Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3195-1 Final 1 1 2024-09-10T14:10:24Z current 2024-09-10T14:10:24Z 2024-09-10T14:10:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326). - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-43911: Fix NULL dereference at band check in starting tx ba session (bsc#1229827). - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808). - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2024-36881: Fix reset ptes when close() for wr-protected (bsc#1225718). - CVE-2024-42316: Fix div-by-zero in vmpressure_calc_level() (bsc#1229353). - CVE-2024-43855: Fix deadlock between mddev_suspend and flush bio (bsc#1229342). - CVE-2024-43864: Fix CT entry update leaks of modify header context (bsc#1229496). - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-42109: Unconditionally flush pending work before notifier (bsc#1228505). - CVE-2024-41084: Avoid null pointer dereference in region lookup (bsc#1228472). - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742). - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803). - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26809: Release elements in clone only from destroy path (bsc#1222633). - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-27433: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711). - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-40920: Fix suspicious rcu usage in br_mst_set_state (bsc#1227781). - CVE-2024-40921: Pass vlan group directly to br_mst_vlan_set_state (bsc#1227784). - CVE-2024-36979: Fix vlan use-after-free (bsc#1226604). - CVE-2024-26590: Fix inconsistent per-file compression format (bsc#1220252). - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2024-42270: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404). - CVE-2024-42269: Fix potential null-ptr-deref in ip6table_nat_table_init() (bsc#1229402). - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42290: Handle runtime power management correctly (bsc#1229379). - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287). - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-43850: Fix refcount imbalance seen during bwmon_remove (bsc#1229316). - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-26669: Fix chain template offload (bsc#1222350). - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-41050: Cyclic allocation of msg_id to avoid reuse (bsc#1228499). - CVE-2024-41051: Wait for ondemand_object_worker to finish when dropping object (bsc#1228468). - CVE-2024-41074: Set object to close if ondemand_id < 0 in copen (bsc#1228643). - CVE-2024-41075: Add consistency check for copen/cread (bsc#1228646). - CVE-2024-41012: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42159: Fix sanitise num_phys (bsc#1228754). - CVE-2024-42241: Disable PMD-sized page cache if needed (bsc#1228986). - CVE-2024-42245: Revert 'sched/fair: Make sure to try to detach at least one movable task' (bsc#1228978). - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-26837: Race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727). - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-40938: Fix d_parent walk (bsc#1227840). - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2024-41010: Fix too early release of tcx_entry (bsc#1228021). - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2024-42138: Fix double memory deallocation in case of invalid INI file (bsc#1228500). - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42139: Fix improper extts handling (bsc#1228503). - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42113: Initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568). - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42073: Fix memory corruptions on Spectrum-4 systems (bsc#1228457). - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-41000: Prefer different overflow check (bsc#1227867). - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-42161: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-41069: Fix route memory corruption (bsc#1228644). - CVE-2024-39506: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-42145: Implement a limit on UMAD receive List (bsc#1228743). - CVE-2024-40994: Fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-42124: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42096: Stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42224: Correct check for empty list (bsc#1228723). - CVE-2024-41048: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-40958: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40939: Fix tainted pointer delete is case of region creation fail (bsc#1227799). - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-41044: Reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41066: Add tx check to prevent skb leak (bsc#1228640). - CVE-2024-42093: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42122: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-41078: Fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-40989: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-41064: Avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41036: Fix deadlock with the SPI chip variant (bsc#1228496). - CVE-2024-41040: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-35949: Make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-41081: Block BH in ila_output() (bsc#1228617). - CVE-2024-41076: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-42079: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-41057: Fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41058: Fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41015: Add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-40956: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-27437: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-41032: Check if a hash-index is in cpu_possible_mask (bsc#1228460). - CVE-2024-40957: Fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811). - CVE-2024-41041: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-40954: Do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-42070: Fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-41070: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-40959: Check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-40909: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777). The following non-security bugs were fixed: - ACPI: battery: create alarm sysfs attribute atomically (stable-fixes). - ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes). - ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes). - afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes). - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes). - ALSA: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes). - ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes). - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes). - ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes). - ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes). - ALSA: hda/tas2781: Use correct endian conversion (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Skip event type filtering for UMP events (git-fixes). - ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes). - ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes). - ALSA: timer: Relax start tick time check for slave timer elements (git-fixes). - ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes). - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes). - apparmor: unpack transition table if dfa is not present (bsc#1226031). - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes) - arm64: barrier: Restore spec_bar() macro (git-fixes) - arm64: cputype: Add Cortex-A720 definitions (git-fixes) - arm64: cputype: Add Cortex-A725 definitions (git-fixes) - arm64: cputype: Add Cortex-X1C definitions (git-fixes) - arm64: cputype: Add Cortex-X3 definitions (git-fixes) - arm64: cputype: Add Cortex-X4 definitions (git-fixes) - arm64: cputype: Add Cortex-X925 definitions (git-fixes) - arm64: cputype: Add Neoverse-V3 definitions (git-fixes) - arm64: dts: imx8mp: add HDMI power-domains (git-fixes) - arm64: dts: imx8mp: Add NPU Node (git-fixes) - arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes) - arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes) - arm64: errata: Expand speculative SSBS workaround (again) (git-fixes) - arm64: errata: Expand speculative SSBS workaround (git-fixes) - arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files. - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes) - ASoC: allow module autoloading for table board_ids (stable-fixes). - ASoC: allow module autoloading for table db1200_pids (stable-fixes). - ASoC: amd: acp: fix module autoloading (git-fixes). - ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: SOF: amd: Fix for acp init sequence (git-fixes). - ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes). - ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes). - ASoC: SOF: mediatek: Add missing board compatible (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes). - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes). - Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes). - Bluetooth: bnep: Fix out-of-bound access (stable-fixes). - Bluetooth: btintel: Fail setup on error (git-fixes). - Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes). - Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes). - Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes). - Bluetooth: hci_core: Fix LE quote calculation (git-fixes). - Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes). - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes). - Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Add error handling to pair_device() (git-fixes). - Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes). - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes) - bpf, lpm: Fix check prefixlen before walking trie (git-fixes). - bpf: Add crosstask check to __bpf_get_stack (git-fixes). - bpf: Detect IP == ksym.end as part of BPF program (git-fixes). - bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes). - bpf: enforce precision of R0 on callback return (git-fixes). - bpf: Ensure proper register state printing for cond jumps (git-fixes). - bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes). - bpf: Fix a few selftest failures due to llvm18 change (git-fixes). - bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903). - bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes). - bpf: fix control-flow graph checking in privileged mode (git-fixes). - bpf: Fix kfunc callback register type handling (git-fixes). - bpf: Fix prog_array_map_poke_run map poke update (git-fixes). - bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes). - bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes). - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes). - bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes). - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes). - bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes). - bpf: Set uattr->batch.count as zero before batched update or deletion (git-fixes). - bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes). - bpf/tests: Remove duplicate JSGT tests (git-fixes). - bpftool: Align output skeleton ELF code (git-fixes). - bpftool: Fix -Wcast-qual warning (git-fixes). - bpftool: mark orphaned programs during prog show (git-fixes). - bpftool: Silence build warning about calloc() (git-fixes). - btrfs: add a btrfs_finish_ordered_extent helper (git-fixes). - btrfs: add a is_data_bbio helper (git-fixes). - btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes). - btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321). - btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes). - btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes). - btrfs: factor out a can_finish_ordered_extent helper (git-fixes). - btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes). - btrfs: fix double inode unlock for direct IO sync writes (git-fixes). - btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes). - btrfs: fix leak of qgroup extent records after transaction abort (git-fixes). - btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes). - btrfs: limit write bios to a single ordered extent (git-fixes). - btrfs: make btrfs_finish_ordered_extent() return void (git-fixes). - btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes). - btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes). - btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes). - btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes). - btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes). - btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes). - btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes). - btrfs: remove btrfs_add_ordered_extent (git-fixes). - btrfs: rename err to ret in btrfs_direct_write() (git-fixes). - btrfs: uninline some static inline helpers from tree-log.h (git-fixes). - btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes). - btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes). - btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes). - btrfs: use irq safe locking when running and adding delayed iputs (git-fixes). - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245). - cachefiles: add missing lock protection when polling (bsc#1229256). - cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244). - cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249). - cachefiles: cancel all requests for the object that is being dropped (bsc#1229255). - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251). - cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246). - cachefiles: introduce object ondemand state (bsc#1229239). - cachefiles: make on-demand read killable (bsc#1229252). - cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243). - cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250). - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253). - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248). - cachefiles: resend an open request if the read request's object is closed (bsc#1229241). - cachefiles: stop sending new request when dropping object (bsc#1229254). - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes). - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - ceph: periodically flush the cap releases (bsc#1230056). - certs: Move RSA self-test data to separate file (bsc#1222777). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - char: xillybus: Check USB endpoints when probing device (git-fixes). - char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes). - char: xillybus: Refine workqueue handling (git-fixes). - clk: en7523: fix rate divider for slic and spi clocks (git-fixes). - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes). - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes). - clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes). - clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's (git-fixes). - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes). - clk: qcom: Park shared RCGs upon registration (git-fixes). - clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes). - clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes). - cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - cxl/region: Move cxl_dpa_to_region() work to the region driver (bsc#1228472) - dev/parport: fix the array out-of-bounds risk (stable-fixes). - device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes). - dmaengine: dw: Add memory bus width verification (git-fixes). - dmaengine: dw: Add peripheral bus width verification (git-fixes). - docs: KVM: Fix register ID of SPSR_FIQ (git-fixes). - driver core: Fix uevent_show() vs driver detach race (git-fixes). - drm/admgpu: fix dereferencing null pointer context (stable-fixes). - drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes). - drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes). - drm/amd/display: Add null checker before passing variables (stable-fixes). - drm/amd/display: Adjust cursor position (git-fixes). - drm/amd/display: avoid using null object of framebuffer (git-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: fix cursor offset on rotation 180 (git-fixes). - drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes). - drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes). - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - drm/amdgpu: Actually check flags for all context ops (stable-fixes). - drm/amdgpu: Add lock around VF RLCG interface (stable-fixes). - drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - drm/amdgpu: fix potential resource leak warning (stable-fixes). - drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes). - drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes). - drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes). - drm/amdgpu: Validate TA binary size (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes). - drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes). - drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes). - drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes). - drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes). - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes). - drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes). - drm/lima: set gp bus_stop bit before hard reset (stable-fixes). - drm/mediatek/dp: Fix spurious kfree() (git-fixes). - drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes). - drm/msm/dp: fix the max supported bpp logic (git-fixes). - drm/msm/dp: reset the link phy params before link training (git-fixes). - drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes). - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes). - drm/msm/dpu: do not play tricks with debug macros (git-fixes). - drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes). - drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() (git-fixes). - drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes). - drm/msm/dpu: