14-10.200.1 kselftests-kmp-rt_debug-4.12.14-10.200.1 ocfs2-kmp-rt-4.12.14-10.200.1 ocfs2-kmp-rt_debug-4.12.14-10.200.1 cluster-md-kmp-rt-4.12.14-10.200.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 dlm-kmp-rt-4.12.14-10.200.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 gfs2-kmp-rt-4.12.14-10.200.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-devel-rt-4.12.14-10.200.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-rt-4.12.14-10.200.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-rt-base-4.12.14-10.200.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-rt-devel-4.12.14-10.200.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-rt_debug-4.12.14-10.200.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-rt_debug-devel-4.12.14-10.200.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-source-rt-4.12.14-10.200.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 kernel-syms-rt-4.12.14-10.200.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 ocfs2-kmp-rt-4.12.14-10.200.1 as a component of SUSE Linux Enterprise Real Time 12 SP5 In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as there is no sysret PV hypercall defined. So instead of testing all the prerequisites for doing a sysret and then mangling the stack for Xen PV again for doing an iret just use the iret exit from the beginning. This can easily be done via an ALTERNATIVE like it is done for the sysenter compat case already. It should be noted that this drops the optimization in Xen for not restoring a few registers when returning to user mode, but it seems as if the saved instructions in the kernel more than compensate for this drop (a kernel build in a Xen PV guest was slightly faster with this patch applied). While at it remove the stale sysret32 remnants. [ pawan: Brad Spengler and Salvatore Bonaccorso <carnil@debian.org> reported a problem with the 5.10 backport commit edc702b4a820 ("x86/entry_64: Add VERW just before userspace transition"). When CONFIG_PARAVIRT_XXL=y, CLEAR_CPU_BUFFERS is not executed in syscall_return_via_sysret path as USERGS_SYSRET64 is runtime patched to: .cpu_usergs_sysret64 = { 0x0f, 0x01, 0xf8, 0x48, 0x0f, 0x07 }, // swapgs; sysretq which is missing CLEAR_CPU_BUFFERS. It turns out dropping USERGS_SYSRET64 simplifies the code, allowing CLEAR_CPU_BUFFERS to be explicitly added to syscall_return_via_sysret path. Below is with CONFIG_PARAVIRT_XXL=y and this patch applied: syscall_return_via_sysret: ... <+342>: swapgs <+345>: xchg %ax,%ax <+347>: verw -0x1a2(%rip) <------ <+354>: sysretq ] CVE-2021-4440 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2021-4440.html CVE-2021-4440 https://bugzilla.suse.com/1227069 SUSE Bug 1227069 In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type. CVE-2021-47257 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2021-47257.html CVE-2021-47257 https://bugzilla.suse.com/1224896 SUSE Bug 1224896 In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting in for_each_acpi_dev_match()") started doing "acpi_dev_put()" on a pointer that was possibly NULL. That fails miserably, because that helper inline function is not set up to handle that case. Just make acpi_dev_put() silently accept a NULL pointer, rather than calling down to put_device() with an invalid offset off that NULL pointer. CVE-2021-47289 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2021-47289.html CVE-2021-47289 https://bugzilla.suse.com/1224984 SUSE Bug 1224984 In the Linux kernel, the following vulnerability has been resolved: KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0x7c/0x1ec arch/arm64/kvm/../../../virt/kvm/coalesced_mmio.c:183 Read of size 8 at addr ffff0000c03a2500 by task syz-executor083/4269 CPU: 5 PID: 4269 Comm: syz-executor083 Not tainted 5.10.0 #7 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x0/0x2d0 arch/arm64/kernel/stacktrace.c:132 show_stack+0x28/0x34 arch/arm64/kernel/stacktrace.c:196 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x110/0x164 lib/dump_stack.c:118 print_address_description+0x78/0x5c8 mm/kasan/report.c:385 __kasan_report mm/kasan/report.c:545 [inline] kasan_report+0x148/0x1e4 mm/kasan/report.c:562 check_memory_region_inline mm/kasan/generic.c:183 [inline] __asan_load8+0xb4/0xbc mm/kasan/generic.c:252 kvm_vm_ioctl_unregister_coalesced_mmio+0x7c/0x1ec arch/arm64/kvm/../../../virt/kvm/coalesced_mmio.c:183 kvm_vm_ioctl+0xe30/0x14c4 arch/arm64/kvm/../../../virt/kvm/kvm_main.c:3755 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __arm64_sys_ioctl+0xf88/0x131c fs/ioctl.c:739 __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline] invoke_syscall arch/arm64/kernel/syscall.c:48 [inline] el0_svc_common arch/arm64/kernel/syscall.c:158 [inline] do_el0_svc+0x120/0x290 arch/arm64/kernel/syscall.c:220 el0_svc+0x1c/0x28 arch/arm64/kernel/entry-common.c:367 el0_sync_handler+0x98/0x170 arch/arm64/kernel/entry-common.c:383 el0_sync+0x140/0x180 arch/arm64/kernel/entry.S:670 Allocated by task 4269: stack_trace_save+0x80/0xb8 kernel/stacktrace.c:121 kasan_save_stack mm/kasan/common.c:48 [inline] kasan_set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc+0xdc/0x120 mm/kasan/common.c:461 kasan_kmalloc+0xc/0x14 mm/kasan/common.c:475 kmem_cache_alloc_trace include/linux/slab.h:450 [inline] kmalloc include/linux/slab.h:552 [inline] kzalloc include/linux/slab.h:664 [inline] kvm_vm_ioctl_register_coalesced_mmio+0x78/0x1cc arch/arm64/kvm/../../../virt/kvm/coalesced_mmio.c:146 kvm_vm_ioctl+0x7e8/0x14c4 arch/arm64/kvm/../../../virt/kvm/kvm_main.c:3746 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __arm64_sys_ioctl+0xf88/0x131c fs/ioctl.c:739 __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline] invoke_syscall arch/arm64/kernel/syscall.c:48 [inline] el0_svc_common arch/arm64/kernel/syscall.c:158 [inline] do_el0_svc+0x120/0x290 arch/arm64/kernel/syscall.c:220 el0_svc+0x1c/0x28 arch/arm64/kernel/entry-common.c:367 el0_sync_handler+0x98/0x170 arch/arm64/kernel/entry-common.c:383 el0_sync+0x140/0x180 arch/arm64/kernel/entry.S:670 Freed by task 4269: stack_trace_save+0x80/0xb8 kernel/stacktrace.c:121 kasan_save_stack mm/kasan/common.c:48 [inline] kasan_set_track+0x38/0x6c mm/kasan/common.c:56 kasan_set_free_info+0x20/0x40 mm/kasan/generic.c:355 __kasan_slab_free+0x124/0x150 mm/kasan/common.c:422 kasan_slab_free+0x10/0x1c mm/kasan/common.c:431 slab_free_hook mm/slub.c:1544 [inline] slab_free_freelist_hook mm/slub.c:1577 [inline] slab_free mm/slub.c:3142 [inline] kfree+0x104/0x38c mm/slub.c:4124 coalesced_mmio_destructor+0x94/0xa4 arch/arm64/kvm/../../../virt/kvm/coalesced_mmio.c:102 kvm_iodevice_destructor include/kvm/iodev.h:61 [inline] kvm_io_bus_unregister_dev+0x248/0x280 arch/arm64/kvm/../../../virt/kvm/kvm_main.c:4374 kvm_vm_ioctl_unregister_coalesced_mmio+0x158/0x1ec arch/arm64/kvm/../../../virt/kvm/coalesced_mmio.c:186 kvm_vm_ioctl+0xe30/0x14c4 arch/arm64/kvm/../../../virt/kvm/kvm_main.c:3755 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __arm64_sys_ioctl+0xf88/0x131c fs/ioctl.c:739 __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline] invoke_syscall arch/arm64/kernel/sys ---truncated--- CVE-2021-47341 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2021-47341.html CVE-2021-47341 https://bugzilla.suse.com/1224923 SUSE Bug 1224923 In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Fix potential VPE leak on error In its_vpe_irq_domain_alloc, when its_vpe_init() returns an error, there is an off-by-one in the number of VPEs to be freed. Fix it by simply passing the number of VPEs allocated, which is the index of the loop iterating over the VPEs. [maz: fixed commit message] CVE-2021-47373 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2021-47373.html CVE-2021-47373 https://bugzilla.suse.com/1225190 SUSE Bug 1225190 In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: fix resource leak in reconfiguration device addition acpi_i2c_find_adapter_by_handle() calls bus_find_device() which takes a reference on the adapter which is never released which will result in a reference count leak and render the adapter unremovable. Make sure to put the adapter after creating the client in the same manner that we do for OF. [wsa: fixed title] CVE-2021-47425 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2021-47425.html CVE-2021-47425 https://bugzilla.suse.com/1225223 SUSE Bug 1225223 In the Linux kernel, the following vulnerability has been resolved: sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl When the `rmmod sata_fsl.ko` command is executed in the PPC64 GNU/Linux, a bug is reported: ================================================================== BUG: Unable to handle kernel data access on read at 0x80000800805b502c Oops: Kernel access of bad area, sig: 11 [#1] NIP [c0000000000388a4] .ioread32+0x4/0x20 LR [80000000000c6034] .sata_fsl_port_stop+0x44/0xe0 [sata_fsl] Call Trace: .free_irq+0x1c/0x4e0 (unreliable) .ata_host_stop+0x74/0xd0 [libata] .release_nodes+0x330/0x3f0 .device_release_driver_internal+0x178/0x2c0 .driver_detach+0x64/0xd0 .bus_remove_driver+0x70/0xf0 .driver_unregister+0x38/0x80 .platform_driver_unregister+0x14/0x30 .fsl_sata_driver_exit+0x18/0xa20 [sata_fsl] .__se_sys_delete_module+0x1ec/0x2d0 .system_call_exception+0xfc/0x1f0 system_call_common+0xf8/0x200 ================================================================== The triggering of the BUG is shown in the following stack: driver_detach device_release_driver_internal __device_release_driver drv->remove(dev) --> platform_drv_remove/platform_remove drv->remove(dev) --> sata_fsl_remove iounmap(host_priv->hcr_base); <---- unmap kfree(host_priv); <---- free devres_release_all release_nodes dr->node.release(dev, dr->data) --> ata_host_stop ap->ops->port_stop(ap) --> sata_fsl_port_stop ioread32(hcr_base + HCONTROL) <---- UAF host->ops->host_stop(host) The iounmap(host_priv->hcr_base) and kfree(host_priv) functions should not be executed in drv->remove. These functions should be executed in host_stop after port_stop. Therefore, we move these functions to the new function sata_fsl_host_stop and bind the new function to host_stop. CVE-2021-47549 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2021-47549.html CVE-2021-47549 https://bugzilla.suse.com/1225508 SUSE Bug 1225508 https://bugzilla.suse.com/1227654 SUSE Bug 1227654 In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smc_setsockopt() and it is caused by accessing smc->clcsock after clcsock was released. BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 50309 Comm: nginx Kdump: loaded Tainted: G E 5.16.0-rc4+ #53 RIP: 0010:smc_setsockopt+0x59/0x280 [smc] Call Trace: <TASK> __sys_setsockopt+0xfc/0x190 __x64_sys_setsockopt+0x20/0x30 do_syscall_64+0x34/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f16ba83918e </TASK> This patch tries to fix it by holding clcsock_release_lock and checking whether clcsock has already been released before access. In case that a crash of the same reason happens in smc_getsockopt() or smc_switch_to_fallback(), this patch also checkes smc->clcsock in them too. And the caller of smc_switch_to_fallback() will identify whether fallback succeeds according to the return value. CVE-2022-48751 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48751.html CVE-2022-48751 https://bugzilla.suse.com/1226653 SUSE Bug 1226653 In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports [0] that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to QueryVariableInfo(), which we did not use to call on Apple x86 machines in the past as they only upgraded from EFI v1.10 to EFI v2.40 firmware fairly recently, and QueryVariableInfo() (along with UpdateCapsule() et al) was added in EFI v2.00. The only runtime service introduced in EFI v2.00 that we actually use in Linux is QueryVariableInfo(), as the capsule based ones are optional, generally not used at runtime (all the LVFS/fwupd firmware update infrastructure uses helper EFI programs that invoke capsule update at boot time, not runtime), and not implemented by Apple machines in the first place. QueryVariableInfo() is used to 'safely' set variables, i.e., only when there is enough