take plane rotation into account for wide planes (git-fixes). - drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes). - drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes). - drm/msm/mdss: Rename path references to mdp_path (stable-fixes). - drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes). - drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes). - drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024). - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes). - drm/virtio: Fix type of dma-fence context variable (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - drm/vmwgfx: Fix prime with external buffers (git-fixes). - efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes). - evm: do not copy up 'security.evm' xattr (git-fixes). - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes). - fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229455). - fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456). - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes). - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes). - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - gfs2: setattr_chown: Add missing initialization (git-fixes). - gpio: mlxbf3: Support shutdown() function (git-fixes). - gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes). - gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes). - hwmon: (ltc2992) Avoid division by zero (stable-fixes). - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes). - hwmon: (pc87360) Bounds check data->innr usage (stable-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: riic: avoid potential division by zero (stable-fixes). - i2c: smbus: Improve handling of stuck alerts (git-fixes). - i2c: smbus: Send alert notifications to all devices if source not found (git-fixes). - i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes). - i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes). - i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes). - ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737). - Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes). - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056). - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes). - Input: MT - limit max slots (stable-fixes). - io_uring: Drop per-ctx dummy_ubuf (git-fixes). - io_uring: fix io_match_task must_hold (git-fixes). - io_uring: Fix probe of disabled operations (git-fixes). - io_uring: tighten task exit cancellations (git-fixes). - io_uring/advise: support 64-bit lengths (git-fixes). - iommu/amd: Convert comma to semicolon (git-fixes). - iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes). - iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes). - ip6_tunnel: Fix broken GRO (bsc#1229444). - ipv6: sr: fix incorrect unregister order (git-fixes). - irqdomain: Fixed unbalanced fwnode get and put (git-fixes). - jfs: define xtree root and page independently (git-fixes). - jfs: fix null ptr deref in dtInsertEntry (git-fixes). - jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes). - jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes). - jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes). - jump_label: Fix the fix, brown paper bags galore (git-fixes). - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes). - kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes). - kABI workaround for sound core UMP conversion (stable-fixes). - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users. - kcov: properly check for softirq context (git-fixes). - kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134). - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes). - kprobes: Fix to check symbol prefixes correctly (git-fixes). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes). - KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes). - KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes). - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes). - KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes). - KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes). - KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes) - KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes). - KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes). - KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes). - KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes). - KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes). - KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes). - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes). - KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes). - KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes). - KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes). - KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes). - KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes). - KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes). - KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199). - KVM: Protect vcpu->pid dereference via debugfs with RCU (git-fixes). - KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes). - KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167). - kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168). - KVM: Stop processing *all* memslots when 'null' mmu_notifier handler is found (git-fixes). - KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes). - KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes). - KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes). - KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes). - KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes). - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes). - libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes). - libbpf: Fix faccessat() usage on Android (git-fixes). - libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395). - md: add a mddev_add_trace_msg helper (git-fixes). - md: add check for sleepers in md_wakeup_thread() (git-fixes). - md: change the return value type of md_write_start to void (git-fixes). - md: do not account sync_io if iostats of the disk is disabled (git-fixes). - md: do not delete safemode_timer in mddev_suspend (git-fixes). - md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes). - md: factor out a helper exceed_read_errors() to check read_errors (git-fixes). - md: fix a suspicious RCU usage warning (git-fixes). - md/md-bitmap: fix writing non bitmap pages (git-fixes). - md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes). - md/raid1: support read error check (git-fixes). - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes). - md/raid5: fix spares errors about rcu usage (git-fixes). - md/raid5: recheck if reshape has finished with device_lock held (git-fixes). - media: amphion: Remove lock in s_ctrl callback (stable-fixes). - media: drivers/media/dvb-core: copy user arrays safely (stable-fixes). - media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes). - media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes). - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes). - media: uvcvideo: Ignore empty TS packets (stable-fixes). - media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes). - media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes). - memcg: protect concurrent access to mem_cgroup_idr (git-fixes). - memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes). - memory: tegra: Skip SID programming if SID registers are not set (stable-fixes). - minmax: add a few more MIN_T/MAX_T users (bsc#1229024). - minmax: avoid overly complicated constant expressions in VM code (bsc#1229024). - minmax: do not use max() in situations that want a C constant expression (bsc#1229024). - minmax: fix up min3() and max3() too (bsc#1229024). - minmax: improve macro expansion and type checking (bsc#1229024). - minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024). - minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024). - minmax: simplify min()/max()/clamp() implementation (bsc#1229024). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes). - mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes). - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes). - net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757). - net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - net: missing check virtio (git-fixes). - net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes). - net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes). - net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451). - net/iucv: fix use after free in iucv_sock_close() (bsc#1228973). - net/rds: fix possible cp null dereference (git-fixes). - net/sched: initialize noop_qdisc owner (git-fixes). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc: pn533: Add poll mod list filling check (git-fixes). - nfs: do not invalidate dentries on transient errors (git-fixes). - nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - nfs: make the rpc_stat per net namespace (git-fixes). - nfs: pass explicit offset/count to trace events (git-fixes). - nfs: propagate readlink errors in nfs_symlink_filler (git-fixes). - NFSD: Support write delegations in LAYOUTGET (git-fixes). - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nouveau/firmware: use dma non-coherent allocator (git-fixes). - nvme_core: scan namespaces asynchronously (bsc#1224105). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-multipath: implement 'queue-depth' iopolicy (bsc#1227706). - nvme-multipath: prepare for 'queue-depth' iopolicy (bsc#1227706). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: do not directly handle subsys reset fallout (bsc#1220066). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme-sysfs: add 'tls_configured_key' sysfs attribute (bsc#1221857). - nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857). - nvme-tcp: check for invalidated or revoked key (bsc#1221857). - nvme-tcp: sanitize TLS key handling (bsc#1221857). - nvme: add a newline to the 'tls_key' sysfs attribute (bsc#1221857). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: split off TLS sysfs attributes into a separate group (bsc#1221857). - nvme: tcp: remove unnecessary goto statement (bsc#1221857). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: do not return 'reserved' for empty TSAS values (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes). - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes). - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes). - platform/x86: lg-laptop: fix %s null argument warning (stable-fixes). - platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779). - platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779). - platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779). - platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779). - platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779). - platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes). - power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes). - power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes). - power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869). - powerpc/kexec: make the update_cpus_node() function public (bsc#1194869). - powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869). - powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607). - RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes) - RDMA/cache: Release GID table even if leak is detected (git-fixes) - RDMA/device: Return error earlier if port in not valid (git-fixes) - RDMA/hns: Check atomic wr length (git-fixes) - RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes) - RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes) - RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes). - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes) - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - reiserfs: fix uninit-value in comp_keys (git-fixes). - rtc: nct3018y: fix possible NULL dereference (stable-fixes). - s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171). - s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173). - s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452). - s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174). - s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172). - s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172). - s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720). - s390/pkey: introduce dynamic debugging for pkey (bsc#1228720). - s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169). - s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170). - samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes). - samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes). - sbitmap: use READ_ONCE to access map->word (stable-fixes). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes). - selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903). - selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes). - selftests/bpf: Add netkit to tc_redirect selftest (git-fixes). - selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes). - selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes). - selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes). - selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes). - selftests/bpf: Fix erroneous bitmask operation (git-fixes). - selftests/bpf: Fix issues in setup_classid_environment() (git-fixes). - selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes). - selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes). - selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes). - selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes). - selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes). - selftests/bpf: Make linked_list failure test more robust (git-fixes). - selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes). - selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes). - selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes). - selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes). - serial: core: check uartclk for zero to avoid divide by zero (stable-fixes). - soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes). - soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes). - soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes). - spi: Add empty versions of ACPI functions (stable-fixes). - spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes). - spi: microchip-core: switch to use modern name (stable-fixes). - spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes). - spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes). - Squashfs: fix variable overflow triggered by sysbot (git-fixes). - squashfs: squashfs_read_data need to check if the length is 0 (git-fixes). - ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes). - staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes). - staging: ks7010: disable bh on tx_dev_lock (stable-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849). - SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes). - SUNRPC: Fix a race to wake a sync task (git-fixes). - swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes). - swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes). - thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes). - thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tools/perf: Fix perf bench epoll to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix perf bench futex to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747). - tools/resolve_btfids: fix build with musl libc (git-fixes). - tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes). - tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes). - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes). - trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes). - tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - tty: atmel_serial: use the correct RTS flag (git-fixes). - tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes). - usb: cdnsp: fix for Link TRB with TC (git-fixes). - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes). - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usb: gadget: core: Check for unset descriptor (git-fixes). - usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes). - usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes). - usb: gadget: u_serial: Set start_delayed during suspend (git-fixes). - usb: gadget: uvc: cleanup request when not in correct state (stable-fixes). - USB: serial: debug: do not echo input by default (stable-fixes). - usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes). - usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes). - usb: typec: fsa4480: Check if the chip is really there (git-fixes). - usb: typec: fsa4480: Relax CHIP_ID check (git-fixes). - usb: typec: fsa4480: rework mux & switch setup to handle more states (git-fixes). - usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes). - vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes). - vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - vhost: Release worker mutex during flushes (git-fixes). - vhost: Use virtqueue mutex for swapping worker (git-fixes). - vhost/vsock: always initialize seqpacket_allow (git-fixes). - virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtio-crypto: handle config changed by work queue (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtiofs: forbid newlines in tags (bsc#1229940). - wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes). - wifi: ath12k: fix soft lockup on suspend (git-fixes). - wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes). - wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes). - wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes). - wifi: mac80211: use monitor sdata with driver only if desired (git-fixes). - wifi: mwifiex: duplicate static structs used in driver instances (git-fixes). - wifi: nl80211: disallow setting special AP channel widths (stable-fixes). - wifi: nl80211: do not give key data to userspace (stable-fixes). - wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes). - wifi: wfx: repair open network AP mode (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes). - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes). - x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes). - x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes). - x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes). - x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes). - x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes). - x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes). - x86/numa: Introduce numa_fill_memblks() (git-fixes). - x86/pci: Skip early E820 check for ECAM region (git-fixes). - x86/xen: Convert comma to semicolon (git-fixes). - xfs: allow cross-linking special files without project quota (git-fixes). - xfs: allow symlinks with short remote targets (bsc#1229160). - xfs: allow unlinked symlinks and dirs with zero size (git-fixes). - xfs: attr forks require attr, not attr2 (git-fixes). - xfs: convert comma to semicolon (git-fixes). - xfs: do not use current->journal_info (git-fixes). - xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes). - xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - xfs: fix unlink vs cluster buffer instantiation race (git-fixes). - xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes). - xfs: journal geometry is not properly bounds checked (git-fixes). - xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes). - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes). - xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes). - xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes). - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-3195,SUSE-SLE-Module-Live-Patching-15-SP6-2024-3195,SUSE-SLE-Module-RT-15-SP6-2024-3195,openSUSE-SLE-15.6-2024-3195 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ Link for SUSE-SU-2024:3195-1 https://lists.suse.com/pipermail/sle-updates/2024-September/036842.html E-Mail link for SUSE-SU-2024:3195-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1012628 SUSE Bug 1012628 https://bugzilla.suse.com/1193454 SUSE Bug 1193454 https://bugzilla.suse.com/1194869 SUSE Bug 1194869 https://bugzilla.suse.com/1205462 SUSE Bug 1205462 https://bugzilla.suse.com/1208783 SUSE Bug 1208783 https://bugzilla.suse.com/1213123 SUSE Bug 1213123 https://bugzilla.suse.com/1214285 SUSE Bug 1214285 https://bugzilla.suse.com/1215199 SUSE Bug 1215199 https://bugzilla.suse.com/1219596 SUSE Bug 1219596 https://bugzilla.suse.com/1220066 SUSE Bug 1220066 https://bugzilla.suse.com/1220252 SUSE Bug 1220252 https://bugzilla.suse.com/1220877 SUSE Bug 1220877 https://bugzilla.suse.com/1221326 SUSE Bug 1221326 https://bugzilla.suse.com/1221630 SUSE Bug 1221630 https://bugzilla.suse.com/1221645 SUSE Bug 1221645 https://bugzilla.suse.com/1221652 SUSE Bug 1221652 https://bugzilla.suse.com/1221857 SUSE Bug 1221857 https://bugzilla.suse.com/1222254 SUSE Bug 1222254 https://bugzilla.suse.com/1222335 SUSE Bug 1222335 https://bugzilla.suse.com/1222350 SUSE Bug 1222350 https://bugzilla.suse.com/1222364 SUSE Bug 1222364 https://bugzilla.suse.com/1222372 SUSE Bug 1222372 https://bugzilla.suse.com/1222387 SUSE Bug 1222387 https://bugzilla.suse.com/1222433 SUSE Bug 1222433 https://bugzilla.suse.com/1222434 SUSE Bug 1222434 https://bugzilla.suse.com/1222625 SUSE Bug 1222625 https://bugzilla.suse.com/1222633 SUSE Bug 1222633 https://bugzilla.suse.com/1222634 SUSE Bug 1222634 https://bugzilla.suse.com/1222777 SUSE Bug 1222777 https://bugzilla.suse.com/1222808 SUSE Bug 1222808 https://bugzilla.suse.com/1222967 SUSE Bug 1222967 https://bugzilla.suse.com/1222973 SUSE Bug 1222973 https://bugzilla.suse.com/1223053 SUSE Bug 1223053 https://bugzilla.suse.com/1223074 SUSE Bug 1223074 https://bugzilla.suse.com/1223191 SUSE Bug 1223191 https://bugzilla.suse.com/1223395 SUSE Bug 1223395 https://bugzilla.suse.com/1223635 SUSE Bug 1223635 https://bugzilla.suse.com/1223720 SUSE Bug 1223720 https://bugzilla.suse.com/1223731 SUSE Bug 1223731 https://bugzilla.suse.com/1223742 SUSE Bug 1223742 https://bugzilla.suse.com/1223763 SUSE Bug 1223763 https://bugzilla.suse.com/1223767 SUSE Bug 1223767 https://bugzilla.suse.com/1223777 SUSE Bug 1223777 https://bugzilla.suse.com/1223803 SUSE Bug 1223803 https://bugzilla.suse.com/1224105 SUSE Bug 1224105 https://bugzilla.suse.com/1224415 SUSE Bug 1224415 https://bugzilla.suse.com/1224485 SUSE Bug 1224485 https://bugzilla.suse.com/1224496 SUSE Bug 1224496 https://bugzilla.suse.com/1224510 SUSE Bug 1224510 https://bugzilla.suse.com/1224535 SUSE Bug 1224535 https://bugzilla.suse.com/1224631 SUSE Bug 1224631 https://bugzilla.suse.com/1224636 SUSE Bug 1224636 https://bugzilla.suse.com/1224690 SUSE Bug 1224690 https://bugzilla.suse.com/1224694 SUSE Bug 1224694 https://bugzilla.suse.com/1224700 SUSE Bug 1224700 https://bugzilla.suse.com/1224711 SUSE Bug 1224711 https://bugzilla.suse.com/1225461 SUSE Bug 1225461 https://bugzilla.suse.com/1225474 SUSE Bug 1225474 https://bugzilla.suse.com/1225475 SUSE Bug 1225475 https://bugzilla.suse.com/1225582 SUSE Bug 1225582 https://bugzilla.suse.com/1225607 SUSE Bug 1225607 https://bugzilla.suse.com/1225718 SUSE Bug 1225718 https://bugzilla.suse.com/1225751 SUSE Bug 1225751 https://bugzilla.suse.com/1225814 SUSE Bug 1225814 https://bugzilla.suse.com/1225832 SUSE Bug 1225832 https://bugzilla.suse.com/1225838 SUSE Bug 1225838 https://bugzilla.suse.com/1225903 SUSE Bug 1225903 https://bugzilla.suse.com/1226031 SUSE Bug 1226031 https://bugzilla.suse.com/1226127 SUSE Bug 1226127 https://bugzilla.suse.com/1226502 SUSE Bug 1226502 https://bugzilla.suse.com/1226530 SUSE Bug 1226530 https://bugzilla.suse.com/1226588 SUSE Bug 1226588 https://bugzilla.suse.com/1226604 SUSE Bug 1226604 https://bugzilla.suse.com/1226743 SUSE Bug 1226743 https://bugzilla.suse.com/1226751 SUSE Bug 1226751 https://bugzilla.suse.com/1226765 SUSE Bug 1226765 https://bugzilla.suse.com/1226798 SUSE Bug 1226798 https://bugzilla.suse.com/1226801 SUSE Bug 1226801 https://bugzilla.suse.com/1226834 SUSE Bug 1226834 https://bugzilla.suse.com/1226874 SUSE Bug 1226874 https://bugzilla.suse.com/1226885 SUSE Bug 1226885 https://bugzilla.suse.com/1226920 SUSE Bug 1226920 https://bugzilla.suse.com/1227149 SUSE Bug 1227149 https://bugzilla.suse.com/1227182 SUSE Bug 1227182 https://bugzilla.suse.com/1227383 SUSE Bug 1227383 https://bugzilla.suse.com/1227437 SUSE Bug 1227437 https://bugzilla.suse.com/1227492 SUSE Bug 1227492 https://bugzilla.suse.com/1227493 SUSE Bug 1227493 https://bugzilla.suse.com/1227494 SUSE Bug 1227494 https://bugzilla.suse.com/1227618 SUSE Bug 1227618 https://bugzilla.suse.com/1227620 SUSE Bug 1227620 https://bugzilla.suse.com/1227623 SUSE Bug 1227623 https://bugzilla.suse.com/1227627 SUSE Bug 1227627 https://bugzilla.suse.com/1227634 SUSE Bug 1227634 https://bugzilla.suse.com/1227706 SUSE Bug 1227706 https://bugzilla.suse.com/1227722 SUSE Bug 1227722 https://bugzilla.suse.com/1227724 SUSE Bug 1227724 https://bugzilla.suse.com/1227725 SUSE Bug 1227725 https://bugzilla.suse.com/1227728 SUSE Bug 1227728 https://bugzilla.suse.com/1227729 SUSE Bug 1227729 https://bugzilla.suse.com/1227732 SUSE Bug 1227732 https://bugzilla.suse.com/1227733 SUSE Bug 1227733 https://bugzilla.suse.com/1227734 SUSE Bug 1227734 https://bugzilla.suse.com/1227747 SUSE Bug 1227747 https://bugzilla.suse.com/1227750 SUSE Bug 1227750 https://bugzilla.suse.com/1227754 SUSE Bug 1227754 https://bugzilla.suse.com/1227758 SUSE Bug 1227758 https://bugzilla.suse.com/1227760 SUSE Bug 1227760 https://bugzilla.suse.com/1227761 SUSE Bug 1227761 https://bugzilla.suse.com/1227764 SUSE Bug 1227764 https://bugzilla.suse.com/1227766 SUSE Bug 1227766 https://bugzilla.suse.com/1227770 SUSE Bug 1227770 https://bugzilla.suse.com/1227771 SUSE Bug 1227771 https://bugzilla.suse.com/1227772 SUSE Bug 1227772 https://bugzilla.suse.com/1227774 SUSE Bug 1227774 https://bugzilla.suse.com/1227781 SUSE Bug 1227781 https://bugzilla.suse.com/1227784 SUSE Bug 1227784 https://bugzilla.suse.com/1227785 SUSE Bug 1227785 https://bugzilla.suse.com/1227787 SUSE Bug 1227787 https://bugzilla.suse.com/1227790 SUSE Bug 1227790 https://bugzilla.suse.com/1227791 SUSE Bug 1227791 https://bugzilla.suse.com/1227792 SUSE Bug 1227792 https://bugzilla.suse.com/1227796 SUSE Bug 1227796 https://bugzilla.suse.com/1227798 SUSE Bug 1227798 https://bugzilla.suse.com/1227799 SUSE Bug 1227799 https://bugzilla.suse.com/1227802 SUSE Bug 1227802 https://bugzilla.suse.com/1227808 SUSE Bug 1227808 https://bugzilla.suse.com/1227810 SUSE Bug 1227810 https://bugzilla.suse.com/1227811 SUSE Bug 1227811 https://bugzilla.suse.com/1227812 SUSE Bug 1227812 https://bugzilla.suse.com/1227815 SUSE Bug 1227815 https://bugzilla.suse.com/1227816 SUSE Bug 1227816 https://bugzilla.suse.com/1227818 SUSE Bug 1227818 https://bugzilla.suse.com/1227820 SUSE Bug 1227820 https://bugzilla.suse.com/1227823 SUSE Bug 1227823 https://bugzilla.suse.com/1227824 SUSE Bug 1227824 https://bugzilla.suse.com/1227826 SUSE Bug 1227826 https://bugzilla.suse.com/1227828 SUSE Bug 1227828 https://bugzilla.suse.com/1227829 SUSE Bug 1227829 https://bugzilla.suse.com/1227830 SUSE Bug 1227830 https://bugzilla.suse.com/1227832 SUSE Bug 1227832 https://bugzilla.suse.com/1227833 SUSE Bug 1227833 https://bugzilla.suse.com/1227834 SUSE Bug 1227834 https://bugzilla.suse.com/1227839 SUSE Bug 1227839 https://bugzilla.suse.com/1227840 SUSE Bug 1227840 https://bugzilla.suse.com/1227846 SUSE Bug 1227846 https://bugzilla.suse.com/1227849 SUSE Bug 1227849 https://bugzilla.suse.com/1227851 SUSE Bug 1227851 https://bugzilla.suse.com/1227853 SUSE Bug 1227853 https://bugzilla.suse.com/1227863 SUSE Bug 1227863 https://bugzilla.suse.com/1227864 SUSE Bug 1227864 https://bugzilla.suse.com/1227865 SUSE Bug 1227865 https://bugzilla.suse.com/1227867 SUSE Bug 1227867 https://bugzilla.suse.com/1227869 SUSE Bug 1227869 https://bugzilla.suse.com/1227870 SUSE Bug 1227870 https://bugzilla.suse.com/1227883 SUSE Bug 1227883 https://bugzilla.suse.com/1227884 SUSE Bug 1227884 https://bugzilla.suse.com/1227891 SUSE Bug 1227891 https://bugzilla.suse.com/1227893 SUSE Bug 1227893 https://bugzilla.suse.com/1227929 SUSE Bug 1227929 https://bugzilla.suse.com/1227950 SUSE Bug 1227950 https://bugzilla.suse.com/1227957 SUSE Bug 1227957 https://bugzilla.suse.com/1227981 SUSE Bug 1227981 https://bugzilla.suse.com/1228020 SUSE Bug 1228020 https://bugzilla.suse.com/1228021 SUSE Bug 1228021 https://bugzilla.suse.com/1228114 SUSE Bug 1228114 https://bugzilla.suse.com/1228192 SUSE Bug 1228192 https://bugzilla.suse.com/1228195 SUSE Bug 1228195 https://bugzilla.suse.com/1228202 SUSE Bug 1228202 https://bugzilla.suse.com/1228235 SUSE Bug 1228235 https://bugzilla.suse.com/1228236 SUSE Bug 1228236 https://bugzilla.suse.com/1228237 SUSE Bug 1228237 https://bugzilla.suse.com/1228247 SUSE Bug 1228247 https://bugzilla.suse.com/1228321 SUSE Bug 1228321 https://bugzilla.suse.com/1228409 SUSE Bug 1228409 https://bugzilla.suse.com/1228410 SUSE Bug 1228410 https://bugzilla.suse.com/1228426 SUSE Bug 1228426 https://bugzilla.suse.com/1228427 SUSE Bug 1228427 https://bugzilla.suse.com/1228429 SUSE Bug 1228429 https://bugzilla.suse.com/1228446 SUSE Bug 1228446 https://bugzilla.suse.com/1228447 SUSE Bug 1228447 https://bugzilla.suse.com/1228449 SUSE Bug 1228449 https://bugzilla.suse.com/1228450 SUSE Bug 1228450 https://bugzilla.suse.com/1228452 SUSE Bug 1228452 https://bugzilla.suse.com/1228456 SUSE Bug 1228456 https://bugzilla.suse.com/1228457 SUSE Bug 1228457 https://bugzilla.suse.com/1228458 SUSE Bug 1228458 https://bugzilla.suse.com/1228459 SUSE Bug 1228459 https://bugzilla.suse.com/1228460 SUSE Bug 1228460 https://bugzilla.suse.com/1228462 SUSE Bug 1228462 https://bugzilla.suse.com/1228463 SUSE Bug 1228463 https://bugzilla.suse.com/1228466 SUSE Bug 1228466 https://bugzilla.suse.com/1228467 SUSE Bug 1228467 https://bugzilla.suse.com/1228468 SUSE Bug 1228468 https://bugzilla.suse.com/1228469 SUSE Bug 1228469 https://bugzilla.suse.com/1228470 SUSE Bug 1228470 https://bugzilla.suse.com/1228472 SUSE Bug 1228472 https://bugzilla.suse.com/1228479 SUSE Bug 1228479 https://bugzilla.suse.com/1228480 SUSE Bug 1228480 https://bugzilla.suse.com/1228481 SUSE Bug 1228481 https://bugzilla.suse.com/1228482 SUSE Bug 1228482 https://bugzilla.suse.com/1228483 SUSE Bug 1228483 https://bugzilla.suse.com/1228484 SUSE Bug 1228484 https://bugzilla.suse.com/1228485 SUSE Bug 1228485 https://bugzilla.suse.com/1228486 SUSE Bug 1228486 https://bugzilla.suse.com/1228487 SUSE Bug 1228487 https://bugzilla.suse.com/1228489 SUSE Bug 1228489 https://bugzilla.suse.com/1228491 SUSE Bug 1228491 https://bugzilla.suse.com/1228492 SUSE Bug 1228492 https://bugzilla.suse.com/1228493 SUSE Bug 1228493 https://bugzilla.suse.com/1228494 SUSE Bug 1228494 https://bugzilla.suse.com/1228495 SUSE Bug 1228495 https://bugzilla.suse.com/1228496 SUSE Bug 1228496 https://bugzilla.suse.com/1228499 SUSE Bug 1228499 https://bugzilla.suse.com/1228500 SUSE Bug 1228500 https://bugzilla.suse.com/1228501 SUSE Bug 1228501 https://bugzilla.suse.com/1228502 SUSE Bug 1228502 https://bugzilla.suse.com/1228503 SUSE Bug 1228503 https://bugzilla.suse.com/1228505 SUSE Bug 1228505 https://bugzilla.suse.com/1228508 SUSE Bug 1228508 https://bugzilla.suse.com/1228509 SUSE Bug 1228509 https://bugzilla.suse.com/1228510 SUSE Bug 1228510 https://bugzilla.suse.com/1228511 SUSE Bug 1228511 https://bugzilla.suse.com/1228513 SUSE Bug 1228513 https://bugzilla.suse.com/1228515 SUSE Bug 1228515 https://bugzilla.suse.com/1228516 SUSE Bug 1228516 https://bugzilla.suse.com/1228518 SUSE Bug 1228518 https://bugzilla.suse.com/1228520 SUSE Bug 1228520 https://bugzilla.suse.com/1228525 SUSE Bug 1228525 https://bugzilla.suse.com/1228527 SUSE Bug 1228527 https://bugzilla.suse.com/1228530 SUSE Bug 1228530 https://bugzilla.suse.com/1228531 SUSE Bug 1228531 https://bugzilla.suse.com/1228539 SUSE Bug 1228539 https://bugzilla.suse.com/1228561 SUSE Bug 1228561 https://bugzilla.suse.com/1228563 SUSE Bug 1228563 https://bugzilla.suse.com/1228564 SUSE Bug 1228564 https://bugzilla.suse.com/1228565 SUSE Bug 1228565 https://bugzilla.suse.com/1228567 SUSE Bug 1228567 https://bugzilla.suse.com/1228568 SUSE Bug 1228568 https://bugzilla.suse.com/1228572 SUSE Bug 1228572 https://bugzilla.suse.com/1228576 SUSE Bug 1228576 https://bugzilla.suse.com/1228579 SUSE Bug 1228579 https://bugzilla.suse.com/1228580 SUSE Bug 1228580 https://bugzilla.suse.com/1228581 SUSE Bug 1228581 https://bugzilla.suse.com/1228582 SUSE Bug 1228582 https://bugzilla.suse.com/1228584 SUSE Bug 1228584 https://bugzilla.suse.com/1228586 SUSE Bug 1228586 https://bugzilla.suse.com/1228588 SUSE Bug 1228588 https://bugzilla.suse.com/1228590 SUSE Bug 1228590 https://bugzilla.suse.com/1228591 SUSE Bug 1228591 https://bugzilla.suse.com/1228599 SUSE Bug 1228599 https://bugzilla.suse.com/1228615 SUSE Bug 1228615 https://bugzilla.suse.com/1228616 SUSE Bug 1228616 https://bugzilla.suse.com/1228617 SUSE Bug 1228617 https://bugzilla.suse.com/1228625 SUSE Bug 1228625 https://bugzilla.suse.com/1228626 SUSE Bug 1228626 https://bugzilla.suse.com/1228633 SUSE Bug 1228633 https://bugzilla.suse.com/1228635 SUSE Bug 1228635 https://bugzilla.suse.com/1228636 SUSE Bug 1228636 https://bugzilla.suse.com/1228640 SUSE Bug 1228640 https://bugzilla.suse.com/1228643 SUSE Bug 1228643 https://bugzilla.suse.com/1228644 SUSE Bug 1228644 https://bugzilla.suse.com/1228646 SUSE Bug 1228646 https://bugzilla.suse.com/1228649 SUSE Bug 1228649 https://bugzilla.suse.com/1228650 SUSE Bug 1228650 https://bugzilla.suse.com/1228654 SUSE Bug 1228654 https://bugzilla.suse.com/1228655 SUSE Bug 1228655 https://bugzilla.suse.com/1228656 SUSE Bug 1228656 https://bugzilla.suse.com/1228658 SUSE Bug 1228658 https://bugzilla.suse.com/1228660 SUSE Bug 1228660 https://bugzilla.suse.com/1228662 SUSE Bug 1228662 https://bugzilla.suse.com/1228665 SUSE Bug 1228665 https://bugzilla.suse.com/1228666 SUSE Bug 1228666 https://bugzilla.suse.com/1228667 SUSE Bug 1228667 https://bugzilla.suse.com/1228672 SUSE Bug 1228672 https://bugzilla.suse.com/1228673 SUSE Bug 1228673 https://bugzilla.suse.com/1228674 SUSE Bug 1228674 https://bugzilla.suse.com/1228677 SUSE Bug 1228677 https://bugzilla.suse.com/1228680 SUSE Bug 1228680 https://bugzilla.suse.com/1228687 SUSE Bug 1228687 https://bugzilla.suse.com/1228705 SUSE Bug 1228705 https://bugzilla.suse.com/1228706 SUSE Bug 1228706 https://bugzilla.suse.com/1228707 SUSE Bug 1228707 https://bugzilla.suse.com/1228708 SUSE Bug 1228708 https://bugzilla.suse.com/1228709 SUSE Bug 1228709 https://bugzilla.suse.com/1228710 SUSE Bug 1228710 https://bugzilla.suse.com/1228718 SUSE Bug 1228718 https://bugzilla.suse.com/1228720 SUSE Bug 1228720 https://bugzilla.suse.com/1228721 SUSE Bug 1228721 https://bugzilla.suse.com/1228722 SUSE Bug 1228722 https://bugzilla.suse.com/1228723 SUSE Bug 1228723 https://bugzilla.suse.com/1228724 SUSE Bug 1228724 https://bugzilla.suse.com/1228726 SUSE Bug 1228726 https://bugzilla.suse.com/1228727 SUSE Bug 1228727 https://bugzilla.suse.com/1228733 SUSE Bug 1228733 https://bugzilla.suse.com/1228737 SUSE Bug 1228737 https://bugzilla.suse.com/1228743 SUSE Bug 1228743 https://bugzilla.suse.com/1228748 SUSE Bug 1228748 https://bugzilla.suse.com/1228754 SUSE Bug 1228754 https://bugzilla.suse.com/1228756 SUSE Bug 1228756 https://bugzilla.suse.com/1228757 SUSE Bug 1228757 https://bugzilla.suse.com/1228758 SUSE Bug 1228758 https://bugzilla.suse.com/1228764 SUSE Bug 1228764 https://bugzilla.suse.com/1228766 SUSE Bug 1228766 https://bugzilla.suse.com/1228779 SUSE Bug 1228779 https://bugzilla.suse.com/1228801 SUSE Bug 1228801 https://bugzilla.suse.com/1228849 SUSE Bug 1228849 https://bugzilla.suse.com/1228850 SUSE Bug 1228850 https://bugzilla.suse.com/1228857 