space. This prevents machines with buggy firmwares from corrupting their NVRAMs when they run out of space. Given that Apple machines have been using EFI v1.10 services only for the longest time (the EFI v2.0 spec was released in 2006, and Linux support for the newly introduced runtime services was added in 2011, but the MacbookPro12,1 released in 2015 still claims to be EFI v1.10 only), let's avoid the EFI v2.0 ones on all Apple x86 machines. [0] https://lore.kernel.org/all/6D757C75-65B1-468B-842D-10410081A8E4@live.com/ CVE-2022-48769 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48769.html CVE-2022-48769 https://bugzilla.suse.com/1226629 SUSE Bug 1226629 In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsock_connect() expects that the socket could already be in the TCP_ESTABLISHED state when the connecting task wakes up with a signal pending. If this happens the socket will be in the connected table, and it is not removed when the socket state is reset. In this situation it's common for the process to retry connect(), and if the connection is successful the socket will be added to the connected table a second time, corrupting the list. Prevent this by calling vsock_remove_connected() if a signal is received while waiting for a connection. This is harmless if the socket is not in the connected table, and if it is in the table then removing it will prevent list corruption from a double add. Note for backporting: this patch requires d5afa82c977e ("vsock: correct removal of socket from the list"), which is in all current stable trees except 4.9.y. CVE-2022-48786 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48786.html CVE-2022-48786 https://bugzilla.suse.com/1227996 SUSE Bug 1227996 In the Linux kernel, the following vulnerability has been resolved: usb: f_fs: Fix use-after-free for epfile Consider a case where ffs_func_eps_disable is called from ffs_func_disable as part of composition switch and at the same time ffs_epfile_release get called from userspace. ffs_epfile_release will free up the read buffer and call ffs_data_closed which in turn destroys ffs->epfiles and mark it as NULL. While this was happening the driver has already initialized the local epfile in ffs_func_eps_disable which is now freed and waiting to acquire the spinlock. Once spinlock is acquired the driver proceeds with the stale value of epfile and tries to free the already freed read buffer causing use-after-free. Following is the illustration of the race: CPU1 CPU2 ffs_func_eps_disable epfiles (local copy) ffs_epfile_release ffs_data_closed if (last file closed) ffs_data_reset ffs_data_clear ffs_epfiles_destroy spin_lock dereference epfiles Fix this races by taking epfiles local copy & assigning it under spinlock and if epfiles(local) is null then update it in ffs->epfiles then finally destroy it. Extending the scope further from the race, protecting the ep related structures, and concurrent accesses. CVE-2022-48822 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48822.html CVE-2022-48822 https://bugzilla.suse.com/1228040 SUSE Bug 1228040 https://bugzilla.suse.com/1228136 SUSE Bug 1228136 In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel panic when enabling bearer When enabling a bearer on a node, a kernel panic is observed: [ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc] ... [ 4.520030] Call Trace: [ 4.520689] <IRQ> [ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc] [ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc] [ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc] [ 4.525292] tipc_rcv+0x5da/0x730 [tipc] [ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0 [ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc] [ 4.528737] __netif_receive_skb_list_core+0x20b/0x260 [ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0 [ 4.531450] ? dev_gro_receive+0x4c2/0x680 [ 4.532512] napi_complete_done+0x6f/0x180 [ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net] ... The node in question is receiving activate messages in another thread after changing bearer status to allow message sending/ receiving in current thread: thread 1 | thread 2 -------- | -------- | tipc_enable_bearer() | test_and_set_bit_lock() | tipc_bearer_xmit_skb() | | tipc_l2_rcv_msg() | tipc_rcv() | __tipc_node_link_up() | tipc_link_build_state_msg() | tipc_link_build_proto_msg() | tipc_mon_prep() | { | ... | // null-pointer dereference | u16 gen = mon->dom_gen; | ... | } // Not being executed yet | tipc_mon_create() | { | ... | // allocate | mon = kzalloc(); | ... | } | Monitoring pointer in thread 2 is dereferenced before monitoring data is allocated in thread 1. This causes kernel panic. This commit fixes it by allocating the monitoring data before enabling the bearer to receive messages. CVE-2022-48865 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48865.html CVE-2022-48865 https://bugzilla.suse.com/1228065 SUSE Bug 1228065 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthentication is ongoing. Here a trace triggering the race with the hostapd test multi_ap_fronthaul_on_ap: (gdb) list *drv_ampdu_action+0x46 0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396). 391 int ret = -EOPNOTSUPP; 392 393 might_sleep(); 394 395 sdata = get_bss_sdata(sdata); 396 if (!check_sdata_in_driver(sdata)) 397 return -EIO; 398 399 trace_drv_ampdu_action(local, sdata, params); 400 wlan0: moving STA 02:00:00:00:03:00 to state 3 wlan0: associated wlan0: deauthenticating from 02:00:00:00:03:00 by local choice (Reason: 3=DEAUTH_LEAVING) wlan3.sta1: Open BA session requested for 02:00:00:00:00:00 tid 0 wlan3.sta1: dropped frame to 02:00:00:00:00:00 (unauthorized port) wlan0: moving STA 02:00:00:00:03:00 to state 2 wlan0: moving STA 02:00:00:00:03:00 to state 1 wlan0: Removed STA 02:00:00:00:03:00 wlan0: Destroyed STA 02:00:00:00:03:00 BUG: unable to handle page fault for address: fffffffffffffb48 PGD 11814067 P4D 11814067 PUD 11816067 PMD 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted: G W 6.1.0-rc8-wt+ #59 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 Workqueue: phy3 ieee80211_ba_session_work [mac80211] RIP: 0010:drv_ampdu_action+0x46/0x280 [mac80211] Code: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 eb 10 0e 00 00 <8b> 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85 RSP: 0018:ffffc900025ebd20 EFLAGS: 00010287 RAX: 0000000000000000 RBX: fffffffffffff1f0 RCX: ffff888102228240 RDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40 RBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888118c18ec0 R13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8 FS: 0000000000000000(0000) GS:ffff88817a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0 Call Trace: <TASK> ieee80211_tx_ba_session_handle_start+0xd0/0x190 [mac80211] ieee80211_ba_session_work+0xff/0x2e0 [mac80211] process_one_work+0x29f/0x620 worker_thread+0x4d/0x3d0 ? process_one_work+0x620/0x620 kthread+0xfb/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 </TASK> CVE-2022-48875 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48875.html CVE-2022-48875 https://bugzilla.suse.com/1229516 SUSE Bug 1229516 In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pci_get_domain_bus_and_slot() says, it returns a PCI device with refcount incremented, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). In ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii(), pci_dev_put() is called to avoid leak. CVE-2022-48896 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48896.html CVE-2022-48896 https://bugzilla.suse.com/1229540 SUSE Bug 1229540 In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference. For that reason, dropping the handle's reference must be done *after* we are done dereferencing the object. CVE-2022-48899 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48899.html CVE-2022-48899 https://bugzilla.suse.com/1229536 SUSE Bug 1229536 In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. CVE-2022-48905 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48905.html CVE-2022-48905 https://bugzilla.suse.com/1229604 SUSE Bug 1229604 In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ensure we call ipv6_mc_down() at most once There are two reasons for addrconf_notify() to be called with NETDEV_DOWN: either the network device is actually going down, or IPv6 was disabled on the interface. If either of them stays down while the other is toggled, we repeatedly call the code for NETDEV_DOWN, including ipv6_mc_down(), while never calling the corresponding ipv6_mc_up() in between. This will cause a new entry in idev->mc_tomb to be allocated for each multicast group the interface is subscribed to, which in turn leaks one struct ifmcaddr6 per nontrivial multicast group the interface is subscribed to. The following reproducer will leak at least $n objects: ip addr add ff2e::4242/32 dev eth0 autojoin sysctl -w net.ipv6.conf.eth0.disable_ipv6=1 for i in $(seq 1 $n); do ip link set up eth0; ip link set down eth0 done Joining groups with IPV6_ADD_MEMBERSHIP (unprivileged) or setting the sysctl net.ipv6.conf.eth0.forwarding to 1 (=> subscribing to ff02::2) can also be used to create a nontrivial idev->mc_list, which will the leak objects with the right up-down-sequence. Based on both sources for NETDEV_DOWN events the interface IPv6 state should be considered: - not ready if the network interface is not ready OR IPv6 is disabled for it - ready if the network interface is ready AND IPv6 is enabled for it The functions ipv6_mc_up() and ipv6_down() should only be run when this state changes. Implement this by remembering when the IPv6 state is ready, and only run ipv6_mc_down() if it actually changed from ready to not ready. The other direction (not ready -> ready) already works correctly, as: - the interface notification triggered codepath for NETDEV_UP / NETDEV_CHANGE returns early if ipv6 is disabled, and - the disable_ipv6=0 triggered codepath skips fully initializing the interface as long as addrconf_link_ready(dev) returns false - calling ipv6_mc_up() repeatedly does not leak anything CVE-2022-48910 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48910.html CVE-2022-48910 https://bugzilla.suse.com/1229632 SUSE Bug 1229632 In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free the context. In this situation we should not proceed to enter the out: section in cifs_smb3_do_mount() and free the same resources a second time. [Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0 [Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4 [Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019 [Thu Feb 10 12:59:06 2022] Call Trace: [Thu Feb 10 12:59:06 2022] <IRQ> [Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78 [Thu Feb 10 12:59:06 2022] print_address_description.constprop.0+0x24/0x150 [Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] kasan_report.cold+0x7d/0x117 [Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] __asan_load8+0x86/0xa0 [Thu Feb 10 12:59:06 2022] rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] rcu_core+0x547/0xca0 [Thu Feb 10 12:59:06 2022] ? call_rcu+0x3c0/0x3c0 [Thu Feb 10 12:59:06 2022] ? __this_cpu_preempt_check+0x13/0x20 [Thu Feb 10 12:59:06 2022] ? lock_is_held_type+0xea/0x140 [Thu Feb 10 12:59:06 2022] rcu_core_si+0xe/0x10 [Thu Feb 10 12:59:06 2022] __do_softirq+0x1d4/0x67b [Thu Feb 10 12:59:06 2022] __irq_exit_rcu+0x100/0x150 [Thu Feb 10 12:59:06 2022] irq_exit_rcu+0xe/0x30 [Thu Feb 10 12:59:06 2022] sysvec_hyperv_stimer0+0x9d/0xc0 ... [Thu Feb 10 12:59:07 2022] Freed by task 58179: [Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 [Thu Feb 10 12:59:07 2022] kasan_set_track+0x25/0x30 [Thu Feb 10 12:59:07 2022] kasan_set_free_info+0x24/0x40 [Thu Feb 10 12:59:07 2022] ____kasan_slab_free+0x137/0x170 [Thu Feb 10 12:59:07 2022] __kasan_slab_free+0x12/0x20 [Thu Feb 10 12:59:07 2022] slab_free_freelist_hook+0xb3/0x1d0 [Thu Feb 10 12:59:07 2022] kfree+0xcd/0x520 [Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0x149/0xbe0 [cifs] [Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] [Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 [Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 [Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210 [Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 [Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae [Thu Feb 10 12:59:07 2022] Last potentially related work creation: [Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 [Thu Feb 10 12:59:07 2022] __kasan_record_aux_stack+0xb6/0xc0 [Thu Feb 10 12:59:07 2022] kasan_record_aux_stack_noalloc+0xb/0x10 [Thu Feb 10 12:59:07 2022] call_rcu+0x76/0x3c0 [Thu Feb 10 12:59:07 2022] cifs_umount+0xce/0xe0 [cifs] [Thu Feb 10 12:59:07 2022] cifs_kill_sb+0xc8/0xe0 [cifs] [Thu Feb 10 12:59:07 2022] deactivate_locked_super+0x5d/0xd0 [Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0xab9/0xbe0 [cifs] [Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] [Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 [Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 [Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210 [Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 [Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae CVE-2022-48919 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48919.html CVE-2022-48919 https://bugzilla.suse.com/1229657 SUSE Bug 1229657 https://bugzilla.suse.com/1229660 SUSE Bug 1229660 In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from __writeback_inodes_sb_nr(): $ cat fs/fs-writeback.c: (...) static void __writeback_inodes_sb_nr(struct super_block *sb, ... { (...) WARN_ON(!rwsem_is_locked(&sb->s_umount)); (...) } (...) The trace produced in dmesg looks like the following: [947.473890] WARNING: CPU: 5 PID: 930 at fs/fs-writeback.c:2610 __writeback_inodes_sb_nr+0x7e/0xb3 [947.481623] Modules linked in: nfsd nls_cp437 cifs asn1_decoder cifs_arc4 fscache cifs_md4 ipmi_ssif [947.489571] CPU: 5 PID: 930 Comm: btrfs-transacti Not tainted 95.16.3-srb-asrock-00001-g36437ad63879 #186 [947.497969] RIP: 0010:__writeback_inodes_sb_nr+0x7e/0xb3 [947.502097] Code: 24 10 4c 89 44 24 18 c6 (...) [947.519760] RSP: 0018:ffffc90000777e10 EFLAGS: 00010246 [947.523818] RAX: 0000000000000000 RBX: 0000000000963300 RCX: 0000000000000000 [947.529765] RDX: 0000000000000000 RSI: 000000000000fa51 RDI: ffffc90000777e50 [947.535740] RBP: ffff888101628a90 R08: ffff888100955800 R09: ffff888100956000 [947.541701] R10: 0000000000000002 R11: 0000000000000001 R12: ffff888100963488 [947.547645] R13: ffff888100963000 R14: ffff888112fb7200 R15: ffff888100963460 [947.553621] FS: 0000000000000000(0000) GS:ffff88841fd40000(0000) knlGS:0000000000000000 [947.560537] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [947.565122] CR2: 0000000008be50c4 CR3: 000000000220c000 CR4: 00000000001006e0 [947.571072] Call Trace: [947.572354] <TASK> [947.573266] btrfs_commit_transaction+0x1f1/0x998 [947.576785] ? start_transaction+0x3ab/0x44e [947.579867] ? schedule_timeout+0x8a/0xdd [947.582716] transaction_kthread+0xe9/0x156 [947.585721] ? btrfs_cleanup_transaction.isra.0+0x407/0x407 [947.590104] kthread+0x131/0x139 [947.592168] ? set_kthread_struct+0x32/0x32 [947.595174] ret_from_fork+0x22/0x30 [947.597561] </TASK> [947.598553] ---[ end trace 644721052755541c ]--- This is because we started using writeback_inodes_sb() to flush delalloc when committing a transaction (when using -o flushoncommit), in order to avoid deadlocks with filesystem freeze operations. This change was made by commit ce8ea7cc6eb313 ("btrfs: don't call btrfs_start_delalloc_roots in flushoncommit"). After that change we started producing that warning, and every now and then a user reports this since the warning happens too often, it spams dmesg/syslog, and a user is unsure if this reflects any problem that might compromise the filesystem's reliability. We can not just lock the sb->s_umount semaphore before calling writeback_inodes_sb(), because that would at least deadlock with filesystem freezing, since at fs/super.c:freeze_super() sync_filesystem() is called while we are holding that semaphore in write mode, and that can trigger a transaction commit, resulting in a deadlock. It would also trigger the same type of deadlock in the unmount path. Possibly, it could also introduce some other locking dependencies that lockdep would report. To fix this call try_to_writeback_inodes_sb() instead of writeback_inodes_sb(), because that will try to read lock sb->s_umount and then will only call writeback_inodes_sb() if it was able to lock it. This is fine because the cases where it can't read lock sb->s_umount are during a filesystem unmount or during a filesystem freeze - in those cases sb->s_umount is write locked and sync_filesystem() is called, which calls writeback_inodes_sb(). In other words, in all cases where we can't take a read lock on sb->s_umount, writeback is already being triggered elsewhere. An alternative would be to call btrfs_start_delalloc_roots() with a number of pages different from LONG_MAX, for example matching the number of delalloc bytes we currently have, in ---truncated--- CVE-2022-48920 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48920.html CVE-2022-48920 https://bugzilla.suse.com/1229658 SUSE Bug 1229658 In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immediately fail and no change to global state should happen. However, it unconditionally overwrites the src_addr trying to build a temporary any address. For instance if the state is already RDMA_CM_LISTEN then this will corrupt the src_addr and would cause the test in cma_cancel_operation(): if (cma_any_addr(cma_src_addr(id_priv)) && !id_priv->cma_dev) Which would manifest as this trace from syzkaller: BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0 lib/list_debug.c:26 Read of size 8 at addr ffff8881546491e0 by task syz-executor.1/32204 CPU: 1 PID: 32204 Comm: syz-executor.1 Not tainted 5.12.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:232 __kasan_report mm/kasan/report.c:399 [inline] kasan_report.cold+0x7c/0xd8 mm/kasan/report.c:416 __list_add_valid+0x93/0xa0 lib/list_debug.c:26 __list_add include/linux/list.h:67 [inline] list_add_tail include/linux/list.h:100 [inline] cma_listen_on_all drivers/infiniband/core/cma.c:2557 [inline] rdma_listen+0x787/0xe00 drivers/infiniband/core/cma.c:3751 ucma_listen+0x16a/0x210 drivers/infiniband/core/ucma.c:1102 ucma_write+0x259/0x350 drivers/infiniband/core/ucma.c:1732 vfs_write+0x28e/0xa30 fs/read_write.c:603 ksys_write+0x1ee/0x250 fs/read_write.c:658 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae This is indicating that an rdma_id_private was destroyed without doing cma_cancel_listens(). Instead of trying to re-use the src_addr memory to indirectly create an any address derived from the dst build one explicitly on the stack and bind to that as any other normal flow would do. rdma_bind_addr() will copy it over the src_addr once it knows the state is valid. This is similar to commit bc0bdc5afaa7 ("RDMA/cma: Do not change route.addr.src_addr.ss_family") CVE-2022-48925 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48925.html CVE-2022-48925 https://bugzilla.suse.com/1229630 SUSE Bug 1229630 In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync() CVE-2022-48930 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48930.html CVE-2022-48930 https://bugzilla.suse.com/1229624 SUSE Bug 1229624 In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes add or delete list concurrently. Some unfortunate interleavings of them can cause kernel panic. One of cases is: A --> B --> C --> D A <-- B <-- C <-- D delete list_head *B | delete list_head *C --------------------------------|----------------------------------- configfs_unregister_subsystem | configfs_unregister_subsystem unlink_group | unlink_group unlink_obj | unlink_obj list_del_init | list_del_init __list_del_entry | __list_del_entry __list_del | __list_del // next == C | next->prev = prev | | next->prev = prev prev->next = next | | // prev == B | prev->next = next Fix this by adding mutex when calling link_group() or unlink_group(), but parent configfs_subsystem is NULL when config_item is root. So I create a mutex configfs_subsystem_mutex. CVE-2022-48931 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48931.html CVE-2022-48931 https://bugzilla.suse.com/1229623 SUSE Bug 1229623 In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the sanity check. Both offset and offset + len need to be checked in such a manner that no overflow can occur. And those quantities should be unsigned. CVE-2022-48938 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2022-48938.html CVE-2022-48938 https://bugzilla.suse.com/1229664 SUSE Bug 1229664 In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_spi: fix error handling in mmc_spi_probe() If mmc_add_host() fails, it doesn't need to call mmc_remove_host(), or it will cause null-ptr-deref, because of deleting a not added device in mmc_remove_host(). To fix this, goto label 'fail_glue_init', if mmc_add_host() fails, and change the label 'fail_add_host' to 'fail_gpiod_request'. CVE-2023-52708 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2023-52708.html CVE-2023-52708 https://bugzilla.suse.com/1225483 SUSE Bug 1225483 In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstore access layer") added a new get_variable call with attr=NULL, which triggers panic in gsmi. CVE-2023-52893 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2023-52893.html CVE-2023-52893 https://bugzilla.suse.com/1229535 SUSE Bug 1229535 In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an invalid endpoint. Fix this by using xhci_get_virt_ep() helper to find the endpoint and checking if the endpoint is valid before dereferencing it. [233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead [233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8 [233311.853964] pc : xhci_hc_died+0x10c/0x270 [233311.853971] lr : xhci_hc_died+0x1ac/0x270 [233311.854077] Call trace: [233311.854085] xhci_hc_died+0x10c/0x270 [233311.854093] xhci_stop_endpoint_command_watchdog+0x100/0x1a4 [233311.854105] call_timer_fn+0x50/0x2d4 [233311.854112] expire_timers+0xac/0x2e4 [233311.854118] run_timer_softirq+0x300/0xabc [233311.854127] __do_softirq+0x148/0x528 [233311.854135] irq_exit+0x194/0x1a8 [233311.854143] __handle_domain_irq+0x164/0x1d0 [233311.854149] gic_handle_irq.22273+0x10c/0x188 [233311.854156] el1_irq+0xfc/0x1a8 [233311.854175] lpm_cpuidle_enter+0x25c/0x418 [msm_pm] [233311.854185] cpuidle_enter_state+0x1f0/0x764 [233311.854194] do_idle+0x594/0x6ac [233311.854201] cpu_startup_entry+0x7c/0x80 [233311.854209] secondary_start_kernel+0x170/0x198 CVE-2023-52901 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2023-52901.html CVE-2023-52901 https://bugzilla.suse.com/1229531 SUSE Bug 1229531 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb. Its callback frees the skb data in pn533_send_async_complete() that is used as a transfer buffer of out_urb. Wait before sending in_urb until the callback of out_urb is called. To modify the callback of out_urb alone, separate the complete function of out_urb and ack_urb. Found by a modified version of syzkaller. BUG: KASAN: use-after-free in dummy_timer Call Trace: memcpy (mm/kasan/shadow.c:65) dummy_perform_transfer (drivers/usb/gadget/udc/dummy_hcd.c:1352) transfer (drivers/usb/gadget/udc/dummy_hcd.c:1453) dummy_timer (drivers/usb/gadget/udc/dummy_hcd.c:1972) arch_static_branch (arch/x86/include/asm/jump_label.h:27) static_key_false (include/linux/jump_label.h:207) timer_expire_exit (include/trace/events/timer.h:127) call_timer_fn (kernel/time/timer.c:1475) expire_timers (kernel/time/timer.c:1519) __run_timers (kernel/time/timer.c:1790) run_timer_softirq (kernel/time/timer.c:1803) CVE-2023-52907 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2023-52907.html CVE-2023-52907 https://bugzilla.suse.com/1229526 SUSE Bug 1229526 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this rather than having incorrect ratelimit. CVE-2024-26668 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-26668.html CVE-2024-26668 https://bugzilla.suse.com/1222335 SUSE Bug 1222335 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference. CVE-2024-26677 