SUSE Bug 1228857 https://bugzilla.suse.com/1228959 SUSE Bug 1228959 https://bugzilla.suse.com/1228964 SUSE Bug 1228964 https://bugzilla.suse.com/1228966 SUSE Bug 1228966 https://bugzilla.suse.com/1228967 SUSE Bug 1228967 https://bugzilla.suse.com/1228973 SUSE Bug 1228973 https://bugzilla.suse.com/1228977 SUSE Bug 1228977 https://bugzilla.suse.com/1228978 SUSE Bug 1228978 https://bugzilla.suse.com/1228979 SUSE Bug 1228979 https://bugzilla.suse.com/1228986 SUSE Bug 1228986 https://bugzilla.suse.com/1228988 SUSE Bug 1228988 https://bugzilla.suse.com/1228989 SUSE Bug 1228989 https://bugzilla.suse.com/1228991 SUSE Bug 1228991 https://bugzilla.suse.com/1228992 SUSE Bug 1228992 https://bugzilla.suse.com/1229005 SUSE Bug 1229005 https://bugzilla.suse.com/1229024 SUSE Bug 1229024 https://bugzilla.suse.com/1229042 SUSE Bug 1229042 https://bugzilla.suse.com/1229045 SUSE Bug 1229045 https://bugzilla.suse.com/1229046 SUSE Bug 1229046 https://bugzilla.suse.com/1229054 SUSE Bug 1229054 https://bugzilla.suse.com/1229056 SUSE Bug 1229056 https://bugzilla.suse.com/1229086 SUSE Bug 1229086 https://bugzilla.suse.com/1229134 SUSE Bug 1229134 https://bugzilla.suse.com/1229136 SUSE Bug 1229136 https://bugzilla.suse.com/1229154 SUSE Bug 1229154 https://bugzilla.suse.com/1229156 SUSE Bug 1229156 https://bugzilla.suse.com/1229160 SUSE Bug 1229160 https://bugzilla.suse.com/1229167 SUSE Bug 1229167 https://bugzilla.suse.com/1229168 SUSE Bug 1229168 https://bugzilla.suse.com/1229169 SUSE Bug 1229169 https://bugzilla.suse.com/1229170 SUSE Bug 1229170 https://bugzilla.suse.com/1229171 SUSE Bug 1229171 https://bugzilla.suse.com/1229172 SUSE Bug 1229172 https://bugzilla.suse.com/1229173 SUSE Bug 1229173 https://bugzilla.suse.com/1229174 SUSE Bug 1229174 https://bugzilla.suse.com/1229239 SUSE Bug 1229239 https://bugzilla.suse.com/1229240 SUSE Bug 1229240 https://bugzilla.suse.com/1229241 SUSE Bug 1229241 https://bugzilla.suse.com/1229243 SUSE Bug 1229243 https://bugzilla.suse.com/1229244 SUSE Bug 1229244 https://bugzilla.suse.com/1229245 SUSE Bug 1229245 https://bugzilla.suse.com/1229246 SUSE Bug 1229246 https://bugzilla.suse.com/1229247 SUSE Bug 1229247 https://bugzilla.suse.com/1229248 SUSE Bug 1229248 https://bugzilla.suse.com/1229249 SUSE Bug 1229249 https://bugzilla.suse.com/1229250 SUSE Bug 1229250 https://bugzilla.suse.com/1229251 SUSE Bug 1229251 https://bugzilla.suse.com/1229252 SUSE Bug 1229252 https://bugzilla.suse.com/1229253 SUSE Bug 1229253 https://bugzilla.suse.com/1229254 SUSE Bug 1229254 https://bugzilla.suse.com/1229255 SUSE Bug 1229255 https://bugzilla.suse.com/1229256 SUSE Bug 1229256 https://bugzilla.suse.com/1229287 SUSE Bug 1229287 https://bugzilla.suse.com/1229290 SUSE Bug 1229290 https://bugzilla.suse.com/1229291 SUSE Bug 1229291 https://bugzilla.suse.com/1229292 SUSE Bug 1229292 https://bugzilla.suse.com/1229294 SUSE Bug 1229294 https://bugzilla.suse.com/1229296 SUSE Bug 1229296 https://bugzilla.suse.com/1229297 SUSE Bug 1229297 https://bugzilla.suse.com/1229298 SUSE Bug 1229298 https://bugzilla.suse.com/1229299 SUSE Bug 1229299 https://bugzilla.suse.com/1229301 SUSE Bug 1229301 https://bugzilla.suse.com/1229303 SUSE Bug 1229303 https://bugzilla.suse.com/1229304 SUSE Bug 1229304 https://bugzilla.suse.com/1229305 SUSE Bug 1229305 https://bugzilla.suse.com/1229307 SUSE Bug 1229307 https://bugzilla.suse.com/1229309 SUSE Bug 1229309 https://bugzilla.suse.com/1229312 SUSE Bug 1229312 https://bugzilla.suse.com/1229313 SUSE Bug 1229313 https://bugzilla.suse.com/1229314 SUSE Bug 1229314 https://bugzilla.suse.com/1229315 SUSE Bug 1229315 https://bugzilla.suse.com/1229316 SUSE Bug 1229316 https://bugzilla.suse.com/1229317 SUSE Bug 1229317 https://bugzilla.suse.com/1229318 SUSE Bug 1229318 https://bugzilla.suse.com/1229319 SUSE Bug 1229319 https://bugzilla.suse.com/1229320 SUSE Bug 1229320 https://bugzilla.suse.com/1229327 SUSE Bug 1229327 https://bugzilla.suse.com/1229341 SUSE Bug 1229341 https://bugzilla.suse.com/1229342 SUSE Bug 1229342 https://bugzilla.suse.com/1229344 SUSE Bug 1229344 https://bugzilla.suse.com/1229345 SUSE Bug 1229345 https://bugzilla.suse.com/1229346 SUSE Bug 1229346 https://bugzilla.suse.com/1229347 SUSE Bug 1229347 https://bugzilla.suse.com/1229349 SUSE Bug 1229349 https://bugzilla.suse.com/1229350 SUSE Bug 1229350 https://bugzilla.suse.com/1229351 SUSE Bug 1229351 https://bugzilla.suse.com/1229353 SUSE Bug 1229353 https://bugzilla.suse.com/1229354 SUSE Bug 1229354 https://bugzilla.suse.com/1229355 SUSE Bug 1229355 https://bugzilla.suse.com/1229356 SUSE Bug 1229356 https://bugzilla.suse.com/1229357 SUSE Bug 1229357 https://bugzilla.suse.com/1229358 SUSE Bug 1229358 https://bugzilla.suse.com/1229359 SUSE Bug 1229359 https://bugzilla.suse.com/1229360 SUSE Bug 1229360 https://bugzilla.suse.com/1229365 SUSE Bug 1229365 https://bugzilla.suse.com/1229366 SUSE Bug 1229366 https://bugzilla.suse.com/1229369 SUSE Bug 1229369 https://bugzilla.suse.com/1229370 SUSE Bug 1229370 https://bugzilla.suse.com/1229373 SUSE Bug 1229373 https://bugzilla.suse.com/1229374 SUSE Bug 1229374 https://bugzilla.suse.com/1229379 SUSE Bug 1229379 https://bugzilla.suse.com/1229381 SUSE Bug 1229381 https://bugzilla.suse.com/1229382 SUSE Bug 1229382 https://bugzilla.suse.com/1229383 SUSE Bug 1229383 https://bugzilla.suse.com/1229386 SUSE Bug 1229386 https://bugzilla.suse.com/1229388 SUSE Bug 1229388 https://bugzilla.suse.com/1229390 SUSE Bug 1229390 https://bugzilla.suse.com/1229391 SUSE Bug 1229391 https://bugzilla.suse.com/1229392 SUSE Bug 1229392 https://bugzilla.suse.com/1229395 SUSE Bug 1229395 https://bugzilla.suse.com/1229398 SUSE Bug 1229398 https://bugzilla.suse.com/1229399 SUSE Bug 1229399 https://bugzilla.suse.com/1229400 SUSE Bug 1229400 https://bugzilla.suse.com/1229402 SUSE Bug 1229402 https://bugzilla.suse.com/1229403 SUSE Bug 1229403 https://bugzilla.suse.com/1229404 SUSE Bug 1229404 https://bugzilla.suse.com/1229407 SUSE Bug 1229407 https://bugzilla.suse.com/1229409 SUSE Bug 1229409 https://bugzilla.suse.com/1229410 SUSE Bug 1229410 https://bugzilla.suse.com/1229411 SUSE Bug 1229411 https://bugzilla.suse.com/1229413 SUSE Bug 1229413 https://bugzilla.suse.com/1229414 SUSE Bug 1229414 https://bugzilla.suse.com/1229417 SUSE Bug 1229417 https://bugzilla.suse.com/1229444 SUSE Bug 1229444 https://bugzilla.suse.com/1229451 SUSE Bug 1229451 https://bugzilla.suse.com/1229452 SUSE Bug 1229452 https://bugzilla.suse.com/1229455 SUSE Bug 1229455 https://bugzilla.suse.com/1229456 SUSE Bug 1229456 https://bugzilla.suse.com/1229480 SUSE Bug 1229480 https://bugzilla.suse.com/1229481 SUSE Bug 1229481 https://bugzilla.suse.com/1229482 SUSE Bug 1229482 https://bugzilla.suse.com/1229484 SUSE Bug 1229484 https://bugzilla.suse.com/1229485 SUSE Bug 1229485 https://bugzilla.suse.com/1229486 SUSE Bug 1229486 https://bugzilla.suse.com/1229487 SUSE Bug 1229487 https://bugzilla.suse.com/1229488 SUSE Bug 1229488 https://bugzilla.suse.com/1229489 SUSE Bug 1229489 https://bugzilla.suse.com/1229490 SUSE Bug 1229490 https://bugzilla.suse.com/1229493 SUSE Bug 1229493 https://bugzilla.suse.com/1229495 SUSE Bug 1229495 https://bugzilla.suse.com/1229496 SUSE Bug 1229496 https://bugzilla.suse.com/1229497 SUSE Bug 1229497 https://bugzilla.suse.com/1229500 SUSE Bug 1229500 https://bugzilla.suse.com/1229503 SUSE Bug 1229503 https://bugzilla.suse.com/1229707 SUSE Bug 1229707 https://bugzilla.suse.com/1229739 SUSE Bug 1229739 https://bugzilla.suse.com/1229743 SUSE Bug 1229743 https://bugzilla.suse.com/1229746 SUSE Bug 1229746 https://bugzilla.suse.com/1229747 SUSE Bug 1229747 https://bugzilla.suse.com/1229752 SUSE Bug 1229752 https://bugzilla.suse.com/1229754 SUSE Bug 1229754 https://bugzilla.suse.com/1229755 SUSE Bug 1229755 https://bugzilla.suse.com/1229756 SUSE Bug 1229756 https://bugzilla.suse.com/1229759 SUSE Bug 1229759 https://bugzilla.suse.com/1229761 SUSE Bug 1229761 https://bugzilla.suse.com/1229767 SUSE Bug 1229767 https://bugzilla.suse.com/1229781 SUSE Bug 1229781 https://bugzilla.suse.com/1229784 SUSE Bug 1229784 https://bugzilla.suse.com/1229785 SUSE Bug 1229785 https://bugzilla.suse.com/1229787 SUSE Bug 1229787 https://bugzilla.suse.com/1229788 SUSE Bug 1229788 https://bugzilla.suse.com/1229789 SUSE Bug 1229789 https://bugzilla.suse.com/1229792 SUSE Bug 1229792 https://bugzilla.suse.com/1229820 SUSE Bug 1229820 https://bugzilla.suse.com/1229827 SUSE Bug 1229827 https://bugzilla.suse.com/1229830 SUSE Bug 1229830 https://bugzilla.suse.com/1229837 SUSE Bug 1229837 https://bugzilla.suse.com/1229940 SUSE Bug 1229940 https://bugzilla.suse.com/1230056 SUSE Bug 1230056 https://www.suse.com/security/cve/CVE-2023-52489/ SUSE CVE CVE-2023-52489 page https://www.suse.com/security/cve/CVE-2023-52581/ SUSE CVE CVE-2023-52581 page https://www.suse.com/security/cve/CVE-2023-52668/ SUSE CVE CVE-2023-52668 page https://www.suse.com/security/cve/CVE-2023-52688/ SUSE CVE CVE-2023-52688 page https://www.suse.com/security/cve/CVE-2023-52756/ SUSE CVE CVE-2023-52756 page https://www.suse.com/security/cve/CVE-2023-52766/ SUSE CVE CVE-2023-52766 page https://www.suse.com/security/cve/CVE-2023-52800/ SUSE CVE CVE-2023-52800 page https://www.suse.com/security/cve/CVE-2023-52802/ SUSE CVE CVE-2023-52802 page https://www.suse.com/security/cve/CVE-2023-52859/ SUSE CVE CVE-2023-52859 page https://www.suse.com/security/cve/CVE-2023-52885/ SUSE CVE CVE-2023-52885 page https://www.suse.com/security/cve/CVE-2023-52886/ SUSE CVE CVE-2023-52886 page https://www.suse.com/security/cve/CVE-2023-52887/ SUSE CVE CVE-2023-52887 page https://www.suse.com/security/cve/CVE-2023-52889/ SUSE CVE CVE-2023-52889 page https://www.suse.com/security/cve/CVE-2024-26590/ SUSE CVE CVE-2024-26590 page https://www.suse.com/security/cve/CVE-2024-26631/ SUSE CVE CVE-2024-26631 page https://www.suse.com/security/cve/CVE-2024-26637/ SUSE CVE CVE-2024-26637 page https://www.suse.com/security/cve/CVE-2024-26668/ SUSE CVE CVE-2024-26668 page https://www.suse.com/security/cve/CVE-2024-26669/ SUSE CVE CVE-2024-26669 page https://www.suse.com/security/cve/CVE-2024-26677/ SUSE CVE CVE-2024-26677 page https://www.suse.com/security/cve/CVE-2024-26682/ SUSE CVE CVE-2024-26682 page https://www.suse.com/security/cve/CVE-2024-26683/ SUSE CVE CVE-2024-26683 page https://www.suse.com/security/cve/CVE-2024-26735/ SUSE CVE CVE-2024-26735 page https://www.suse.com/security/cve/CVE-2024-26758/ SUSE CVE CVE-2024-26758 page https://www.suse.com/security/cve/CVE-2024-26767/ SUSE CVE CVE-2024-26767 page https://www.suse.com/security/cve/CVE-2024-26808/ SUSE CVE CVE-2024-26808 page https://www.suse.com/security/cve/CVE-2024-26809/ SUSE CVE CVE-2024-26809 page https://www.suse.com/security/cve/CVE-2024-26812/ SUSE CVE CVE-2024-26812 page https://www.suse.com/security/cve/CVE-2024-26835/ SUSE CVE CVE-2024-26835 page https://www.suse.com/security/cve/CVE-2024-26837/ SUSE CVE CVE-2024-26837 page https://www.suse.com/security/cve/CVE-2024-26849/ SUSE CVE CVE-2024-26849 page https://www.suse.com/security/cve/CVE-2024-26851/ SUSE CVE CVE-2024-26851 page https://www.suse.com/security/cve/CVE-2024-26889/ SUSE CVE CVE-2024-26889 page https://www.suse.com/security/cve/CVE-2024-26920/ SUSE CVE CVE-2024-26920 page https://www.suse.com/security/cve/CVE-2024-26976/ SUSE CVE CVE-2024-26976 page https://www.suse.com/security/cve/CVE-2024-27010/ SUSE CVE CVE-2024-27010 page https://www.suse.com/security/cve/CVE-2024-27011/ SUSE CVE CVE-2024-27011 page https://www.suse.com/security/cve/CVE-2024-27024/ SUSE CVE CVE-2024-27024 page https://www.suse.com/security/cve/CVE-2024-27049/ SUSE CVE CVE-2024-27049 page https://www.suse.com/security/cve/CVE-2024-27050/ SUSE CVE CVE-2024-27050 page https://www.suse.com/security/cve/CVE-2024-27079/ SUSE CVE CVE-2024-27079 page https://www.suse.com/security/cve/CVE-2024-27403/ SUSE CVE CVE-2024-27403 page https://www.suse.com/security/cve/CVE-2024-27433/ SUSE CVE CVE-2024-27433 page https://www.suse.com/security/cve/CVE-2024-27437/ SUSE CVE CVE-2024-27437 page https://www.suse.com/security/cve/CVE-2024-31076/ SUSE CVE CVE-2024-31076 page https://www.suse.com/security/cve/CVE-2024-35855/ SUSE CVE CVE-2024-35855 page https://www.suse.com/security/cve/CVE-2024-35897/ SUSE CVE CVE-2024-35897 page https://www.suse.com/security/cve/CVE-2024-35902/ SUSE CVE CVE-2024-35902 page https://www.suse.com/security/cve/CVE-2024-35913/ SUSE CVE CVE-2024-35913 page https://www.suse.com/security/cve/CVE-2024-35939/ SUSE CVE CVE-2024-35939 page https://www.suse.com/security/cve/CVE-2024-35949/ SUSE CVE CVE-2024-35949 page https://www.suse.com/security/cve/CVE-2024-36270/ SUSE CVE CVE-2024-36270 page https://www.suse.com/security/cve/CVE-2024-36286/ SUSE CVE CVE-2024-36286 page https://www.suse.com/security/cve/CVE-2024-36288/ SUSE CVE CVE-2024-36288 page https://www.suse.com/security/cve/CVE-2024-36489/ SUSE CVE CVE-2024-36489 page https://www.suse.com/security/cve/CVE-2024-36881/ SUSE CVE CVE-2024-36881 page https://www.suse.com/security/cve/CVE-2024-36907/ SUSE CVE CVE-2024-36907 page https://www.suse.com/security/cve/CVE-2024-36929/ SUSE CVE CVE-2024-36929 page https://www.suse.com/security/cve/CVE-2024-36933/ SUSE CVE CVE-2024-36933 page https://www.suse.com/security/cve/CVE-2024-36939/ SUSE CVE CVE-2024-36939 page https://www.suse.com/security/cve/CVE-2024-36970/ SUSE CVE CVE-2024-36970 page https://www.suse.com/security/cve/CVE-2024-36979/ SUSE CVE CVE-2024-36979 page https://www.suse.com/security/cve/CVE-2024-38548/ SUSE CVE CVE-2024-38548 page https://www.suse.com/security/cve/CVE-2024-38563/ SUSE CVE CVE-2024-38563 page https://www.suse.com/security/cve/CVE-2024-38609/ SUSE CVE CVE-2024-38609 page https://www.suse.com/security/cve/CVE-2024-38662/ SUSE CVE CVE-2024-38662 page https://www.suse.com/security/cve/CVE-2024-39476/ SUSE CVE CVE-2024-39476 page https://www.suse.com/security/cve/CVE-2024-39483/ SUSE CVE CVE-2024-39483 page https://www.suse.com/security/cve/CVE-2024-39484/ SUSE CVE CVE-2024-39484 page https://www.suse.com/security/cve/CVE-2024-39486/ SUSE CVE CVE-2024-39486 page https://www.suse.com/security/cve/CVE-2024-39488/ SUSE CVE CVE-2024-39488 page https://www.suse.com/security/cve/CVE-2024-39489/ SUSE CVE CVE-2024-39489 page https://www.suse.com/security/cve/CVE-2024-39491/ SUSE CVE CVE-2024-39491 page https://www.suse.com/security/cve/CVE-2024-39493/ SUSE CVE CVE-2024-39493 page https://www.suse.com/security/cve/CVE-2024-39497/ SUSE CVE CVE-2024-39497 page https://www.suse.com/security/cve/CVE-2024-39499/ SUSE CVE CVE-2024-39499 page https://www.suse.com/security/cve/CVE-2024-39500/ SUSE CVE CVE-2024-39500 page https://www.suse.com/security/cve/CVE-2024-39501/ SUSE CVE CVE-2024-39501 page https://www.suse.com/security/cve/CVE-2024-39505/ SUSE CVE CVE-2024-39505 page https://www.suse.com/security/cve/CVE-2024-39506/ SUSE CVE CVE-2024-39506 page https://www.suse.com/security/cve/CVE-2024-39508/ SUSE CVE CVE-2024-39508 page https://www.suse.com/security/cve/CVE-2024-39509/ SUSE CVE CVE-2024-39509 page https://www.suse.com/security/cve/CVE-2024-39510/ SUSE CVE CVE-2024-39510 page https://www.suse.com/security/cve/CVE-2024-40899/ SUSE CVE CVE-2024-40899 page https://www.suse.com/security/cve/CVE-2024-40900/ SUSE CVE CVE-2024-40900 page https://www.suse.com/security/cve/CVE-2024-40902/ SUSE CVE CVE-2024-40902 page https://www.suse.com/security/cve/CVE-2024-40903/ SUSE CVE CVE-2024-40903 page https://www.suse.com/security/cve/CVE-2024-40904/ SUSE CVE CVE-2024-40904 page https://www.suse.com/security/cve/CVE-2024-40905/ SUSE CVE CVE-2024-40905 page https://www.suse.com/security/cve/CVE-2024-40909/ SUSE CVE CVE-2024-40909 page https://www.suse.com/security/cve/CVE-2024-40910/ SUSE CVE CVE-2024-40910 page https://www.suse.com/security/cve/CVE-2024-40911/ SUSE CVE CVE-2024-40911 page https://www.suse.com/security/cve/CVE-2024-40912/ SUSE CVE CVE-2024-40912 page https://www.suse.com/security/cve/CVE-2024-40913/ SUSE CVE CVE-2024-40913 page https://www.suse.com/security/cve/CVE-2024-40916/ SUSE CVE CVE-2024-40916 page https://www.suse.com/security/cve/CVE-2024-40920/ SUSE CVE CVE-2024-40920 page https://www.suse.com/security/cve/CVE-2024-40921/ SUSE CVE CVE-2024-40921 page https://www.suse.com/security/cve/CVE-2024-40922/ SUSE CVE CVE-2024-40922 page https://www.suse.com/security/cve/CVE-2024-40924/ SUSE CVE CVE-2024-40924 page https://www.suse.com/security/cve/CVE-2024-40926/ SUSE CVE CVE-2024-40926 page https://www.suse.com/security/cve/CVE-2024-40927/ SUSE CVE CVE-2024-40927 page https://www.suse.com/security/cve/CVE-2024-40929/ SUSE CVE CVE-2024-40929 page https://www.suse.com/security/cve/CVE-2024-40930/ SUSE CVE CVE-2024-40930 page https://www.suse.com/security/cve/CVE-2024-40932/ SUSE CVE CVE-2024-40932 page https://www.suse.com/security/cve/CVE-2024-40934/ SUSE CVE CVE-2024-40934 page https://www.suse.com/security/cve/CVE-2024-40936/ SUSE CVE CVE-2024-40936 page https://www.suse.com/security/cve/CVE-2024-40938/ SUSE CVE CVE-2024-40938 page https://www.suse.com/security/cve/CVE-2024-40939/ SUSE CVE CVE-2024-40939 page https://www.suse.com/security/cve/CVE-2024-40941/ SUSE CVE CVE-2024-40941 page https://www.suse.com/security/cve/CVE-2024-40942/ SUSE CVE CVE-2024-40942 page https://www.suse.com/security/cve/CVE-2024-40943/ SUSE CVE CVE-2024-40943 page https://www.suse.com/security/cve/CVE-2024-40944/ SUSE CVE CVE-2024-40944 page https://www.suse.com/security/cve/CVE-2024-40945/ SUSE CVE CVE-2024-40945 page https://www.suse.com/security/cve/CVE-2024-40954/ SUSE CVE CVE-2024-40954 page https://www.suse.com/security/cve/CVE-2024-40956/ SUSE CVE CVE-2024-40956 page https://www.suse.com/security/cve/CVE-2024-40957/ SUSE CVE CVE-2024-40957 page https://www.suse.com/security/cve/CVE-2024-40958/ SUSE CVE CVE-2024-40958 page https://www.suse.com/security/cve/CVE-2024-40959/ SUSE CVE CVE-2024-40959 page https://www.suse.com/security/cve/CVE-2024-40962/ SUSE CVE CVE-2024-40962 page https://www.suse.com/security/cve/CVE-2024-40964/ SUSE CVE CVE-2024-40964 page https://www.suse.com/security/cve/CVE-2024-40967/ SUSE CVE