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-26677.html CVE-2024-26677 https://bugzilla.suse.com/1222387 SUSE Bug 1222387 In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL context through the SET_IRQS ioctl or through unmask irqfd if the device interrupt is pending. Ideally this could be solved with some additional locking; the igate mutex serializes the ioctl and config space accesses, and the interrupt handler is unregistered relative to the trigger, but the irqfd path runs asynchronous to those. The igate mutex cannot be acquired from the atomic context of the eventfd wake function. Disabling the irqfd relative to the eventfd registration is potentially incompatible with existing userspace. As a result, the solution implemented here moves configuration of the INTx interrupt handler to track the lifetime of the INTx context object and irq_type configuration, rather than registration of a particular trigger eventfd. Synchronization is added between the ioctl path and eventfd_signal() wrapper such that the eventfd trigger can be dynamically updated relative to in-flight interrupts or irqfd callbacks. CVE-2024-26812 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-26812.html CVE-2024-26812 https://bugzilla.suse.com/1222808 SUSE Bug 1222808 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: Add protection for bmp length out of range UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts that are out of bounds for their data type. vmlinux get_bitmap(b=75) + 712 <net/netfilter/nf_conntrack_h323_asn1.c:0> vmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956 <net/netfilter/nf_conntrack_h323_asn1.c:592> vmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216 <net/netfilter/nf_conntrack_h323_asn1.c:814> vmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812 <net/netfilter/nf_conntrack_h323_asn1.c:576> vmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216 <net/netfilter/nf_conntrack_h323_asn1.c:814> vmlinux DecodeRasMessage() + 304 <net/netfilter/nf_conntrack_h323_asn1.c:833> vmlinux ras_help() + 684 <net/netfilter/nf_conntrack_h323_main.c:1728> vmlinux nf_confirm() + 188 <net/netfilter/nf_conntrack_proto.c:137> Due to abnormal data in skb->data, the extension bitmap length exceeds 32 when decoding ras message then uses the length to make a shift operation. It will change into negative after several loop. UBSAN load could detect a negative shift as an undefined behaviour and reports exception. So we add the protection to avoid the length exceeding 32. Or else it will return out of range error and stop decoding. CVE-2024-26851 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-26851.html CVE-2024-26851 https://bugzilla.suse.com/1223074 SUSE Bug 1223074 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak in map from abort path The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abort path could result in restoring twice the refcount of the mapping. Check for inactive element in the next generation for the delete element command in the abort path, skip restoring state if next generation bit has been already cleared. This is similar to the activate logic using the set walk iterator. [ 6170.286929] ------------[ cut here ]------------ [ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.287071] Modules linked in: [...] [ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365 [ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f [ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202 [ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000 [ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750 [ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55 [ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10 [ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100 [ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000 [ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0 [ 6170.287962] Call Trace: [ 6170.287967] <TASK> [ 6170.287973] ? __warn+0x9f/0x1a0 [ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288092] ? report_bug+0x1b1/0x1e0 [ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288092] ? report_bug+0x1b1/0x1e0 [ 6170.288104] ? handle_bug+0x3c/0x70 [ 6170.288112] ? exc_invalid_op+0x17/0x40 [ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20 [ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables] [ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables] [ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables] CVE-2024-27011 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-27011.html CVE-2024-27011 https://bugzilla.suse.com/1223803 SUSE Bug 1223803 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet syzbot reported the following uninit-value access issue [1][2]: nci_rx_work() parses and processes received packet. When the payload length is zero, each message type handler reads uninitialized payload and KMSAN detects this issue. The receipt of a packet with a zero-size payload is considered unexpected, and therefore, such packets should be silently discarded. This patch resolved this issue by checking payload size before calling each message type handler codes. CVE-2024-35915 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-35915.html CVE-2024-35915 https://bugzilla.suse.com/1224479 SUSE Bug 1224479 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fix null ptr deref in btintel_read_version If hci_cmd_sync_complete() is triggered and skb is NULL, then hdev->req_skb is NULL, which will cause this issue. CVE-2024-35933 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-35933.html CVE-2024-35933 https://bugzilla.suse.com/1224640 SUSE Bug 1224640 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data. CVE-2024-35965 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-35965.html CVE-2024-35965 https://bugzilla.suse.com/1224579 SUSE Bug 1224579 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect mutex_lock(&conn->chan_lock); | chan = pchan->ops->new_connection(pchan); <- alloc chan | __l2cap_chan_add(conn, chan); | l2cap_chan_hold(chan); | list_add(&chan->list, &conn->chan_l); ... (1) mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free [free] l2cap_conn_del mutex_lock(&conn->chan_lock); | foreach chan in conn->chan_l: ... (2) | l2cap_chan_put(chan); | l2cap_chan_destroy | kfree(chan) ... (3) <- chan freed mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311 CVE-2024-36013 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-36013.html CVE-2024-36013 https://bugzilla.suse.com/1225578 SUSE Bug 1225578 In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [..] RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62 Call Trace: nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline] nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168 __in_dev_get_rcu() can return NULL, so check for this. CVE-2024-36270 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-36270.html CVE-2024-36270 https://bugzilla.suse.com/1226798 SUSE Bug 1226798 In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted net/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor.4/13427: #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline] #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471 #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline] #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172 stack backtrace: CPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712 nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline] nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397 nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline] instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172 rcu_do_batch kernel/rcu/tree.c:2196 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471 handle_softirqs+0x2d6/0x990 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 </IRQ> <TASK> CVE-2024-36286 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-36286.html CVE-2024-36286 https://bugzilla.suse.com/1226801 SUSE Bug 1226801 In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to an unexpected RCU stall, where the callback repeatedly queuing the expire update, as reported by fuzzer. This patch introduces a sanity check of the timer start tick time, so that the system returns an error when a too small start size is set. As of this patch, the lower limit is hard-coded to 100us, which is small enough but can still work somehow. CVE-2024-38618 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-38618.html CVE-2024-38618 https://bugzilla.suse.com/1226754 SUSE Bug 1226754 In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don't intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. From now on only BPF programs which were previously allowed to update sockmap/sockhash can delete from these map types. CVE-2024-38662 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-38662.html CVE-2024-38662 https://bugzilla.suse.com/1226885 SUSE Bug 1226885 In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6_hmac_exit to only free the memory when allocated, so we can reuse the code directly. CVE-2024-39489 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-39489.html CVE-2024-39489 https://bugzilla.suse.com/1227623 SUSE Bug 1227623 In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid "Info: mapping multiple BARs. Your kernel is fine.""). The initial purpose of this commit was to stop memory mappings for operation regions from overlapping page boundaries, as it can trigger warnings if different page attributes are present. However, it was found that when this situation arises, mapping continues until the boundary's end, but there is still an attempt to read/write the entire length of the map, leading to a NULL pointer deference. For example, if a four-byte mapping request is made but only one byte is mapped because it hits the current page boundary's end, a four-byte read/write attempt is still made, resulting in a NULL pointer deference. Instead, map the entire length, as the ACPI specification does not mandate that it must be within the same page boundary. It is permissible for it to be mapped across different regions. CVE-2024-40984 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-40984.html CVE-2024-40984 https://bugzilla.suse.com/1227820 SUSE Bug 1227820 In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. Separately, posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush(). CVE-2024-41012 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-41012.html CVE-2024-41012 https://bugzilla.suse.com/1228247 SUSE Bug 1228247 In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. CVE-2024-41016 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-41016.html CVE-2024-41016 https://bugzilla.suse.com/1228410 SUSE Bug 1228410 In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normal version, and the version for 64-bit offsets on 32-bit kernels. Thanks to Greg KH for stumbling over this while doing the stable backport... Apply exactly the same fix to the compat path for 32-bit kernels. CVE-2024-41020 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-41020.html CVE-2024-41020 https://bugzilla.suse.com/1228427 SUSE Bug 1228427 In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the Closes: tag below) caused by our assumption that the reserved bits in an endpoint descriptor's bEndpointAddress field will always be 0. As a result of the bug, the endpoint_is_duplicate() routine in config.c (and possibly other routines as well) may believe that two descriptors are for distinct endpoints, even though they have the same direction and endpoint number. This can lead to confusion, including the bug identified by syzbot (two descriptors with matching endpoint numbers and directions, where one was interrupt and the other was bulk). To fix the bug, we will clear the reserved bits in bEndpointAddress when we parse the descriptor. (Note that both the USB-2.0 and USB-3.1 specs say these bits are "Reserved, reset to zero".) This requires us to make a copy of the descriptor earlier in usb_parse_endpoint() and use the copy instead of the original when checking