CVE-2024-40967 page https://www.suse.com/security/cve/CVE-2024-40976/ SUSE CVE CVE-2024-40976 page https://www.suse.com/security/cve/CVE-2024-40977/ SUSE CVE CVE-2024-40977 page https://www.suse.com/security/cve/CVE-2024-40978/ SUSE CVE CVE-2024-40978 page https://www.suse.com/security/cve/CVE-2024-40981/ SUSE CVE CVE-2024-40981 page https://www.suse.com/security/cve/CVE-2024-40982/ SUSE CVE CVE-2024-40982 page https://www.suse.com/security/cve/CVE-2024-40984/ SUSE CVE CVE-2024-40984 page https://www.suse.com/security/cve/CVE-2024-40987/ SUSE CVE CVE-2024-40987 page https://www.suse.com/security/cve/CVE-2024-40988/ SUSE CVE CVE-2024-40988 page https://www.suse.com/security/cve/CVE-2024-40989/ SUSE CVE CVE-2024-40989 page https://www.suse.com/security/cve/CVE-2024-40990/ SUSE CVE CVE-2024-40990 page https://www.suse.com/security/cve/CVE-2024-40992/ SUSE CVE CVE-2024-40992 page https://www.suse.com/security/cve/CVE-2024-40994/ SUSE CVE CVE-2024-40994 page https://www.suse.com/security/cve/CVE-2024-40995/ SUSE CVE CVE-2024-40995 page https://www.suse.com/security/cve/CVE-2024-40997/ SUSE CVE CVE-2024-40997 page https://www.suse.com/security/cve/CVE-2024-41000/ SUSE CVE CVE-2024-41000 page https://www.suse.com/security/cve/CVE-2024-41001/ SUSE CVE CVE-2024-41001 page https://www.suse.com/security/cve/CVE-2024-41002/ SUSE CVE CVE-2024-41002 page https://www.suse.com/security/cve/CVE-2024-41004/ SUSE CVE CVE-2024-41004 page https://www.suse.com/security/cve/CVE-2024-41007/ SUSE CVE CVE-2024-41007 page https://www.suse.com/security/cve/CVE-2024-41009/ SUSE CVE CVE-2024-41009 page https://www.suse.com/security/cve/CVE-2024-41010/ SUSE CVE CVE-2024-41010 page https://www.suse.com/security/cve/CVE-2024-41011/ SUSE CVE CVE-2024-41011 page https://www.suse.com/security/cve/CVE-2024-41012/ SUSE CVE CVE-2024-41012 page https://www.suse.com/security/cve/CVE-2024-41015/ SUSE CVE CVE-2024-41015 page https://www.suse.com/security/cve/CVE-2024-41016/ SUSE CVE CVE-2024-41016 page https://www.suse.com/security/cve/CVE-2024-41020/ SUSE CVE CVE-2024-41020 page https://www.suse.com/security/cve/CVE-2024-41022/ SUSE CVE CVE-2024-41022 page https://www.suse.com/security/cve/CVE-2024-41024/ SUSE CVE CVE-2024-41024 page https://www.suse.com/security/cve/CVE-2024-41025/ SUSE CVE CVE-2024-41025 page https://www.suse.com/security/cve/CVE-2024-41028/ SUSE CVE CVE-2024-41028 page https://www.suse.com/security/cve/CVE-2024-41032/ SUSE CVE CVE-2024-41032 page https://www.suse.com/security/cve/CVE-2024-41035/ SUSE CVE CVE-2024-41035 page https://www.suse.com/security/cve/CVE-2024-41036/ SUSE CVE CVE-2024-41036 page https://www.suse.com/security/cve/CVE-2024-41037/ SUSE CVE CVE-2024-41037 page https://www.suse.com/security/cve/CVE-2024-41038/ SUSE CVE CVE-2024-41038 page https://www.suse.com/security/cve/CVE-2024-41039/ SUSE CVE CVE-2024-41039 page https://www.suse.com/security/cve/CVE-2024-41040/ SUSE CVE CVE-2024-41040 page https://www.suse.com/security/cve/CVE-2024-41041/ SUSE CVE CVE-2024-41041 page https://www.suse.com/security/cve/CVE-2024-41044/ SUSE CVE CVE-2024-41044 page https://www.suse.com/security/cve/CVE-2024-41045/ SUSE CVE CVE-2024-41045 page https://www.suse.com/security/cve/CVE-2024-41048/ SUSE CVE CVE-2024-41048 page https://www.suse.com/security/cve/CVE-2024-41049/ SUSE CVE CVE-2024-41049 page https://www.suse.com/security/cve/CVE-2024-41050/ SUSE CVE CVE-2024-41050 page https://www.suse.com/security/cve/CVE-2024-41051/ SUSE CVE CVE-2024-41051 page https://www.suse.com/security/cve/CVE-2024-41056/ SUSE CVE CVE-2024-41056 page https://www.suse.com/security/cve/CVE-2024-41057/ SUSE CVE CVE-2024-41057 page https://www.suse.com/security/cve/CVE-2024-41058/ SUSE CVE CVE-2024-41058 page https://www.suse.com/security/cve/CVE-2024-41059/ SUSE CVE CVE-2024-41059 page https://www.suse.com/security/cve/CVE-2024-41060/ SUSE CVE CVE-2024-41060 page https://www.suse.com/security/cve/CVE-2024-41061/ SUSE CVE CVE-2024-41061 page https://www.suse.com/security/cve/CVE-2024-41062/ SUSE CVE CVE-2024-41062 page https://www.suse.com/security/cve/CVE-2024-41063/ SUSE CVE CVE-2024-41063 page https://www.suse.com/security/cve/CVE-2024-41064/ SUSE CVE CVE-2024-41064 page https://www.suse.com/security/cve/CVE-2024-41065/ SUSE CVE CVE-2024-41065 page https://www.suse.com/security/cve/CVE-2024-41066/ SUSE CVE CVE-2024-41066 page https://www.suse.com/security/cve/CVE-2024-41068/ SUSE CVE CVE-2024-41068 page https://www.suse.com/security/cve/CVE-2024-41069/ SUSE CVE CVE-2024-41069 page https://www.suse.com/security/cve/CVE-2024-41070/ SUSE CVE CVE-2024-41070 page https://www.suse.com/security/cve/CVE-2024-41071/ SUSE CVE CVE-2024-41071 page https://www.suse.com/security/cve/CVE-2024-41072/ SUSE CVE CVE-2024-41072 page https://www.suse.com/security/cve/CVE-2024-41073/ SUSE CVE CVE-2024-41073 page https://www.suse.com/security/cve/CVE-2024-41074/ SUSE CVE CVE-2024-41074 page https://www.suse.com/security/cve/CVE-2024-41075/ SUSE CVE CVE-2024-41075 page https://www.suse.com/security/cve/CVE-2024-41076/ SUSE CVE CVE-2024-41076 page https://www.suse.com/security/cve/CVE-2024-41078/ SUSE CVE CVE-2024-41078 page https://www.suse.com/security/cve/CVE-2024-41079/ SUSE CVE CVE-2024-41079 page https://www.suse.com/security/cve/CVE-2024-41080/ SUSE CVE CVE-2024-41080 page https://www.suse.com/security/cve/CVE-2024-41081/ SUSE CVE CVE-2024-41081 page https://www.suse.com/security/cve/CVE-2024-41084/ SUSE CVE CVE-2024-41084 page https://www.suse.com/security/cve/CVE-2024-41087/ SUSE CVE CVE-2024-41087 page https://www.suse.com/security/cve/CVE-2024-41088/ SUSE CVE CVE-2024-41088 page https://www.suse.com/security/cve/CVE-2024-41089/ SUSE CVE CVE-2024-41089 page https://www.suse.com/security/cve/CVE-2024-41092/ SUSE CVE CVE-2024-41092 page https://www.suse.com/security/cve/CVE-2024-41093/ SUSE CVE CVE-2024-41093 page https://www.suse.com/security/cve/CVE-2024-41094/ SUSE CVE CVE-2024-41094 page https://www.suse.com/security/cve/CVE-2024-41095/ SUSE CVE CVE-2024-41095 page https://www.suse.com/security/cve/CVE-2024-41096/ SUSE CVE CVE-2024-41096 page https://www.suse.com/security/cve/CVE-2024-41097/ SUSE CVE CVE-2024-41097 page https://www.suse.com/security/cve/CVE-2024-41098/ SUSE CVE CVE-2024-41098 page https://www.suse.com/security/cve/CVE-2024-42064/ SUSE CVE CVE-2024-42064 page https://www.suse.com/security/cve/CVE-2024-42069/ SUSE CVE CVE-2024-42069 page https://www.suse.com/security/cve/CVE-2024-42070/ SUSE CVE CVE-2024-42070 page https://www.suse.com/security/cve/CVE-2024-42073/ SUSE CVE CVE-2024-42073 page https://www.suse.com/security/cve/CVE-2024-42074/ SUSE CVE CVE-2024-42074 page https://www.suse.com/security/cve/CVE-2024-42076/ SUSE CVE CVE-2024-42076 page https://www.suse.com/security/cve/CVE-2024-42077/ SUSE CVE CVE-2024-42077 page https://www.suse.com/security/cve/CVE-2024-42079/ SUSE CVE CVE-2024-42079 page https://www.suse.com/security/cve/CVE-2024-42080/ SUSE CVE CVE-2024-42080 page https://www.suse.com/security/cve/CVE-2024-42082/ SUSE CVE CVE-2024-42082 page https://www.suse.com/security/cve/CVE-2024-42085/ SUSE CVE CVE-2024-42085 page https://www.suse.com/security/cve/CVE-2024-42086/ SUSE CVE CVE-2024-42086 page https://www.suse.com/security/cve/CVE-2024-42087/ SUSE CVE CVE-2024-42087 page https://www.suse.com/security/cve/CVE-2024-42089/ SUSE CVE CVE-2024-42089 page https://www.suse.com/security/cve/CVE-2024-42090/ SUSE CVE CVE-2024-42090 page https://www.suse.com/security/cve/CVE-2024-42092/ SUSE CVE CVE-2024-42092 page https://www.suse.com/security/cve/CVE-2024-42093/ SUSE CVE CVE-2024-42093 page https://www.suse.com/security/cve/CVE-2024-42095/ SUSE CVE CVE-2024-42095 page https://www.suse.com/security/cve/CVE-2024-42096/ SUSE CVE CVE-2024-42096 page https://www.suse.com/security/cve/CVE-2024-42097/ SUSE CVE CVE-2024-42097 page https://www.suse.com/security/cve/CVE-2024-42098/ SUSE CVE CVE-2024-42098 page https://www.suse.com/security/cve/CVE-2024-42101/ SUSE CVE CVE-2024-42101 page https://www.suse.com/security/cve/CVE-2024-42104/ SUSE CVE CVE-2024-42104 page https://www.suse.com/security/cve/CVE-2024-42105/ SUSE CVE CVE-2024-42105 page https://www.suse.com/security/cve/CVE-2024-42106/ SUSE CVE CVE-2024-42106 page https://www.suse.com/security/cve/CVE-2024-42107/ SUSE CVE CVE-2024-42107 page https://www.suse.com/security/cve/CVE-2024-42109/ SUSE CVE CVE-2024-42109 page https://www.suse.com/security/cve/CVE-2024-42110/ SUSE CVE CVE-2024-42110 page https://www.suse.com/security/cve/CVE-2024-42113/ SUSE CVE CVE-2024-42113 page https://www.suse.com/security/cve/CVE-2024-42114/ SUSE CVE CVE-2024-42114 page https://www.suse.com/security/cve/CVE-2024-42115/ SUSE CVE CVE-2024-42115 page https://www.suse.com/security/cve/CVE-2024-42117/ SUSE CVE CVE-2024-42117 page https://www.suse.com/security/cve/CVE-2024-42119/ SUSE CVE CVE-2024-42119 page https://www.suse.com/security/cve/CVE-2024-42120/ SUSE CVE CVE-2024-42120 page https://www.suse.com/security/cve/CVE-2024-42121/ SUSE CVE CVE-2024-42121 page https://www.suse.com/security/cve/CVE-2024-42122/ SUSE CVE CVE-2024-42122 page https://www.suse.com/security/cve/CVE-2024-42124/ SUSE CVE CVE-2024-42124 page https://www.suse.com/security/cve/CVE-2024-42125/ SUSE CVE CVE-2024-42125 page https://www.suse.com/security/cve/CVE-2024-42126/ SUSE CVE CVE-2024-42126 page https://www.suse.com/security/cve/CVE-2024-42127/ SUSE CVE CVE-2024-42127 page https://www.suse.com/security/cve/CVE-2024-42130/ SUSE CVE CVE-2024-42130 page https://www.suse.com/security/cve/CVE-2024-42131/ SUSE CVE CVE-2024-42131 page https://www.suse.com/security/cve/CVE-2024-42132/ SUSE CVE CVE-2024-42132 page https://www.suse.com/security/cve/CVE-2024-42133/ SUSE CVE CVE-2024-42133 page https://www.suse.com/security/cve/CVE-2024-42136/ SUSE CVE CVE-2024-42136 page https://www.suse.com/security/cve/CVE-2024-42137/ SUSE CVE CVE-2024-42137 page https://www.suse.com/security/cve/CVE-2024-42138/ SUSE CVE CVE-2024-42138 page https://www.suse.com/security/cve/CVE-2024-42139/ SUSE CVE CVE-2024-42139 page https://www.suse.com/security/cve/CVE-2024-42141/ SUSE CVE CVE-2024-42141 page https://www.suse.com/security/cve/CVE-2024-42142/ SUSE CVE CVE-2024-42142 page https://www.suse.com/security/cve/CVE-2024-42143/ SUSE CVE CVE-2024-42143 page https://www.suse.com/security/cve/CVE-2024-42144/ SUSE CVE CVE-2024-42144 page https://www.suse.com/security/cve/CVE-2024-42145/ SUSE CVE CVE-2024-42145 page https://www.suse.com/security/cve/CVE-2024-42147/ SUSE CVE CVE-2024-42147 page https://www.suse.com/security/cve/CVE-2024-42148/ SUSE CVE CVE-2024-42148 page https://www.suse.com/security/cve/CVE-2024-42152/ SUSE CVE CVE-2024-42152 page https://www.suse.com/security/cve/CVE-2024-42153/ SUSE CVE CVE-2024-42153 page https://www.suse.com/security/cve/CVE-2024-42155/ SUSE CVE CVE-2024-42155 page https://www.suse.com/security/cve/CVE-2024-42156/ SUSE CVE CVE-2024-42156 page https://www.suse.com/security/cve/CVE-2024-42157/ SUSE CVE CVE-2024-42157 page https://www.suse.com/security/cve/CVE-2024-42158/ SUSE CVE CVE-2024-42158 page https://www.suse.com/security/cve/CVE-2024-42159/ SUSE CVE CVE-2024-42159 page https://www.suse.com/security/cve/CVE-2024-42161/ SUSE CVE CVE-2024-42161 page https://www.suse.com/security/cve/CVE-2024-42162/ SUSE CVE CVE-2024-42162 page https://www.suse.com/security/cve/CVE-2024-42223/ SUSE CVE CVE-2024-42223 page https://www.suse.com/security/cve/CVE-2024-42224/ SUSE CVE CVE-2024-42224 page https://www.suse.com/security/cve/CVE-2024-42225/ SUSE CVE CVE-2024-42225 page https://www.suse.com/security/cve/CVE-2024-42226/ SUSE CVE CVE-2024-42226 page https://www.suse.com/security/cve/CVE-2024-42227/ SUSE CVE CVE-2024-42227 page https://www.suse.com/security/cve/CVE-2024-42228/ SUSE CVE CVE-2024-42228 page https://www.suse.com/security/cve/CVE-2024-42229/ SUSE CVE CVE-2024-42229 page https://www.suse.com/security/cve/CVE-2024-42230/ SUSE CVE CVE-2024-42230 page https://www.suse.com/security/cve/CVE-2024-42232/ SUSE CVE CVE-2024-42232 page https://www.suse.com/security/cve/CVE-2024-42236/ SUSE CVE CVE-2024-42236 page https://www.suse.com/security/cve/CVE-2024-42237/ SUSE CVE CVE-2024-42237 page https://www.suse.com/security/cve/CVE-2024-42238/ SUSE CVE CVE-2024-42238 page https://www.suse.com/security/cve/CVE-2024-42239/ SUSE CVE CVE-2024-42239 page https://www.suse.com/security/cve/CVE-2024-42240/ SUSE CVE CVE-2024-42240 page https://www.suse.com/security/cve/CVE-2024-42241/ SUSE CVE CVE-2024-42241 page https://www.suse.com/security/cve/CVE-2024-42244/ SUSE CVE CVE-2024-42244 page https://www.suse.com/security/cve/CVE-2024-42245/ SUSE CVE CVE-2024-42245 page https://www.suse.com/security/cve/CVE-2024-42246/ SUSE CVE CVE-2024-42246 page https://www.suse.com/security/cve/CVE-2024-42247/ SUSE CVE CVE-2024-42247 page https://www.suse.com/security/cve/CVE-2024-42250/ SUSE CVE CVE-2024-42250 page https://www.suse.com/security/cve/CVE-2024-42253/ SUSE CVE CVE-2024-42253 page https://www.suse.com/security/cve/CVE-2024-42259/ SUSE CVE CVE-2024-42259 page https://www.suse.com/security/cve/CVE-2024-42268/ SUSE CVE CVE-2024-42268 page https://www.suse.com/security/cve/CVE-2024-42269/ SUSE CVE CVE-2024-42269 page https://www.suse.com/security/cve/CVE-2024-42270/ SUSE CVE CVE-2024-42270 page https://www.suse.com/security/cve/CVE-2024-42271/ SUSE CVE CVE-2024-42271 page https://www.suse.com/security/cve/CVE-2024-42274/ SUSE CVE CVE-2024-42274 page https://www.suse.com/security/cve/CVE-2024-42276/ SUSE CVE CVE-2024-42276 page https://www.suse.com/security/cve/CVE-2024-42277/ SUSE CVE CVE-2024-42277 page https://www.suse.com/security/cve/CVE-2024-42278/ SUSE CVE CVE-2024-42278 page https://www.suse.com/security/cve/CVE-2024-42279/ SUSE CVE CVE-2024-42279 page https://www.suse.com/security/cve/CVE-2024-42280/ SUSE CVE CVE-2024-42280 page https://www.suse.com/security/cve/CVE-2024-42281/ SUSE CVE CVE-2024-42281 page https://www.suse.com/security/cve/CVE-2024-42283/ SUSE CVE CVE-2024-42283 page https://www.suse.com/security/cve/CVE-2024-42284/ SUSE CVE CVE-2024-42284 page https://www.suse.com/security/cve/CVE-2024-42285/ SUSE CVE CVE-2024-42285 page https://www.suse.com/security/cve/CVE-2024-42286/ SUSE CVE CVE-2024-42286 page https://www.suse.com/security/cve/CVE-2024-42287/ SUSE CVE CVE-2024-42287 page https://www.suse.com/security/cve/CVE-2024-42288/ SUSE CVE CVE-2024-42288 page https://www.suse.com/security/cve/CVE-2024-42289/ SUSE CVE CVE-2024-42289 page https://www.suse.com/security/cve/CVE-2024-42290/ SUSE CVE CVE-2024-42290 page https://www.suse.com/security/cve/CVE-2024-42291/ SUSE CVE CVE-2024-42291 page https://www.suse.com/security/cve/CVE-2024-42292/ SUSE CVE CVE-2024-42292 page https://www.suse.com/security/cve/CVE-2024-42295/ SUSE CVE CVE-2024-42295 page https://www.suse.com/security/cve/CVE-2024-42298/ SUSE CVE CVE-2024-42298 page https://www.suse.com/security/cve/CVE-2024-42301/ SUSE CVE CVE-2024-42301 page https://www.suse.com/security/cve/CVE-2024-42302/ SUSE CVE CVE-2024-42302 page https://www.suse.com/security/cve/CVE-2024-42303/ SUSE CVE CVE-2024-42303 page https://www.suse.com/security/cve/CVE-2024-42308/ SUSE CVE CVE-2024-42308 page https://www.suse.com/security/cve/CVE-2024-42309/ SUSE CVE CVE-2024-42309 page https://www.suse.com/security/cve/CVE-2024-42310/ SUSE CVE CVE-2024-42310 page https://www.suse.com/security/cve/CVE-2024-42311/ SUSE CVE CVE-2024-42311 page https://www.suse.com/security/cve/CVE-2024-42312/ SUSE CVE CVE-2024-42312 page https://www.suse.com/security/cve/CVE-2024-42313/ SUSE CVE CVE-2024-42313 page https://www.suse.com/security/cve/CVE-2024-42314/ SUSE CVE CVE-2024-42314 page https://www.suse.com/security/cve/CVE-2024-42315/ SUSE CVE CVE-2024-42315 page https://www.suse.com/security/cve/CVE-2024-42316/ SUSE CVE CVE-2024-42316 page https://www.suse.com/security/cve/CVE-2024-42318/ SUSE CVE CVE-2024-42318 page https://www.suse.com/security/cve/CVE-2024-42319/ SUSE CVE CVE-2024-42319 page https://www.suse.com/security/cve/CVE-2024-42320/ SUSE CVE CVE-2024-42320 page https://www.suse.com/security/cve/CVE-2024-42322/ SUSE CVE CVE-2024-42322 page https://www.suse.com/security/cve/CVE-2024-43816/ SUSE CVE CVE-2024-43816 page https://www.suse.com/security/cve/CVE-2024-43817/ SUSE CVE CVE-2024-43817 page https://www.suse.com/security/cve/CVE-2024-43818/ SUSE CVE CVE-2024-43818 page https://www.suse.com/security/cve/CVE-2024-43819/ SUSE CVE CVE-2024-43819 page https://www.suse.com/security/cve/CVE-2024-43821/ SUSE CVE CVE-2024-43821 page https://www.suse.com/security/cve/CVE-2024-43823/ SUSE CVE CVE-2024-43823 page https://www.suse.com/security/cve/CVE-2024-43824/ SUSE CVE CVE-2024-43824 page https://www.suse.com/security/cve/CVE-2024-43825/ SUSE CVE CVE-2024-43825 page https://www.suse.com/security/cve/CVE-2024-43826/ SUSE CVE CVE-2024-43826 page https://www.suse.com/security/cve/CVE-2024-43829/ SUSE CVE CVE-2024-43829 page https://www.suse.com/security/cve/CVE-2024-43830/ SUSE CVE CVE-2024-43830 page https://www.suse.com/security/cve/CVE-2024-43831/ SUSE CVE CVE-2024-43831 page https://www.suse.com/security/cve/CVE-2024-43833/ SUSE CVE CVE-2024-43833 page https://www.suse.com/security/cve/CVE-2024-43834/ SUSE CVE CVE-2024-43834 page https://www.suse.com/security/cve/CVE-2024-43837/ SUSE CVE CVE-2024-43837 page https://www.suse.com/security/cve/CVE-2024-43839/ SUSE CVE CVE-2024-43839 page https://www.suse.com/security/cve/CVE-2024-43840/ SUSE CVE CVE-2024-43840 page https://www.suse.com/security/cve/CVE-2024-43841/ SUSE CVE CVE-2024-43841 page https://www.suse.com/security/cve/CVE-2024-43842/ SUSE CVE CVE-2024-43842 page https://www.suse.com/security/cve/CVE-2024-43846/ SUSE CVE CVE-2024-43846 page https://www.suse.com/security/cve/CVE-2024-43847/ SUSE CVE CVE-2024-43847 page https://www.suse.com/security/cve/CVE-2024-43849/ SUSE CVE CVE-2024-43849 page https://www.suse.com/security/cve/CVE-2024-43850/ SUSE CVE CVE-2024-43850 page https://www.suse.com/security/cve/CVE-2024-43851/ SUSE CVE CVE-2024-43851 page https://www.suse.com/security/cve/CVE-2024-43853/ SUSE CVE CVE-2024-43853 page https://www.suse.com/security/cve/CVE-2024-43854/ SUSE CVE CVE-2024-43854 page https://www.suse.com/security/cve/CVE-2024-43855/ SUSE CVE CVE-2024-43855 page https://www.suse.com/security/cve/CVE-2024-43856/ SUSE CVE CVE-2024-43856 page https://www.suse.com/security/cve/CVE-2024-43858/ SUSE CVE CVE-2024-43858 page https://www.suse.com/security/cve/CVE-2024-43860/ SUSE CVE CVE-2024-43860 page https://www.suse.com/security/cve/CVE-2024-43861/ SUSE CVE CVE-2024-43861 page https://www.suse.com/security/cve/CVE-2024-43863/ SUSE CVE CVE-2024-43863 page https://www.suse.com/security/cve/CVE-2024-43864/ SUSE CVE CVE-2024-43864 page https://www.suse.com/security/cve/CVE-2024-43866/ SUSE CVE CVE-2024-43866 page https://www.suse.com/security/cve/CVE-2024-43867/ SUSE CVE CVE-2024-43867 page https://www.suse.com/security/cve/CVE-2024-43871/ SUSE CVE CVE-2024-43871 page https://www.suse.com/security/cve/CVE-2024-43872/ SUSE CVE CVE-2024-43872 page https://www.suse.com/security/cve/CVE-2024-43873/ SUSE CVE CVE-2024-43873 page https://www.suse.com/security/cve/CVE-2024-43874/ SUSE CVE CVE-2024-43874 page https://www.suse.com/security/cve/CVE-2024-43875/ SUSE CVE CVE-2024-43875 page https://www.suse.com/security/cve/CVE-2024-43876/ SUSE CVE CVE-2024-43876 page https://www.suse.com/security/cve/CVE-2024-43877/ SUSE CVE CVE-2024-43877 page https://www.suse.com/security/cve/CVE-2024-43879/ SUSE CVE CVE-2024-43879 page https://www.suse.com/security/cve/CVE-2024-43880/ SUSE CVE CVE-2024-43880 page https://www.suse.com/security/cve/CVE-2024-43881/ SUSE CVE CVE-2024-43881 page https://www.suse.com/security/cve/CVE-2024-43882/ SUSE CVE CVE-2024-43882 page https://www.suse.com/security/cve/CVE-2024-43883/ SUSE CVE CVE-2024-43883 page https://www.suse.com/security/cve/CVE-2024-43884/ SUSE CVE CVE-2024-43884 page https://www.suse.com/security/cve/CVE-2024-43885/ SUSE CVE CVE-2024-43885 page https://www.suse.com/security/cve/CVE-2024-43889/ SUSE CVE CVE-2024-43889 page https://www.suse.com/security/cve/CVE-2024-43892/ SUSE CVE CVE-2024-43892 page https://www.suse.com/security/cve/CVE-2024-43893/ SUSE CVE CVE-2024-43893 page https://www.suse.com/security/cve/CVE-2024-43894/ SUSE CVE CVE-2024-43894 page https://www.suse.com/security/cve/CVE-2024-43895/ SUSE CVE CVE-2024-43895 page https://www.suse.com/security/cve/CVE-2024-43897/ SUSE CVE CVE-2024-43897 page https://www.suse.com/security/cve/CVE-2024-43899/ SUSE CVE CVE-2024-43899 page https://www.suse.com/security/cve/CVE-2024-43900/ SUSE CVE CVE-2024-43900 page https://www.suse.com/security/cve/CVE-2024-43902/ SUSE CVE CVE-2024-43902 page https://www.suse.com/security/cve/CVE-2024-43903/ SUSE CVE CVE-2024-43903 page https://www.suse.com/security/cve/CVE-2024-43905/ SUSE CVE CVE-2024-43905 page https://www.suse.com/security/cve/CVE-2024-43906/ SUSE CVE CVE-2024-43906 page https://www.suse.com/security/cve/CVE-2024-43907/ SUSE CVE CVE-2024-43907 page https://www.suse.com/security/cve/CVE-2024-43908/ SUSE CVE CVE-2024-43908 page https://www.suse.com/security/cve/CVE-2024-43909/ SUSE CVE CVE-2024-43909 page https://www.suse.com/security/cve/CVE-2024-43911/ SUSE CVE CVE-2024-43911 page https://www.suse.com/security/cve/CVE-2024-43912/ SUSE CVE CVE-2024-43912 page https://www.suse.com/security/cve/CVE-2024-44931/ SUSE CVE CVE-2024-44931 page https://www.suse.com/security/cve/CVE-2024-44938/ SUSE CVE CVE-2024-44938 page https://www.suse.com/security/cve/CVE-2024-44939/ SUSE CVE CVE-2024-44939 page SUSE Linux Enterprise Live Patching 15 SP6 SUSE Real Time Module 15 SP6 openSUSE Leap 15.6 cluster-md-kmp-rt-6.4.0-150600.10.8.3 dlm-kmp-rt-6.4.0-150600.10.8.3 gfs2-kmp-rt-6.4.0-150600.10.8.3 kernel-devel-rt-6.4.0-150600.10.8.3 kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 kernel-rt-6.4.0-150600.10.8.3 kernel-rt-devel-6.4.0-150600.10.8.3 kernel-rt-extra-6.4.0-150600.10.8.3 kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 kernel-rt-optional-6.4.0-150600.10.8.3 kernel-rt-vdso-6.4.0-150600.10.8.3 kernel-rt_debug-6.4.0-150600.10.8.3 kernel-rt_debug-devel-6.4.0-150600.10.8.3 kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 kernel-rt_debug-vdso-6.4.0-150600.10.8.3 kernel-source-rt-6.4.0-150600.10.8.3 kernel-syms-rt-6.4.0-150600.10.8.1 kselftests-kmp-rt-6.4.0-150600.10.8.3 ocfs2-kmp-rt-6.4.0-150600.10.8.3 reiserfs-kmp-rt-6.4.0-150600.10.8.3 kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 as a component of SUSE Linux Enterprise Live Patching 15 SP6 cluster-md-kmp-rt-6.4.0-150600.10.8.3 as a component of SUSE Real Time Module 15 SP6 dlm-kmp-rt-6.4.0-150600.10.8.3 as a component of SUSE Real Time Module 15 SP6 gfs2-kmp-rt-6.4.0-150600.10.8.3 as a component of SUSE Real Time Module 15 SP6 kernel-devel-rt-6.4.0-150600.10.8.3 as a component of SUSE Real Time Module 15 SP6 kernel-rt-6.4.0-150600.10.8.3 as a component of SUSE Real Time Module 15 SP6 kernel-rt-devel-6.4.0-150600.10.8.3 as a component of SUSE Real Time Module 15 SP6 kernel-rt_debug-6.4.0-150600.10.8.3 as a component of SUSE Real Time Module 15 SP6 kernel-rt_debug-devel-6.4.0-150600.10.8.3 as a component of SUSE Real Time Module 15 SP6 kernel-source-rt-6.4.0-150600.10.8.3 as a component of SUSE Real Time Module 15 SP6 kernel-syms-rt-6.4.0-150600.10.8.1 as a component of SUSE Real Time Module 15 SP6 ocfs2-kmp-rt-6.4.0-150600.10.8.3 as a component of SUSE Real Time Module 15 SP6 cluster-md-kmp-rt-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 dlm-kmp-rt-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 gfs2-kmp-rt-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-devel-rt-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-rt-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-rt-devel-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-rt-extra-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-rt-optional-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-rt-vdso-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-rt_debug-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-rt_debug-devel-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-rt_debug-vdso-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-source-rt-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 kernel-syms-rt-6.4.0-150600.10.8.1 as a component of openSUSE Leap 15.6 kselftests-kmp-rt-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 ocfs2-kmp-rt-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 reiserfs-kmp-rt-6.4.0-150600.10.8.3 as a component of openSUSE Leap 15.6 In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end pfn contains the device memory PFN's as well, the compaction triggered will try on the device memory PFN's too though they end up in NOP(because pfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When from other core, the section mappings are being removed for the ZONE_DEVICE region, that the PFN in question belongs to, on which compaction is currently being operated is resulting into the kernel crash with CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1]. compact_zone() memunmap_pages ------------- --------------- __pageblock_pfn_to_page ...... (a)pfn_valid(): valid_section()//return true (b)__remove_pages()-> sparse_remove_section()-> section_deactivate(): [Free the array ms->usage and set ms->usage = NULL] pfn_section_valid() [Access ms->usage which is NULL] NOTE: From the above it can be said that the race is reduced to between the pfn_valid()/pfn_section_valid() and the section deactivate with SPASEMEM_VMEMAP enabled. The commit b943f045a9af("mm/sparse: fix kernel crash with pfn_section_valid check") tried to address the same problem by clearing the SECTION_HAS_MEM_MAP with the expectation of valid_section() returns false thus ms->usage is not accessed. Fix this issue by the below steps: a) Clear SECTION_HAS_MEM_MAP before freeing the ->usage. b) RCU protected read side critical section will either return NULL when SECTION_HAS_MEM_MAP is cleared or can successfully access ->usage. c) Free the ->usage with kfree_rcu() and set ms->usage = NULL. No attempt will be made to access ->usage after this as the SECTION_HAS_MEM_MAP is cleared thus valid_section() return false. Thanks to David/Pavan for their inputs on this patch. [1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/ On Snapdragon SoC, with the mentioned memory configuration of PFN's as [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of issues daily while testing on a device farm. For this particular issue below is the log. Though the below log is not directly pointing to the pfn_section_valid(){ ms->usage;}, when we loaded this dump on T32 lauterbach tool, it is pointing. [ 540.578056] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 540.578068] Mem abort info: [ 540.578070] ESR = 0x0000000096000005 [ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits [ 540.578077] SET = 0, FnV = 0 [ 540.578080] EA = 0, S1PTW = 0 [ 540.578082] FSC = 0x05: level 1 translation fault [ 540.578085] Data abort info: [ 540.578086] ISV = 0, ISS = 0x00000005 [ 540.578088] CM = 0, WnR = 0 [ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--) [ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c [ 540.579454] lr : compact_zone+0x994/0x1058 [ 540.579460] sp : ffffffc03579b510 [ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c [ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640 [ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000 [ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140 [ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff [ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001 [ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440 [ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4 [ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000 ---truncated--- CVE-2023-52489 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52489.html CVE-2023-52489 https://bugzilla.suse.com/1221326 SUSE Bug 1221326 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switch to a new gc container structure. This never happens: u8 type will wrap before reaching the boundary and nft_trans_gc_space() always returns true. This means we recycle the initial gc container structure and lose track of the elements that came before. While at it, don't deref 'gc' after we've passed it to call_rcu. CVE-2023-52581 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52581.html CVE-2023-52581 https://bugzilla.suse.com/1220877 SUSE Bug 1220877 In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix lock ordering in btrfs_zone_activate() The btrfs CI reported a lockdep warning as follows by running generic generic/129. WARNING: possible circular locking dependency detected 6.7.0-rc5+ #1 Not tainted ------------------------------------------------------ kworker/u5:5/793427 is trying to acquire lock: ffff88813256d028 (&cache->lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x5e/0x130 but task is already holding lock: ffff88810a23a318 (&fs_info->zone_active_bgs_lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x34/0x130 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&fs_info->zone_active_bgs_lock){+.+.}-{2:2}: ... -> #0 (&cache->lock){+.+.}-{2:2}: ... This is because we take fs_info->zone_active_bgs_lock after a block_group's lock in btrfs_zone_activate() while doing the opposite in other places. Fix the issue by expanding the fs_info->zone_active_bgs_lock's critical section and taking it before a block_group's lock. CVE-2023-52668 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52668.html CVE-2023-52668 https://bugzilla.suse.com/1224690 SUSE Bug 1224690 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free the allocated resources. Currently it is not freeing the core pdev create resources. Avoid this issue by calling the core pdev destroy in the error handler of core rfkill config. Found this issue in the code review and it is compile tested only. CVE-2023-52688 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52688.html CVE-2023-52688 https://bugzilla.suse.com/1224631 SUSE Bug 1224631 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2023-52756 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52756.html CVE-2023-52756 https://bugzilla.suse.com/1225461 SUSE Bug 1225461 In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Do not loop over ring headers in hci_dma_irq_handler() that are not allocated and enabled in hci_dma_init(). Otherwise out of bounds access will occur from rings->headers[i] access when i >= number of allocated ring headers. CVE-2023-52766 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52766.html CVE-2023-52766 https://bugzilla.suse.com/1230620 SUSE Bug 1230620 In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Compile tested only. CVE-2023-52800 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52800.html CVE-2023-52800 https://bugzilla.suse.com/1230600 SUSE Bug 1230600 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2023-52802 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52802.html CVE-2023-52802 https://bugzilla.suse.com/1225474 SUSE Bug 1225474 In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, the pmu context may not been allocated. The error handing will call cpuhp_state_remove_instance() to call uncore pmu offline callback, which migrate the pmu context. Since that's liable to lead to some kind of use-after-free. Use cpuhp_state_remove_instance_nocalls() instead of cpuhp_state_remove_instance() so that the notifiers don't execute after the PMU device has been failed to register. CVE-2023-52859 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52859.html CVE-2023-52859 https://bugzilla.suse.com/1225582 SUSE Bug 1225582 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed listener svc_sock in sk_user_data which cloning from parent. In the race window, if data is received on the newsock, we will observe use-after-free report in svc_tcp_listen_data_ready(). Reproduce by two tasks: 1. while :; do rpc.nfsd 0 ; rpc.nfsd; done 2. while :; do echo "" | ncat -4 127.0.0.1 2049 ; done KASAN report: ================================================================== BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc] Read of size 8 at addr ffff888139d96228 by task nc/102553 CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: <IRQ> dump_stack_lvl+0x33/0x50 print_address_description.constprop.0+0x27/0x310 print_report+0x3e/0x70 kasan_report+0xae/0xe0 svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc] tcp_data_queue+0x9f4/0x20e0 tcp_rcv_established+0x666/0x1f60 tcp_v4_do_rcv+0x51c/0x850 tcp_v4_rcv+0x23fc/0x2e80 ip_protocol_deliver_rcu+0x62/0x300 ip_local_deliver_finish+0x267/0x350 ip_local_deliver+0x18b/0x2d0 ip_rcv+0x2fb/0x370 __netif_receive_skb_one_core+0x166/0x1b0 process_backlog+0x24c/0x5e0 __napi_poll+0xa2/0x500 net_rx_action+0x854/0xc90 __do_softirq+0x1bb/0x5de do_softirq+0xcb/0x100 </IRQ> <TASK> ... </TASK> Allocated by task 102371: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x7b/0x90 svc_setup_socket+0x52/0x4f0 [sunrpc] svc_addsock+0x20d/0x400 [sunrpc] __write_ports_addfd+0x209/0x390 [nfsd] write_ports+0x239/0x2c0 [nfsd] nfsctl_transaction_write+0xac/0x110 [nfsd] vfs_write+0x1c3/0xae0 ksys_write+0xed/0x1c0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc Freed by task 102551: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x2a/0x50 __kasan_slab_free+0x106/0x190 __kmem_cache_free+0x133/0x270 svc_xprt_free+0x1e2/0x350 [sunrpc] svc_xprt_destroy_all+0x25a/0x440 [sunrpc] nfsd_put+0x125/0x240 [nfsd] nfsd_svc+0x2cb/0x3c0 [nfsd] write_threads+0x1ac/0x2a0 [nfsd] nfsctl_transaction_write+0xac/0x110 [nfsd] vfs_write+0x1c3/0xae0 ksys_write+0xed/0x1c0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc Fix the UAF by simply doing nothing in svc_tcp_listen_data_ready() if state != TCP_LISTEN, that will avoid dereferencing svsk for all child socket. CVE-2023-52885 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52885.html CVE-2023-52885 https://bugzilla.suse.com/1227750 SUSE Bug 1227750 https://bugzilla.suse.com/1227753 SUSE Bug 1227753 In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() Syzbot reported an out-of-bounds read in sysfs.c:read_descriptors(): BUG: KASAN: slab-out-of-bounds in read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Read of size 8 at addr ffff88801e78b8c8 by task udevd/5011 CPU: 0 PID: 5011 Comm: udevd Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351 print_report mm/kasan/report.c:462 [inline] kasan_report+0x11c/0x130 mm/kasan/report.c:572 read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 ... Allocated by task 758: ... __do_kmalloc_node mm/slab_common.c:966 [inline] __kmalloc+0x5e/0x190 mm/slab_common.c:979 kmalloc include/linux/slab.h:563 [inline] kzalloc include/linux/slab.h:680 [inline] usb_get_configuration+0x1f7/0x5170 drivers/usb/core/config.c:887 usb_enumerate_device drivers/usb/core/hub.c:2407 [inline] usb_new_device+0x12b0/0x19d0 drivers/usb/core/hub.c:2545 As analyzed by Khazhy Kumykov, the cause of this bug is a race between read_descriptors() and hub_port_init(): The first routine uses a field in udev->descriptor, not expecting it to change, while the second overwrites it. Prior to commit 45bf39f8df7f ("USB: core: Don't hold device lock while reading the "descriptors" sysfs file") this race couldn't occur, because the routines were mutually exclusive thanks to the device locking. Removing that locking from read_descriptors() exposed it to the race. The best way to fix the bug is to keep hub_port_init() from changing udev->descriptor once udev has been initialized and registered. Drivers expect the descriptors stored in the kernel to be immutable; we should not undermine this expectation. In fact, this change should have been made long ago. So now hub_port_init() will take an additional argument, specifying a buffer in which to store the device descriptor it reads. (If udev has not yet been initialized, the buffer pointer will be NULL and then hub_port_init() will store the device descriptor in udev as before.) This eliminates the data race responsible for the out-of-bounds read. The changes to hub_port_init() appear more extensive than they really are, because of indentation changes resulting from an attempt to avoid writing to other parts of the usb_device structure after it has been initialized. Similar changes should be made to the code that reads the BOS descriptor, but that can be handled in a separate patch later on. This patch is sufficient to fix the bug found by syzbot. CVE-2023-52886 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52886.html CVE-2023-52886 https://bugzilla.suse.com/1227981 SUSE Bug 1227981 In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new This patch enhances error handling in scenarios with RTS (Request to Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE backtraces with a new error handling method. This provides clearer error messages and allows for the early termination of problematic sessions. Previously, sessions were only released at the end of j1939_xtp_rx_rts(). Potentially this could be reproduced with something like: testj1939 -r vcan0:0x80 & while true; do # send first RTS cansend vcan0 18EC8090#1014000303002301; # send second RTS cansend vcan0 18EC8090#1014000303002301; # send abort cansend vcan0 18EC8090#ff00000000002301; done CVE-2023-52887 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52887.html CVE-2023-52887 https://bugzilla.suse.com/1228426 SUSE Bug 1228426 In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets with secmark set while an ICMP raw socket is being created. SK_CTX(sk)->label is updated in apparmor_socket_post_create(), but the packet is delivered to the socket before that, causing the null pointer dereference. Drop the packet if label context is not set. BUG: kernel NULL pointer dereference, address: 000000000000004c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020 RIP: 0010:aa_label_next_confined+0xb/0x40 Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2 RSP: 0018:ffffa92940003b08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002 R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0 PKRU: 55555554 Call Trace: <IRQ> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? exc_page_fault+0x7f/0x180 ? asm_exc_page_fault+0x26/0x30 ? aa_label_next_confined+0xb/0x40 apparmor_secmark_check+0xec/0x330 security_sock_rcv_skb+0x35/0x50 sk_filter_trim_cap+0x47/0x250 sock_queue_rcv_skb_reason+0x20/0x60 raw_rcv+0x13c/0x210 raw_local_deliver+0x1f3/0x250 ip_protocol_deliver_rcu+0x4f/0x2f0 ip_local_deliver_finish+0x76/0xa0 __netif_receive_skb_one_core+0x89/0xa0 netif_receive_skb+0x119/0x170 ? __netdev_alloc_skb+0x3d/0x140 vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] __napi_poll+0x28/0x1b0 net_rx_action+0x2a4/0x380 __do_softirq+0xd1/0x2c8 __irq_exit_rcu+0xbb/0xf0 common_interrupt+0x86/0xa0 </IRQ> <TASK> asm_common_interrupt+0x26/0x40 RIP: 0010:apparmor_socket_post_create+0xb/0x200 Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48 RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286 RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003 R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748 ? __pfx_apparmor_socket_post_create+0x10/0x10 security_socket_post_create+0x4b/0x80 __sock_create+0x176/0x1f0 __sys_socket+0x89/0x100 __x64_sys_socket+0x17/0x20 do_syscall_64+0x5d/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc CVE-2023-52889 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2023-52889.html CVE-2023-52889 https://bugzilla.suse.com/1229287 SUSE Bug 1229287 In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However, syzkaller can generate inconsistent crafted images that use an unsupported algorithmtype for specific inodes, e.g. use MicroLZMA algorithmtype even it's not set in `sbi->available_compr_algs`. This can lead to an unexpected "BUG: kernel NULL pointer dereference" if the corresponding decompressor isn't built-in. Fix this by checking against `sbi->available_compr_algs` for each m_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs preset bitmap is now fixed together since it was harmless previously. CVE-2024-26590 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26590.html CVE-2024-26590 https://bugzilla.suse.com/1220252 SUSE Bug 1220252 In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work idev->mc_ifc_count can be written over without proper locking. Originally found by syzbot [1], fix this issue by encapsulating calls to mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with mutex_lock() and mutex_unlock() accordingly as these functions should only be called with mc_lock per their declarations. [1] BUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work write to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0: mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline] ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725 addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949 addrconf_notify+0x310/0x980 notifier_call_chain kernel/notifier.c:93 [inline] raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461 __dev_notify_flags+0x205/0x3d0 dev_change_flags+0xab/0xd0 net/core/dev.c:8685 do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916 rtnl_group_changelink net/core/rtnetlink.c:3458 [inline] __rtnl_newlink net/core/rtnetlink.c:3717 [inline] rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754 rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558 netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910 ... write to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1: mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700 worker_thread+0x525/0x730 kernel/workqueue.c:2781 ... CVE-2024-26631 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26631.html CVE-2024-26631 https://bugzilla.suse.com/1221630 SUSE Bug 1221630 In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: rely on mac80211 debugfs handling for vif mac80211 started to delete debugfs entries in certain cases, causing a ath11k to crash when it tried to delete the entries later. Fix this by relying on mac80211 to delete the entries when appropriate and adding them from the vif_add_debugfs handler. CVE-2024-26637 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26637.html CVE-2024-26637 https://bugzilla.suse.com/1221652 SUSE Bug 1221652 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this rather than having incorrect ratelimit. CVE-2024-26668 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26668.html CVE-2024-26668 https://bugzilla.suse.com/1222335 SUSE Bug 1222335 In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload When a qdisc is deleted from a net device the stack instructs the underlying driver to remove its flow offload callback from the associated filter block using the 'FLOW_BLOCK_UNBIND' command. The stack then continues to replay the removal of the filters in the block for this driver by iterating over the chains in the block and invoking the 'reoffload' operation of the classifier being used. In turn, the classifier in its 'reoffload' operation prepares and emits a 'FLOW_CLS_DESTROY' command for each filter. However, the stack does not do the same for chain templates and the underlying driver never receives a 'FLOW_CLS_TMPLT_DESTROY' command when a qdisc is deleted. This results in a memory leak [1] which can be reproduced using [2]. Fix by introducing a 'tmplt_reoffload' operation and have the stack invoke it with the appropriate arguments as part of the replay. Implement the operation in the sole classifier that supports chain templates (flower) by emitting the 'FLOW_CLS_TMPLT_{CREATE,DESTROY}' command based on whether a flow offload callback is being bound to a filter block or being unbound from one. As far as I can tell, the issue happens since cited commit which reordered tcf_block_offload_unbind() before tcf_block_flush_all_chains() in __tcf_block_put(). The order cannot be reversed as the filter block is expected to be freed after flushing all the chains. [1] unreferenced object 0xffff888107e28800 (size 2048): comm "tc", pid 1079, jiffies 4294958525 (age 3074.287s) hex dump (first 32 bytes): b1 a6 7c 11 81 88 ff ff e0 5b b3 10 81 88 ff ff ..|......[...... 01 00 00 00 00 00 00 00 e0 aa b0 84 ff ff ff ff ................ backtrace: [<ffffffff81c06a68>] __kmem_cache_alloc_node+0x1e8/0x320 [<ffffffff81ab374e>] __kmalloc+0x4e/0x90 [<ffffffff832aec6d>] mlxsw_sp_acl_ruleset_get+0x34d/0x7a0 [<ffffffff832bc195>] mlxsw_sp_flower_tmplt_create+0x145/0x180 [<ffffffff832b2e1a>] mlxsw_sp_flow_block_cb+0x1ea/0x280 [<ffffffff83a10613>] tc_setup_cb_call+0x183/0x340 [<ffffffff83a9f85a>] fl_tmplt_create+0x3da/0x4c0 [<ffffffff83a22435>] tc_ctl_chain+0xa15/0x1170 [<ffffffff838a863c>] rtnetlink_rcv_msg+0x3cc/0xed0 [<ffffffff83ac87f0>] netlink_rcv_skb+0x170/0x440 [<ffffffff83ac6270>] netlink_unicast+0x540/0x820 [<ffffffff83ac6e28>] netlink_sendmsg+0x8d8/0xda0 [<ffffffff83793def>] ____sys_sendmsg+0x30f/0xa80 [<ffffffff8379d29a>] ___sys_sendmsg+0x13a/0x1e0 [<ffffffff8379d50c>] __sys_sendmsg+0x11c/0x1f0 [<ffffffff843b9ce0>] do_syscall_64+0x40/0xe0 unreferenced object 0xffff88816d2c0400 (size 1024): comm "tc", pid 1079, jiffies 4294958525 (age 3074.287s) hex dump (first 32 bytes): 40 00 00 00 00 00 00 00 57 f6 38 be 00 00 00 00 @.......W.8..... 10 04 2c 6d 81 88 ff ff 10 04 2c 6d 81 88 ff ff ..,m......,m.... backtrace: [<ffffffff81c06a68>] __kmem_cache_alloc_node+0x1e8/0x320 [<ffffffff81ab36c1>] __kmalloc_node+0x51/0x90 [<ffffffff81a8ed96>] kvmalloc_node+0xa6/0x1f0 [<ffffffff82827d03>] bucket_table_alloc.isra.0+0x83/0x460 [<ffffffff82828d2b>] rhashtable_init+0x43b/0x7c0 [<ffffffff832aed48>] mlxsw_sp_acl_ruleset_get+0x428/0x7a0 [<ffffffff832bc195>] mlxsw_sp_flower_tmplt_create+0x145/0x180 [<ffffffff832b2e1a>] mlxsw_sp_flow_block_cb+0x1ea/0x280 [<ffffffff83a10613>] tc_setup_cb_call+0x183/0x340 [<ffffffff83a9f85a>] fl_tmplt_create+0x3da/0x4c0 [<ffffffff83a22435>] tc_ctl_chain+0xa15/0x1170 [<ffffffff838a863c>] rtnetlink_rcv_msg+0x3cc/0xed0 [<ffffffff83ac87f0>] netlink_rcv_skb+0x170/0x440 [<ffffffff83ac6270>] netlink_unicast+0x540/0x820 [<ffffffff83ac6e28>] netlink_sendmsg+0x8d8/0xda0 [<ffffffff83793def>] ____sys_sendmsg+0x30f/0xa80 [2] # tc qdisc add dev swp1 clsact # tc chain add dev swp1 ingress proto ip chain 1 flower dst_ip 0.0.0.0/32 # tc qdisc del dev ---truncated--- CVE-2024-26669 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26669.html CVE-2024-26669 https://bugzilla.suse.com/1222350 SUSE Bug 1222350 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference. CVE-2024-26677 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26677.html CVE-2024-26677 https://bugzilla.suse.com/1222387 SUSE Bug 1222387 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: improve CSA/ECSA connection refusal As mentioned in the previous commit, we pretty quickly found that some APs have ECSA elements stuck in their probe response, so using that to not attempt to connect while CSA is happening we never connect to such an AP. Improve this situation by checking more carefully and ignoring the ECSA if cfg80211 has previously detected the ECSA element being stuck in the probe response. Additionally, allow connecting to an AP that's switching to a channel it's already using, unless it's using quiet mode. In this case, we may just have to adjust bandwidth later. If it's actually switching channels, it's better not to try to connect in the middle of that. CVE-2024-26682 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26682.html CVE-2024-26682 https://bugzilla.suse.com/1222433 SUSE Bug 1222433 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: detect stuck ECSA element in probe resp We recently added some validation that we don't try to connect to an AP that is currently in a channel switch process, since that might want the channel to be quiet or we might not be able to connect in time to hear the switching in a beacon. This was in commit c09c4f31998b ("wifi: mac80211: don't connect to an AP while it's in a CSA process"). However, we promptly got a report that this caused new connection failures, and it turns out that the AP that we now cannot connect to is permanently advertising an extended channel switch announcement, even with quiet. The AP in question was an Asus RT-AC53, with firmware 3.0.0.4.380_10760-g21a5898. As a first step, attempt to detect that we're dealing with such a situation, so mac80211 can use this later. CVE-2024-26683 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26683.html CVE-2024-26683 https://bugzilla.suse.com/1222434 SUSE Bug 1222434 In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family. CVE-2024-26735 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26735.html CVE-2024-26735 https://bugzilla.suse.com/1222372 SUSE Bug 1222372 In the Linux kernel, the following vulnerability has been resolved: md: Don't ignore suspended array in md_check_recovery() mddev_suspend() never stop sync_thread, hence it doesn't make sense to ignore suspended array in md_check_recovery(), which might cause sync_thread can't be unregistered. After commit f52f5c71f3d4 ("md: fix stopping sync thread"), following hang can be triggered by test shell/integrity-caching.sh: 1) suspend the array: raid_postsuspend mddev_suspend 2) stop the array: raid_dtr md_stop __md_stop_writes stop_sync_thread set_bit(MD_RECOVERY_INTR, &mddev->recovery); md_wakeup_thread_directly(mddev->sync_thread); wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery)) 3) sync thread done: md_do_sync set_bit(MD_RECOVERY_DONE, &mddev->recovery); md_wakeup_thread(mddev->thread); 4) daemon thread can't unregister sync thread: md_check_recovery if (mddev->suspended) return; -> return directly md_read_sync_thread clear_bit(MD_RECOVERY_RUNNING, &mddev->recovery); -> MD_RECOVERY_RUNNING can't be cleared, hence step 2 hang; This problem is not just related to dm-raid, fix it by ignoring suspended array in md_check_recovery(). And follow up patches will improve dm-raid better to frozen sync thread during suspend. CVE-2024-26758 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26758.html CVE-2024-26758 https://bugzilla.suse.com/1230341 SUSE Bug 1230341 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed integer types and null check locations [why]: issues fixed: - comparison with wider integer type in loop condition which can cause infinite loops - pointer dereference before null check CVE-2024-26767 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26767.html CVE-2024-26767 https://bugzilla.suse.com/1230339 SUSE Bug 1230339 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER event is reported, otherwise a stale reference to netdevice remains in the hook list. CVE-2024-26808 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26808.html CVE-2024-26808 https://bugzilla.suse.com/1222634 SUSE Bug 1222634 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix requires: 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol") which came after: 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path"). CVE-2024-26809 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26809.html CVE-2024-26809 https://bugzilla.suse.com/1222633 SUSE Bug 1222633 In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL context through the SET_IRQS ioctl or through unmask irqfd if the device interrupt is pending. Ideally this could be solved with some additional locking; the igate mutex serializes the ioctl and config space accesses, and the interrupt handler is unregistered relative to the trigger, but the irqfd path runs asynchronous to those. The igate mutex cannot be acquired from the atomic context of the eventfd wake function. Disabling the irqfd relative to the eventfd registration is potentially incompatible with existing userspace. As a result, the solution implemented here moves configuration of the INTx interrupt handler to track the lifetime of the INTx context object and irq_type configuration, rather than registration of a particular trigger eventfd. Synchronization is added between the ioctl path and eventfd_signal() wrapper such that the eventfd trigger can be dynamically updated relative to in-flight interrupts or irqfd callbacks. CVE-2024-26812 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26812.html CVE-2024-26812 https://bugzilla.suse.com/1222808 SUSE Bug 1222808 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: set dormant flag on hook register failure We need to set the dormant flag again if we fail to register the hooks. During memory pressure hook registration can fail and we end up with a table marked as active but no registered hooks. On table/base chain deletion, nf_tables will attempt to unregister the hook again which yields a warn splat from the nftables core. CVE-2024-26835 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26835.html CVE-2024-26835 https://bugzilla.suse.com/1222967 SUSE Bug 1222967 In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, generation of the list of MDB events to replay would race against the creation of new group memberships, either from the IGMP/MLD snooping logic or from user configuration. While new memberships are immediately visible to walkers of br->mdb_list, the notification of their existence to switchdev event subscribers is deferred until a later point in time. So if a replay list was generated during a time that overlapped with such a window, it would also contain a replay of the not-yet-delivered event. The driver would thus receive two copies of what the bridge internally considered to be one single event. On destruction of the bridge, only a single membership deletion event was therefore sent. As a consequence of this, drivers which reference count memberships (at least DSA), would be left with orphan groups in their hardware database when the bridge was destroyed. This is only an issue when replaying additions. While deletion events may still be pending on the deferred queue, they will already have been removed from br->mdb_list, so no duplicates can be generated in that scenario. To a user this meant that old group memberships, from a bridge in which a port was previously attached, could be reanimated (in hardware) when the port joined a new bridge, without the new bridge's knowledge. For example, on an mv88e6xxx system, create a snooping bridge and immediately add a port to it: root@infix-06-0b-00:~$ ip link add dev br0 up type bridge mcast_snooping 1 && \ > ip link set dev x3 up master br0 And then destroy the bridge: root@infix-06-0b-00:~$ ip link del dev br0 root@infix-06-0b-00:~$ mvls atu ADDRESS FID STATE Q F 0 1 2 3 4 5 6 7 8 9 a DEV:0 Marvell 88E6393X 33:33:00:00:00:6a 1 static - - 0 . . . . . . . . . . 