for duplicates. CVE-2024-41035 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-41035.html CVE-2024-41035 https://bugzilla.suse.com/1228485 SUSE Bug 1228485 In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ---- sock_close hci_rx_work l2cap_sock_release hci_acldata_packet l2cap_sock_kill l2cap_recv_frame sk_free l2cap_conless_channel l2cap_sock_recv_cb If hci_rx_work processes the data that needs to be received before the sock is closed, then everything is normal; Otherwise, the work thread may access the released sock when receiving data. Add a chan mutex in the rx callback of the sock to achieve synchronization between the sock release and recv cb. Sock is dead, so set chan data to NULL, avoid others use invalid sock pointer. CVE-2024-41062 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-41062.html CVE-2024-41062 https://bugzilla.suse.com/1228576 SUSE Bug 1228576 https://bugzilla.suse.com/1228578 SUSE Bug 1228578 In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix sclp_init() cleanup on failure If sclp_init() fails it only partially cleans up: if there are multiple failing calls to sclp_init() sclp_state_change_event will be added several times to sclp_reg_list, which results in the following warning: ------------[ cut here ]------------ list_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10. WARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3 Krnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8) R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 ... Call Trace: [<000003ffe0d6076a>] __list_add_valid_or_report+0xe2/0xf8 ([<000003ffe0d60766>] __list_add_valid_or_report+0xde/0xf8) [<000003ffe0a8d37e>] sclp_init+0x40e/0x450 [<000003ffe00009f2>] do_one_initcall+0x42/0x1e0 [<000003ffe15b77a6>] do_initcalls+0x126/0x150 [<000003ffe15b7a0a>] kernel_init_freeable+0x1ba/0x1f8 [<000003ffe0d6650e>] kernel_init+0x2e/0x180 [<000003ffe000301c>] __ret_from_fork+0x3c/0x60 [<000003ffe0d759ca>] ret_from_fork+0xa/0x30 Fix this by removing sclp_state_change_event from sclp_reg_list when sclp_init() fails. CVE-2024-41068 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-41068.html CVE-2024-41068 https://bugzilla.suse.com/1228579 SUSE Bug 1228579 In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_out label, which will call devres_release_group(). devres_release_group() will trigger a call to ata_host_release(). ata_host_release() calls kfree(host), so executing the kfree(host) in ata_host_alloc() will lead to a double free: kernel BUG at mm/slub.c:553! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 RIP: 0010:kfree+0x2cf/0x2f0 Code: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da RSP: 0018:ffffc90000f377f0 EFLAGS: 00010246 RAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320 RDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0 RBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780 R13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006 FS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x6a/0x90 ? kfree+0x2cf/0x2f0 ? exc_invalid_op+0x50/0x70 ? kfree+0x2cf/0x2f0 ? asm_exc_invalid_op+0x1a/0x20 ? ata_host_alloc+0xf5/0x120 [libata] ? ata_host_alloc+0xf5/0x120 [libata] ? kfree+0x2cf/0x2f0 ata_host_alloc+0xf5/0x120 [libata] ata_host_alloc_pinfo+0x14/0xa0 [libata] ahci_init_one+0x6c9/0xd20 [ahci] Ensure that we will not call kfree(host) twice, by performing the kfree() only if the devres_open_group() call failed. CVE-2024-41087 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-41087.html CVE-2024-41087 https://bugzilla.suse.com/1228466 SUSE Bug 1228466 https://bugzilla.suse.com/1228740 SUSE Bug 1228740 In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacru_bind() Syzbot is still reporting quite an old issue [1] that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting stage which in turn triggers a warning in usb_submit_urb(). Fix the issue by verifying that required endpoint types are present for both in and out endpoints, taking into account cmd endpoint type. Unfortunately, this patch has not been tested on real hardware. [1] Syzbot report: usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 Modules linked in: CPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 ... Call Trace: cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649 cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760 cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209 usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055 cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:517 [inline] really_probe+0x23c/0xcd0 drivers/base/dd.c:595 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427 __device_attach+0x228/0x4a0 drivers/base/dd.c:965 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487 device_add+0xc2f/0x2180 drivers/base/core.c:3354 usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293 CVE-2024-41097 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-41097.html CVE-2024-41097 https://bugzilla.suse.com/1228513 SUSE Bug 1228513 In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error If the ata_port_alloc() call in ata_host_alloc() fails, ata_host_release() will get called. However, the code in ata_host_release() tries to free ata_port struct members unconditionally, which can lead to the following: BUG: unable to handle page fault for address: 0000000000003990 PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10.0-rc5 #44 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 RIP: 0010:ata_host_release.cold+0x2f/0x6e [libata] Code: e4 4d 63 f4 44 89 e2 48 c7 c6 90 ad 32 c0 48 c7 c7 d0 70 33 c0 49 83 c6 0e 41 RSP: 0018:ffffc90000ebb968 EFLAGS: 00010246 RAX: 0000000000000041 RBX: ffff88810fb52e78 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff88813b3218c0 RDI: ffff88813b3218c0 RBP: ffff88810fb52e40 R08: 0000000000000000 R09: 6c65725f74736f68 R10: ffffc90000ebb738 R11: 73692033203a746e R12: 0000000000000004 R13: 0000000000000000 R14: 0000000000000011 R15: 0000000000000006 FS: 00007f6cc55b9980(0000) GS:ffff88813b300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000003990 CR3: 00000001122a2000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2f0 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? ata_host_release.cold+0x2f/0x6e [libata] ? ata_host_release.cold+0x2f/0x6e [libata] release_nodes+0x35/0xb0 devres_release_group+0x113/0x140 ata_host_alloc+0xed/0x120 [libata] ata_host_alloc_pinfo+0x14/0xa0 [libata] ahci_init_one+0x6c9/0xd20 [ahci] Do not access ata_port struct members unconditionally. CVE-2024-41098 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-41098.html CVE-2024-41098 https://bugzilla.suse.com/1228467 SUSE Bug 1228467 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not take into account that the IO could be arbitrarily large and can contain arbitrary number of extents. Extent tree manipulations do often extend the current transaction but not in all of the cases. For example if we have only single block extents in the tree, ocfs2_mark_extent_written() will end up calling ocfs2_replace_extent_rec() all the time and we will never extend the current transaction and eventually exhaust all the transaction credits if the IO contains many single block extents. Once that happens a WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to this error. This was actually triggered by one of our customers on a heavily fragmented OCFS2 filesystem. To fix the issue make sure the transaction always has enough credits for one extent insert before each call of ocfs2_mark_extent_written(). Heming Zhao said: ------ PANIC: "Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error" PID: xxx TASK: xxxx CPU: 5 COMMAND: "SubmitThread-CA" #0 machine_kexec at ffffffff8c069932 #1 __crash_kexec at ffffffff8c1338fa #2 panic at ffffffff8c1d69b9 #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2] #4 __ocfs2_abort at ffffffffc0c88387 [ocfs2] #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2] #6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2] #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2] #8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2] #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2] #10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2] #11 dio_complete at ffffffff8c2b9fa7 #12 do_blockdev_direct_IO at ffffffff8c2bc09f #13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2] #14 generic_file_direct_write at ffffffff8c1dcf14 #15 __generic_file_write_iter at ffffffff8c1dd07b #16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2] #17 aio_write at ffffffff8c2cc72e #18 kmem_cache_alloc at ffffffff8c248dde #19 do_io_submit at ffffffff8c2ccada #20 do_syscall_64 at ffffffff8c004984 #21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba CVE-2024-42077 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42077.html CVE-2024-42077 https://bugzilla.suse.com/1228516 SUSE Bug 1228516 In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __mem_id_init_hash_table() returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtable_init() fails when some fields of rhashtable_params struct are not initialized properly. The second case cannot happen since there is a static const rhashtable_params struct with valid fields. So, warning is only triggered when there is a problem with memory allocation. Thus, there is no sense in using WARN() to handle this error and it can be safely removed. WARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 CPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 Call Trace: xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344 xdp_test_run_setup net/bpf/test_run.c:188 [inline] bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Found by Linux Verification Center (linuxtesting.org) with syzkaller. CVE-2024-42082 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42082.html CVE-2024-42082 https://bugzilla.suse.com/1228482 SUSE Bug 1228482 In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER In create_pinctrl(), pinctrl_maps_mutex is acquired before calling add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl() calls pinctrl_free(). However, pinctrl_free() attempts to acquire pinctrl_maps_mutex, which is already held by create_pinctrl(), leading to a potential deadlock. This patch resolves the issue by releasing pinctrl_maps_mutex before calling pinctrl_free(), preventing the deadlock. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. CVE-2024-42090 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42090.html CVE-2024-42090 https://bugzilla.suse.com/1228449 SUSE Bug 1228449 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. CVE-2024-42101 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42101.html CVE-2024-42101 https://bugzilla.suse.com/1228495 SUSE Bug 1228495 In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. This field corresponds to the sdiag_raw_protocol field in struct inet_diag_req_raw. inet_diag_get_exact_compat() converts inet_diag_req to inet_diag_req_v2, but leaves the pad field uninitialized. So the issue occurs when raw_lookup() accesses the sdiag_raw_protocol field. Fix this by initializing the pad field in inet_diag_get_exact_compat(). Also, do the same fix in inet_diag_dump_compat() to avoid the similar issue in the future. [1] BUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline] BUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_lookup net/ipv4/raw_diag.c:49 [inline] raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639 __sys_sendmsg net/socket.c:2668 [inline] __do_sys_sendmsg net/socket.c:2677 [inline] __se_sys_sendmsg net/socket.c:2675 [inline] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639 __sys_sendmsg net/socket.c:2668 [inline] __do_sys_sendmsg net/socket.c:2677 [inline] __se_sys_sendmsg net/socket.c:2675 [inline] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable req.i created at: inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline] inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 CPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 CVE-2024-42106 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42106.html CVE-2024-42106 https://bugzilla.suse.com/1228493 SUSE Bug 1228493 In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA) dmanegine as the data mover for ntb_transport that ntb_netdev uses. [74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526 [74412.556784] caller is netif_rx_internal+0x42/0x130 [74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5 [74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024 [74412.581699] Call Trace: [74412.584514] <TASK> [74412.586933] dump_stack_lvl+0x55/0x70 [74412.591129] check_preemption_disabled+0xc8/0xf0 [74412.596374] netif_rx_internal+0x42/0x130 [74412.600957] __netif_rx+0x20/0xd0 [74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev] [74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport] [74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport] [74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd] [74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd] [74412.634046] irq_thread_fn+0x21/0x60 [74412.638134] ? irq_thread+0xa8/0x290 [74412.642218] irq_thread+0x1a0/0x290 [74412.646212] ? __pfx_irq_thread_fn+0x10/0x10 [74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10 [74412.656117] ? __pfx_irq_thread+0x10/0x10 [74412.660686] kthread+0x100/0x130 [74412.664384] ? __pfx_kthread+0x10/0x10 [74412.668639] ret_from_fork+0x31/0x50 [74412.672716] ? __pfx_kthread+0x10/0x10 [74412.676978] ret_from_fork_asm+0x1a/0x30 [74412.681457] </TASK> The cause is due to the idxd driver interrupt completion handler uses threaded interrupt and the threaded handler is not hard or soft interrupt context. However __netif_rx() can only be called from interrupt context. Change the call to netif_rx() in order to allow completion via normal context for dmaengine drivers that utilize threaded irq handling. While the following commit changed from netif_rx() to __netif_rx(), baebdf48c360 ("net: dev: Makes sure netif_rx() can be invoked in any context."), the change should've been a noop instead. However, the code precedes this fix should've been using netif_rx_ni() or netif_rx_any_context(). CVE-2024-42110 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42110.html CVE-2024-42110 https://bugzilla.suse.com/1228501 SUSE Bug 1228501 In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equal to FP_SB_MAX_E1x using the num_queues module parameter. Currently there is a read/write out of bounds that occurs on the array "struct stats_query_entry query" present inside the "bnx2x_fw_stats_req" struct in "drivers/net/ethernet/broadcom/bnx2x/bnx2x.h". Looking at the definition of the "struct stats_query_entry query" array: struct stats_query_entry query[FP_SB_MAX_E1x+ BNX2X_FIRST_QUEUE_QUERY_IDX]; FP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and has a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3 meaning the array has a total size of 19. Since accesses to "struct stats_query_entry query" are offset-ted by BNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet queues should not exceed FP_SB_MAX_E1x (16). However one of these queues is reserved for FCOE and thus the number of Ethernet queues should be set to [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if it is not. This is also described in a comment in the source code in drivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition of FP_SB_MAX_E1x. Below is the part of this explanation that it important for this patch /* * The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is * control by the number of fast-path status blocks supported by the * device (HW/FW). Each fast-path status block (FP-SB) aka non-default * status block represents an independent interrupts context that can * serve a regular L2 networking queue. However special L2 queues such * as the FCoE queue do not require a FP-SB and other components like * the CNIC may consume FP-SB reducing the number of possible L2 queues * * If the maximum number of FP-SB available is X then: * a. If CNIC is supported it consumes 1 FP-SB thus the max number of * regular L2 queues is Y=X-1 * b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor) * c. If the FCoE L2 queue is supported the actual number of L2 queues * is Y+1 * d. The number of irqs (MSIX vectors) is either Y+1 (one extra for * slow-path interrupts) or Y+2 if CNIC is supported (one additional * FP interrupt context for the CNIC). * e. The number of HW context (CID count) is always X or X+1 if FCoE * L2 queue is supported. The cid for the FCoE L2 queue is always X. */ However this driver also supports NICs that use the E2 controller which can handle more queues due to having more FP-SB represented by FP_SB_MAX_E2. Looking at the commits when the E2 support was added, it was originally using the E1x parameters: commit f2e0899f0f27 ("bnx2x: Add 57712 support"). Back then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver was later updated to take full advantage of the E2 instead of having it be limited to the capabilities of the E1x. But as far as we can tell, the array "stats_query_entry query" was still limited to using the FP-SB available to the E1x cards as part of an oversignt when the driver was updated to take full advantage of the E2, and now with the driver being aware of the greater queue size supported by E2 NICs, it causes the UBSAN warnings seen in the stack traces below. This patch increases the size of the "stats_query_entry query" array by replacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle both types of NICs. Stack traces: UBSAN: array-index-out-of-bounds in drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11 index 20 is out of range for type 'stats_query_entry [19]' CPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic #202405052133 Hardware name: HP ProLiant DL360 Gen9/ProLiant DL360 ---truncated--- CVE-2024-42148 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42148.html CVE-2024-42148 https://bugzilla.suse.com/1228487 SUSE Bug 1228487 In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copies of protected- or secure-keys from stack, even in case of an error. CVE-2024-42155 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42155.html CVE-2024-42155 https://bugzilla.suse.com/1228733 SUSE Bug 1228733 In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails. CVE-2024-42157 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42157.html CVE-2024-42157 https://bugzilla.suse.com/1228727 SUSE Bug 1228727 In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770) CVE-2024-42158 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42158.html CVE-2024-42158 https://bugzilla.suse.com/1228720 SUSE Bug 1228720 In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for a subset of queues. Without this change, gve_get_ethtool_stats might make an invalid access on the priv->stats_report->stats array. CVE-2024-42162 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42162.html CVE-2024-42162 https://bugzilla.suse.com/1228706 SUSE Bug 1228706 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-42226 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42226.html CVE-2024-42226 https://bugzilla.suse.com/1228709 SUSE Bug 1228709 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate value of 0xffffffff.(Christian) CVE-2024-42228 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42228.html CVE-2024-42228 https://bugzilla.suse.com/1228667 SUSE Bug 1228667 In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs -- __close_session() doesn't mess with the delayed work in order to avoid interfering with the hunting interval logic. This part was missed in commit b5d91704f53e ("libceph: behave in mon_fault() if cur_mon < 0") and use-after-free can still ensue on monc and objects that hang off of it, with monc->auth and monc->monmap being particularly susceptible to quickly being reused. To fix this: - clear monc->cur_mon and monc->hunting as part of closing the session in ceph_monc_stop() - bail from delayed_work() if monc->cur_mon is cleared, similar to how it's done in mon_fault() and finish_hunting() (based on monc->hunting) - call cancel_delayed_work_sync() after the session is closed CVE-2024-42232 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42232.html CVE-2024-42232 https://bugzilla.suse.com/1228959 SUSE Bug 1228959 https://bugzilla.suse.com/1229458 SUSE Bug 1229458 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == '\n') followed closely by an OOB write in the form `str[0 - 1] = '\0'`. There is already a validating check to catch strings that are too long. Let's supply an additional check for invalid strings that are too short. CVE-2024-42236 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42236.html CVE-2024-42236 https://bugzilla.suse.com/1228964 SUSE Bug 1228964 In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in #DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set then entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the clear_bhb_loop() before the TF flag is cleared. This causes the #DB handler (exc_debug_kernel()) to issue a warning because single-step is used outside the entry_SYSENTER_compat() function. To address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY after making sure the TF flag is cleared. The problem can be reproduced with the following sequence: $ cat sysenter_step.c int main() { asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); } $ gcc -o sysenter_step sysenter_step.c $ ./sysenter_step Segmentation fault (core dumped) The program is expected to crash, and the #DB handler will issue a warning. Kernel log: WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160 ... RIP: 0010:exc_debug_kernel+0xd2/0x160 ... Call Trace: <#DB> ? show_regs+0x68/0x80 ? __warn+0x8c/0x140 ? exc_debug_kernel+0xd2/0x160 ? report_bug+0x175/0x1a0 ? handle_bug+0x44/0x90 ? exc_invalid_op+0x1c/0x70 ? asm_exc_invalid_op+0x1f/0x30 ? exc_debug_kernel+0xd2/0x160 exc_debug+0x43/0x50 asm_exc_debug+0x1e/0x40 RIP: 0010:clear_bhb_loop+0x0/0xb0 ... </#DB> <TASK> ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d </TASK> [ bp: Massage commit message. ] CVE-2024-42240 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42240.html CVE-2024-42240 https://bugzilla.suse.com/1228966 SUSE Bug 1228966 In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011. Specifically, both port read URBs are now submitted on resume for open ports, but the context pointer of the second URB is left set to the core rather than mos7840 port structure. Fix this by implementing dedicated suspend and resume functions for mos7840. Tested with Delock 87414 USB 2.0 to 4x serial adapter. [ johan: analyse crash and rewrite commit message; set busy flag on resume; drop bulk-in check; drop unnecessary usb_kill_urb() ] CVE-2024-42244 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42244.html CVE-2024-42244 https://bugzilla.suse.com/1228967 SUSE Bug 1228967 In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket When using a BPF program on kernel_connect(), the call can return -EPERM. This causes xs_tcp_setup_socket() to loop forever, filling up the syslog and causing the kernel to potentially freeze up. Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN. ECONNREFUSED as error seems reasonable. For programs setting a different error can be out of reach (see handling in 4fbac77d2d09) in particular on kernels which do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean"), thus given that it is better to simply remap for consistent behavior. UDP does handle EPERM in xs_udp_send_request(). CVE-2024-42246 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42246.html CVE-2024-42246 https://bugzilla.suse.com/1228989 SUSE Bug 1228989 In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cause page fault access. Fix the calculation of the starting and ending addresses, the total size is now deduced from the difference between the end and start addresses. Additionally, the calculations have been rewritten in a clearer and more understandable form. [Joonas: Add Requires: tag] Requires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset") (cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417) CVE-2024-42259 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42259.html CVE-2024-42259 https://bugzilla.suse.com/1229156 SUSE Bug 1229156 In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path (or it is already removed / never existed). This needs to be done with atomic compare and swap, otherwise there is a small window where iucv_sock_close() will try to work with a path that has already been severed and freed by iucv_callback_connrej() called by iucv_tasklet_fn(). Example: [452744.123844] Call Trace: [452744.123845] ([<0000001e87f03880>] 0x1e87f03880) [452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x138 [452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv] [452744.124336] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv] [452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv] [452744.124345] [<00000000d574794e>] __sock_release+0x5e/0xe8 [452744.124815] [<00000000d5747a0c>] sock_close+0x34/0x48 [452744.124820] [<00000000d5421642>] __fput+0xba/0x268 [452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0 [452744.124832] [<00000000d5145710>] do_notify_resume+0x88/0x90 [452744.124841] [<00000000d5978096>] system_call+0xe2/0x2c8 [452744.125319] Last Breaking-Event-Address: [452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138 [452744.125324] [452744.125325] Kernel panic - not syncing: Fatal exception in interrupt Note that bh_lock_sock() is not serializing the tasklet context against process context, because the check for sock_owned_by_user() and corresponding handling is missing. Ideas for a future clean-up patch: A) Correct usage of bh_lock_sock() in tasklet context, as described in Re-enqueue, if needed. This may require adding return values to the tasklet functions and thus changes to all users of iucv. B) Change iucv tasklet into worker and use only lock_sock() in af_iucv. CVE-2024-42271 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42271.html CVE-2024-42271 https://bugzilla.suse.com/1229400 SUSE Bug 1229400 https://bugzilla.suse.com/1229401 SUSE Bug 1229401 In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix a use after free in hfcmulti_tx() Don't dereference *sp after calling dev_kfree_skb(*sp). CVE-2024-42280 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42280.html CVE-2024-42280 https://bugzilla.suse.com/1229388 SUSE Bug 1229388 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2]. CVE-2024-42281 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42281.html CVE-2024-42281 https://bugzilla.suse.com/1229386 SUSE Bug 1229386 In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address. CVE-2024-42284 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42284.html CVE-2024-42284 https://bugzilla.suse.com/1229382 SUSE Bug 1229382 In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct rdma_id_private after all pending work has finished. CVE-2024-42285 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42285.html CVE-2024-42285 https://bugzilla.suse.com/1229381 SUSE Bug 1229381 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvme_local_port correctly The driver load failed with error message, qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef and with a kernel crash, BUG: unable to handle kernel NULL pointer dereference at 0000000000000070 Workqueue: events_unbound qla_register_fcport_fn [qla2xxx] RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc] RSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000 RDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000 RBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030 R10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4 R13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8 FS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0 Call Trace: qla_nvme_register_remote+0xeb/0x1f0 [qla2xxx] ? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx] qla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx] qla_register_fcport_fn+0x54/0xc0 [qla2xxx] Exit the qla_nvme_register_remote() function when qla_nvme_register_hba() fails and correctly validate nvme_local_port. CVE-2024-42286 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42286.html CVE-2024-42286 https://bugzilla.suse.com/1229395 SUSE Bug 1229395 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT_RT SMP NOPTI RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0 RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034 R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000 FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x16f/0x4a0 ? do_user_addr_fault+0x174/0x7f0 ? exc_page_fault+0x69/0x1a0 ? asm_exc_page_fault+0x22/0x30 ? dma_direct_unmap_sg+0x51/0x1e0 ? preempt_count_sub+0x96/0xe0 qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx] qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx] __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx] The command completion was done early while aborting the commands in driver unload path but outside lock to avoid the WARN_ON condition of performing dma_free_attr within the lock. However this caused race condition while command completion via multiple paths causing system crash. Hence complete the command early in unload path but within the lock to avoid race condition. CVE-2024-42287 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42287.html CVE-2024-42287 https://bugzilla.suse.com/1229392 SUSE Bug 1229392 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB CVE-2024-42288 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42288.html CVE-2024-42288 https://bugzilla.suse.com/1229398 SUSE Bug 1229398 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but I/Os could not complete while vport delete is in process of deleting. BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI Workqueue: qla2xxx_wq qla_do_work [qla2xxx] RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0 RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8 R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0 Call Trace: <TASK> qla2xxx_qpair_sp_free_dma+0x417/0x4e0 ? qla2xxx_qpair_sp_compl+0x10d/0x1a0 ? qla2x00_status_entry+0x768/0x2830 ? newidle_balance+0x2f0/0x430 ? dequeue_entity+0x100/0x3c0 ? qla24xx_process_response_queue+0x6a1/0x19e0 ? __schedule+0x2d5/0x1140 ? qla_do_work+0x47/0x60 ? process_one_work+0x267/0x440 ? process_one_work+0x440/0x440 ? worker_thread+0x2d/0x3d0 ? process_one_work+0x440/0x440 ? kthread+0x156/0x180 ? set_kthread_struct+0x50/0x50 ? ret_from_fork+0x22/0x30 </TASK> Send out async logout explicitly for all the ports during vport delete. CVE-2024-42289 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42289.html CVE-2024-42289 https://bugzilla.suse.com/1229399 SUSE Bug 1229399 In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I encountered during the actual issue: [ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport] [ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm: QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2 [ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp [ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024 [ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace: [ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0 [ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20 [ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c [ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc [ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38 [ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport] CVE-2024-42301 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42301.html CVE-2024-42301 https://bugzilla.suse.com/1229407 SUSE Bug 1229407 In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes In psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. CVE-2024-42309 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42309.html CVE-2024-42309 https://bugzilla.suse.com/1229359 SUSE Bug 1229359 In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. CVE-2024-42310 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42310.html CVE-2024-42310 https://bugzilla.suse.com/1229358 SUSE Bug 1229358 In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed. CVE-2024-42312 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42312.html CVE-2024-42312 https://bugzilla.suse.com/1229357 SUSE Bug 1229357 In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression CVE-2024-42322 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-42322.html CVE-2024-42322 https://bugzilla.suse.com/1229347 SUSE Bug 1229347 In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM. This is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and would thus result in a null pointer dereference further in. Memory management needs to be performed in userspace and using the ioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP. Also improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_MEMORY_REGION2. [frankja@linux.ibm.com: commit message spelling fix, subject prefix fix] CVE-2024-43819 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43819.html CVE-2024-43819 https://bugzilla.suse.com/1229290 SUSE Bug 1229290 In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use. CVE-2024-43831 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43831.html CVE-2024-43831 https://bugzilla.suse.com/1229309 SUSE Bug 1229309 In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used there. For '%d' specifiers, assume that they require: * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8 * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX is 16 And replace sprintf with snprintf. Detected using the static analysis tool - Svace. CVE-2024-43839 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43839.html CVE-2024-43839 https://bugzilla.suse.com/1229301 SUSE Bug 1229301 In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be reproduced by the following methods: 1.add an mdelay(1000) before acquiring the cgroup_lock In the cgroup_path_ns function. 2.$cat /proc/<pid>/cpuset repeatly. 3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/ $umount /sys/fs/cgroup/cpuset/ repeatly. The race that cause this bug can be shown as below: (umount) | (cat /proc/<pid>/cpuset) css_release | proc_cpuset_show css_release_work_fn | css = task_get_css(tsk, cpuset_cgrp_id); css_free_rwork_fn | cgroup_path_ns(css->cgroup, ...); cgroup_destroy_root | mutex_lock(&cgroup_mutex); rebind_subsystems | cgroup_free_root | | // cgrp was freed, UAF | cgroup_path_ns_locked(cgrp,..); When the cpuset is initialized, the root node top_cpuset.css.cgrp will point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will allocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated &cgroup_root.cgrp. When the umount operation is executed, top_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp. The problem is that when rebinding to cgrp_dfl_root, there are cases where the cgroup_root allocated by setting up the root for cgroup v1 is cached. This could lead to a Use-After-Free (UAF) if it is subsequently freed. The descendant cgroups of cgroup v1 can only be freed after the css is released. However, the css of the root will never be released, yet the cgroup_root should be freed when it is unmounted. This means that obtaining a reference to the css of the root does not guarantee that css.cgrp->root will not be freed. Fix this problem by using rcu_read_lock in proc_cpuset_show(). As cgroup_root is kfree_rcu after commit d23b5c577715 ("cgroup: Make operations on the cgroup root_list RCU safe"), css->cgroup won't be freed during the critical section. To call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to replace task_get_css with task_css. [1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd CVE-2024-43853 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43853.html CVE-2024-43853 https://bugzilla.suse.com/1229292 SUSE Bug 1229292 In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this is limited to the app tag that isn't used by kernel generated metadata, but for non-PI metadata the entire buffer leaks kernel memory. Fix this by adding the __GFP_ZERO flag to allocations for writes. CVE-2024-43854 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43854.html CVE-2024-43854 https://bugzilla.suse.com/1229345 SUSE Bug 1229345 In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and add it to the devres list. If this happens, there will be two entries in the devres list with the same vaddr and devres_destroy() can free the wrong entry, triggering the WARN_ON() in dmam_match. Fix by destroying the devres entry before freeing the DMA allocation. kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03 CVE-2024-43856 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43856.html CVE-2024-43856 https://bugzilla.suse.com/1229346 SUSE Bug 1229346 In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive. CVE-2024-43861 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43861.html CVE-2024-43861 https://bugzilla.suse.com/1229500 SUSE Bug 1229500 https://bugzilla.suse.com/1229553 SUSE Bug 1229553 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads. The fence destroy callback both deletes the fence and removes it from the list of pending fences, for which it holds a lock. dma buf polling cb unrefs a fence after it's been signaled: so the poll calls the wait, which signals the fences, which are being destroyed. The destruction tries to acquire the lock on the pending fences list which it can never get because it's held by the wait from which it was called. Old bug, but not a lot of userspace apps were using dma-buf polling interfaces. Fix those, in particular this fixes KDE stalls/deadlock. CVE-2024-43863 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43863.html CVE-2024-43863 https://bugzilla.suse.com/1229497 SUSE Bug 1229497 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always drain health in shutdown callback There is no point in recovery during device shutdown. if health work started need to wait for it to avoid races and NULL pointer access. Hence, drain health WQ on shutdown callback. CVE-2024-43866 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43866.html CVE-2024-43866 https://bugzilla.suse.com/1229495 SUSE Bug 1229495 In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu(). CVE-2024-43871 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43871.html CVE-2024-43871 https://bugzilla.suse.com/1229490 SUSE Bug 1229490 In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently. This may cause the CPU core staying in interrupt context too long and lead to soft lockup under heavy load. Handle CEQEs in BH workqueue and set an upper limit for the number of CEQE handled by a single call of work handler. CVE-2024-43872 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43872.html CVE-2024-43872 https://bugzilla.suse.com/1229489 SUSE Bug 1229489 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to below warning: kernel: invalid HE MCS: bw:6, ru:6 kernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211] Fix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth. CVE-2024-43879 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43879.html CVE-2024-43879 https://bugzilla.suse.com/1229482 SUSE Bug 1229482 In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much later in the execve() code path, the file metadata (specifically mode, uid, and gid) is used to determine if/how to set the uid and gid. However, those values may have changed since the permissions check, meaning the execution may gain unintended privileges. For example, if a file could change permissions from executable and not set-id: ---------x 1 root root 16048 Aug 7 13:16 target to set-id and non-executable: ---S------ 1 root root 16048 Aug 7 13:16 target it is possible to gain root privileges when execution should have been disallowed. While this race condition is rare in real-world scenarios, it has been observed (and proven exploitable) when package managers are updating the setuid bits of installed programs. Such files start with being world-executable but then are adjusted to be group-exec with a set-uid bit. For example, "chmod o-x,u+s target" makes "target" executable only by uid "root" and gid "cdrom", while also becoming setuid-root: -rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 target becomes: -rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target But racing the chmod means users without group "cdrom" membership can get the permission to execute "target" just before the chmod, and when the chmod finishes, the exec reaches brpm_fill_uid(), and performs the setuid to root, violating the expressed authorization of "only cdrom group members can setuid to root". Re-check that we still have execute permissions in case the metadata has changed. It would be better to keep a copy from the perm-check time, but until we can do that refactoring, the least-bad option is to do a full inode_permission() call (under inode lock). It is understood that this is safe against dead-locks, but hardly optimal. CVE-2024-43882 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43882.html CVE-2024-43882 https://bugzilla.suse.com/1229503 SUSE Bug 1229503 https://bugzilla.suse.com/1229504 SUSE Bug 1229504 In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speaking closes ZDI-CAN-22273, though there may be similar races in the driver. CVE-2024-43883 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43883.html CVE-2024-43883 https://bugzilla.suse.com/1229707 SUSE Bug 1229707 In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creation failures. It introduced IDR to maintain the memcg ID space. The IDR depends on external synchronization mechanisms for modifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace() happen within css callback and thus are protected through cgroup_mutex from concurrent modifications. However idr_remove() for mem_cgroup_idr was not protected against concurrency and can be run concurrently for different memcgs when they hit their refcnt to zero. Fix that. We have been seeing list_lru based kernel crashes at a low frequency in our fleet for a long time. These crashes were in different part of list_lru code including list_lru_add(), list_lru_del() and reparenting code. Upon further inspection, it looked like for a given object (dentry and inode), the super_block's list_lru didn't have list_lru_one for the memcg of that object. The initial suspicions were either the object is not allocated through kmem_cache_alloc_lru() or somehow memcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but returned success. No evidence were found for these cases. Looking more deeply, we started seeing situations where valid memcg's id is not present in mem_cgroup_idr and in some cases multiple valid memcgs have same id and mem_cgroup_idr is pointing to one of them. So, the most reasonable explanation is that these situations can happen due to race between multiple idr_remove() calls or race between idr_alloc()/idr_replace() and idr_remove(). These races are causing multiple memcgs to acquire the same ID and then offlining of one of them would cleanup list_lrus on the system for all of them. Later access from other memcgs to the list_lru cause crashes due to missing list_lru_one. CVE-2024-43892 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43892.html CVE-2024-43892 https://bugzilla.suse.com/1229761 SUSE Bug 1229761 In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor(). The check for uartclk being zero in uart_set_info() needs to be done before other settings are made as subsequent calls to ioctl TIOCSSERIAL for the same port would be impacted if the uartclk check was done where uartclk gets set. Oops: divide error: 0000 PREEMPT SMP KASAN PTI RIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580) Call Trace: <TASK> serial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576 drivers/tty/serial/8250/8250_port.c:2589) serial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502 drivers/tty/serial/8250/8250_port.c:2741) serial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862) uart_change_line_settings (./include/linux/spinlock.h:376 ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222) uart_port_startup (drivers/tty/serial/serial_core.c:342) uart_startup (drivers/tty/serial/serial_core.c:368) uart_set_info (drivers/tty/serial/serial_core.c:1034) uart_set_info_user (drivers/tty/serial/serial_core.c:1059) tty_set_serial (drivers/tty/tty_io.c:2637) tty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791) __x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907 fs/ioctl.c:893 fs/ioctl.c:893) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Rule: add CVE-2024-43893 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43893.html CVE-2024-43893 https://bugzilla.suse.com/1229759 SUSE Bug 1229759 In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struct tuner in tuner_probe(), and then the module initialization failed, the struct tuner was released. A worker which created during module initialization accesses this struct tuner later, it caused use-after-free. The process is as follows: task-6504 worker_thread tuner_probe <= alloc dvb_frontend [2] ... request_firmware_nowait <= create a worker ... tuner_remove <= free dvb_frontend ... request_firmware_work_func <= the firmware is ready load_firmware_cb <= but now the dvb_frontend has been freed To fix the issue, check the dvd_frontend in load_firmware_cb(), if it is null, report a warning and just return. [1]: ================================================================== BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0 Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504 Call trace: load_firmware_cb+0x1310/0x17a0 request_firmware_work_func+0x128/0x220 process_one_work+0x770/0x1824 worker_thread+0x488/0xea0 kthread+0x300/0x430 ret_from_fork+0x10/0x20 Allocated by task 6504: kzalloc tuner_probe+0xb0/0x1430 i2c_device_probe+0x92c/0xaf0 really_probe+0x678/0xcd0 driver_probe_device+0x280/0x370 __device_attach_driver+0x220/0x330 bus_for_each_drv+0x134/0x1c0 __device_attach+0x1f4/0x410 device_initial_probe+0x20/0x30 bus_probe_device+0x184/0x200 device_add+0x924/0x12c0 device_register+0x24/0x30 i2c_new_device+0x4e0/0xc44 v4l2_i2c_new_subdev_board+0xbc/0x290 v4l2_i2c_new_subdev+0xc8/0x104 em28xx_v4l2_init+0x1dd0/0x3770 Freed by task 6504: kfree+0x238/0x4e4 tuner_remove+0x144/0x1c0 i2c_device_remove+0xc8/0x290 __device_release_driver+0x314/0x5fc device_release_driver+0x30/0x44 bus_remove_device+0x244/0x490 device_del+0x350/0x900 device_unregister+0x28/0xd0 i2c_unregister_device+0x174/0x1d0 v4l2_device_unregister+0x224/0x380 em28xx_v4l2_init+0x1d90/0x3770 The buggy address belongs to the object at ffff8000d7ca2000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 776 bytes inside of 2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800) The buggy address belongs to the page: page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0 flags: 0x7ff800000000100(slab) raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== [2] Actually, it is allocated for struct tuner, and dvb_frontend is inside. CVE-2024-43900 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43900.html CVE-2024-43900 https://bugzilla.suse.com/1229756 SUSE Bug 1229756 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checker before passing variables Checks null pointer before passing variables to functions. This fixes 3 NULL_RETURNS issues reported by Coverity. CVE-2024-43902 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43902.html CVE-2024-43902 https://bugzilla.suse.com/1229767 SUSE Bug 1229767 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Check return value and conduct null pointer handling to avoid null pointer dereference. CVE-2024-43905 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43905.html CVE-2024-43905 https://bugzilla.suse.com/1229784 SUSE Bug 1229784 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Check the pointer value to fix potential null pointer dereference CVE-2024-43907 SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.200.1 SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/ https://www.suse.com/security/cve/CVE-2024-43907.html CVE-2024-43907 https://bugzilla.suse.com/1229787 SUSE Bug 1229787