33:33:ff:87:e4:3f 1 static - - 0 . . . . . . . . . . ff:ff:ff:ff:ff:ff 1 static - - 0 1 2 3 4 5 6 7 8 9 a root@infix-06-0b-00:~$ The two IPv6 groups remain in the hardware database because the port (x3) is notified of the host's membership twice: once via the original event and once via a replay. Since only a single delete notification is sent, the count remains at 1 when the bridge is destroyed. Then add the same port (or another port belonging to the same hardware domain) to a new bridge, this time with snooping disabled: root@infix-06-0b-00:~$ ip link add dev br1 up type bridge mcast_snooping 0 && \ > ip link set dev x3 up master br1 All multicast, including the two IPv6 groups from br0, should now be flooded, according to the policy of br1. But instead the old memberships are still active in the hardware database, causing the switch to only forward traffic to those groups towards the CPU (port 0). Eliminate the race in two steps: 1. Grab the write-side lock of the MDB while generating the replay list. This prevents new memberships from showing up while we are generating the replay list. But it leaves the scenario in which a deferred event was already generated, but not delivered, before we grabbed the lock. Therefore: 2. Make sure that no deferred version of a replay event is already enqueued to the switchdev deferred queue, before adding it to the replay list, when replaying additions. CVE-2024-26837 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26837.html CVE-2024-26837 https://bugzilla.suse.com/1222973 SUSE Bug 1222973 In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline] BUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline] BUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline] BUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631 nla_validate_range_unsigned lib/nlattr.c:222 [inline] nla_validate_int_range lib/nlattr.c:336 [inline] validate_nla lib/nlattr.c:575 [inline] ... The message in question matches this policy: [NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255), but because NLA_BE32 size in minlen array is 0, the validation code will read past the malformed (too small) attribute. Note: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing: those likely should be added too. CVE-2024-26849 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26849.html CVE-2024-26849 https://bugzilla.suse.com/1223053 SUSE Bug 1223053 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: Add protection for bmp length out of range UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts that are out of bounds for their data type. vmlinux get_bitmap(b=75) + 712 <net/netfilter/nf_conntrack_h323_asn1.c:0> vmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956 <net/netfilter/nf_conntrack_h323_asn1.c:592> vmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216 <net/netfilter/nf_conntrack_h323_asn1.c:814> vmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812 <net/netfilter/nf_conntrack_h323_asn1.c:576> vmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216 <net/netfilter/nf_conntrack_h323_asn1.c:814> vmlinux DecodeRasMessage() + 304 <net/netfilter/nf_conntrack_h323_asn1.c:833> vmlinux ras_help() + 684 <net/netfilter/nf_conntrack_h323_main.c:1728> vmlinux nf_confirm() + 188 <net/netfilter/nf_conntrack_proto.c:137> Due to abnormal data in skb->data, the extension bitmap length exceeds 32 when decoding ras message then uses the length to make a shift operation. It will change into negative after several loop. UBSAN load could detect a negative shift as an undefined behaviour and reports exception. So we add the protection to avoid the length exceeding 32. Or else it will return out of range error and stop decoding. CVE-2024-26851 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26851.html CVE-2024-26851 https://bugzilla.suse.com/1223074 SUSE Bug 1223074 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy. CVE-2024-26889 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26889.html CVE-2024-26889 https://bugzilla.suse.com/1228195 SUSE Bug 1228195 In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to allocate a snapshot instead of 0 (success). Unless that, it will register snapshot trigger without an error. CVE-2024-26920 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26920.html CVE-2024-26920 https://bugzilla.suse.com/1228237 SUSE Bug 1228237 In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async #PF workqueue when vCPU is being destroyed Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure that none of its workqueue callbacks is running when the last reference to the KVM _module_ is put. Gifting a reference to the associated VM prevents the workqueue callback from dereferencing freed vCPU/VM memory, but does not prevent the KVM module from being unloaded before the callback completes. Drop the misguided VM refcount gifting, as calling kvm_put_kvm() from async_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will result in deadlock. async_pf_execute() can't return until kvm_put_kvm() finishes, and kvm_put_kvm() can't return until async_pf_execute() finishes: WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm] Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Workqueue: events async_pf_execute [kvm] RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm] Call Trace: <TASK> async_pf_execute+0x198/0x260 [kvm] process_one_work+0x145/0x2d0 worker_thread+0x27e/0x3a0 kthread+0xba/0xe0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20 </TASK> ---[ end trace 0000000000000000 ]--- INFO: task kworker/8:1:251 blocked for more than 120 seconds. Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000 Workqueue: events async_pf_execute [kvm] Call Trace: <TASK> __schedule+0x33f/0xa40 schedule+0x53/0xc0 schedule_timeout+0x12a/0x140 __wait_for_common+0x8d/0x1d0 __flush_work.isra.0+0x19f/0x2c0 kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm] kvm_arch_destroy_vm+0x78/0x1b0 [kvm] kvm_put_kvm+0x1c1/0x320 [kvm] async_pf_execute+0x198/0x260 [kvm] process_one_work+0x145/0x2d0 worker_thread+0x27e/0x3a0 kthread+0xba/0xe0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20 </TASK> If kvm_clear_async_pf_completion_queue() actually flushes the workqueue, then there's no need to gift async_pf_execute() a reference because all invocations of async_pf_execute() will be forced to complete before the vCPU and its VM are destroyed/freed. And that in turn fixes the module unloading bug as __fput() won't do module_put() on the last vCPU reference until the vCPU has been freed, e.g. if closing the vCPU file also puts the last reference to the KVM module. Note that kvm_check_async_pf_completion() may also take the work item off the completion queue and so also needs to flush the work queue, as the work will not be seen by kvm_clear_async_pf_completion_queue(). Waiting on the workqueue could theoretically delay a vCPU due to waiting for the work to complete, but that's a very, very small chance, and likely a very small delay. kvm_arch_async_page_present_queued() unconditionally makes a new request, i.e. will effectively delay entering the guest, so the remaining work is really just: trace_kvm_async_pf_completed(addr, cr2_or_gpa); __kvm_vcpu_wake_up(vcpu); mmput(mm); and mmput() can't drop the last reference to the page tables if the vCPU is still alive, i.e. the vCPU won't get stuck tearing down page tables. Add a helper to do the flushing, specifically to deal with "wakeup all" work items, as they aren't actually work items, i.e. are never placed in a workqueue. Trying to flush a bogus workqueue entry rightly makes __flush_work() complain (kudos to whoever added that sanity check). Note, commit 5f6de5cbebee ("KVM: Prevent module exit until al ---truncated--- CVE-2024-26976 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-26976.html CVE-2024-26976 https://bugzilla.suse.com/1223635 SUSE Bug 1223635 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock deadlock. See trace below. [..... other info removed for brevity....] [ 82.890906] [ 82.890906] ============================================ [ 82.890906] WARNING: possible recursive locking detected [ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W [ 82.890906] -------------------------------------------- [ 82.890906] ping/418 is trying to acquire lock: [ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at: __dev_queue_xmit+0x1778/0x3550 [ 82.890906] [ 82.890906] but task is already holding lock: [ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at: __dev_queue_xmit+0x1778/0x3550 [ 82.890906] [ 82.890906] other info that might help us debug this: [ 82.890906] Possible unsafe locking scenario: [ 82.890906] [ 82.890906] CPU0 [ 82.890906] ---- [ 82.890906] lock(&sch->q.lock); [ 82.890906] lock(&sch->q.lock); [ 82.890906] [ 82.890906] *** DEADLOCK *** [ 82.890906] [..... other info removed for brevity....] Example setup (eth0->eth0) to recreate tc qdisc add dev eth0 root handle 1: htb default 30 tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth0 Another example(eth0->eth1->eth0) to recreate tc qdisc add dev eth0 root handle 1: htb default 30 tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth1 tc qdisc add dev eth1 root handle 1: htb default 30 tc filter add dev eth1 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth0 We fix this by adding an owner field (CPU id) to struct Qdisc set after root qdisc is entered. When the softirq enters it a second time, if the qdisc owner is the same CPU, the packet is dropped to break the loop. CVE-2024-27010 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-27010.html CVE-2024-27010 https://bugzilla.suse.com/1223720 SUSE Bug 1223720 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak in map from abort path The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abort path could result in restoring twice the refcount of the mapping. Check for inactive element in the next generation for the delete element command in the abort path, skip restoring state if next generation bit has been already cleared. This is similar to the activate logic using the set walk iterator. [ 6170.286929] ------------[ cut here ]------------ [ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.287071] Modules linked in: [...] [ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365 [ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f [ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202 [ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000 [ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750 [ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55 [ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10 [ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100 [ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000 [ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0 [ 6170.287962] Call Trace: [ 6170.287967] <TASK> [ 6170.287973] ? __warn+0x9f/0x1a0 [ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288092] ? report_bug+0x1b1/0x1e0 [ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288092] ? report_bug+0x1b1/0x1e0 [ 6170.288104] ? handle_bug+0x3c/0x70 [ 6170.288112] ? exc_invalid_op+0x17/0x40 [ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20 [ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables] [ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables] [ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables] CVE-2024-27011 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-27011.html CVE-2024-27011 https://bugzilla.suse.com/1223803 SUSE Bug 1223803 In the Linux kernel, the following vulnerability has been resolved: net/rds: fix WARNING in rds_conn_connect_if_down If connection isn't established yet, get_mr() will fail, trigger connection after get_mr(). CVE-2024-27024 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-27024.html CVE-2024-27024 https://bugzilla.suse.com/1223777 SUSE Bug 1223777 In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration. For this case, let's apply MT76_REMOVED flag to indicate the device was removed and do not run into the resource access anymore. CVE-2024-27049 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-27049.html CVE-2024-27049 https://bugzilla.suse.com/1223763 SUSE Bug 1223763 https://bugzilla.suse.com/1231063 SUSE Bug 1231063 In the Linux kernel, the following vulnerability has been resolved: libbpf: Use OPTS_SET() macro in bpf_xdp_query() When the feature_flags and xdp_zc_max_segs fields were added to the libbpf bpf_xdp_query_opts, the code writing them did not use the OPTS_SET() macro. This causes libbpf to write to those fields unconditionally, which means that programs compiled against an older version of libbpf (with a smaller size of the bpf_xdp_query_opts struct) will have its stack corrupted by libbpf writing out of bounds. The patch adding the feature_flags field has an early bail out if the feature_flags field is not part of the opts struct (via the OPTS_HAS) macro, but the patch adding xdp_zc_max_segs does not. For consistency, this fix just changes the assignments to both fields to use the OPTS_SET() macro. CVE-2024-27050 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-27050.html CVE-2024-27050 https://bugzilla.suse.com/1223767 SUSE Bug 1223767 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferred_attach mode. In this mode, info->domain may not yet be assigned by the time the release_device function is called. It leads to the following crash in the crash kernel: BUG: kernel NULL pointer dereference, address: 000000000000003c ... RIP: 0010:do_raw_spin_lock+0xa/0xa0 ... _raw_spin_lock_irqsave+0x1b/0x30 intel_iommu_release_device+0x96/0x170 iommu_deinit_device+0x39/0xf0 __iommu_group_remove_device+0xa0/0xd0 iommu_bus_notifier+0x55/0xb0 notifier_call_chain+0x5a/0xd0 blocking_notifier_call_chain+0x41/0x60 bus_notify+0x34/0x50 device_del+0x269/0x3d0 pci_remove_bus_device+0x77/0x100 p2sb_bar+0xae/0x1d0 ... i801_probe+0x423/0x740 Use the release_domain mechanism to fix it. The scalable mode context entry which is not part of release domain should be cleared in release_device(). CVE-2024-27079 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-27079.html CVE-2024-27079 https://bugzilla.suse.com/1223742 SUSE Bug 1223742 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_flow_offload: reset dst in route object after setting up flow dst is transferred to the flow object, route object does not own it anymore. Reset dst in route object, otherwise if flow_offload_add() fails, error path releases dst twice, leading to a refcount underflow. CVE-2024-27403 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-27403.html CVE-2024-27403 https://bugzilla.suse.com/1224415 SUSE Bug 1224415 In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() 'clk_data' is allocated with mtk_devm_alloc_clk_data(). So calling mtk_free_clk_data() explicitly in the remove function would lead to a double-free. Remove the redundant call. CVE-2024-27433 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-27433.html CVE-2024-27433 https://bugzilla.suse.com/1224711 SUSE Bug 1224711 In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disable auto-enable of exclusive INTx IRQ Currently for devices requiring masking at the irqchip for INTx, ie. devices without DisINTx support, the IRQ is enabled in request_irq() and subsequently disabled as necessary to align with the masked status flag. This presents a window where the interrupt could fire between these events, resulting in the IRQ incrementing the disable depth twice. This would be unrecoverable for a user since the masked flag prevents nested enables through vfio. Instead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx is never auto-enabled, then unmask as required. CVE-2024-27437 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-27437.html CVE-2024-27437 https://bugzilla.suse.com/1222625 SUSE Bug 1222625 In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the next instance of the interrupt being triggered on the original CPU. When the interrupt next triggers on the original CPU, the new affinity is enforced within __irq_move_irq(). A vector is allocated from the new CPU, but the old vector on the original CPU remains and is not immediately reclaimed. Instead, apicd->move_in_progress is flagged, and the reclaiming process is delayed until the next trigger of the interrupt on the new CPU. Upon the subsequent triggering of the interrupt on the new CPU, irq_complete_move() adds a task to the old CPU's vector_cleanup list if it remains online. Subsequently, the timer on the old CPU iterates over its vector_cleanup list, reclaiming old vectors. However, a rare scenario arises if the old CPU is outgoing before the interrupt triggers again on the new CPU. In that case irq_force_complete_move() is not invoked on the outgoing CPU to reclaim the old apicd->prev_vector because the interrupt isn't currently affine to the outgoing CPU, and irq_needs_fixup() returns false. Even though __vector_schedule_cleanup() is later called on the new CPU, it doesn't reclaim apicd->prev_vector; instead, it simply resets both apicd->move_in_progress and apicd->prev_vector to 0. As a result, the vector remains unreclaimed in vector_matrix, leading to a CPU vector leak. To address this issue, move the invocation of irq_force_complete_move() before the irq_needs_fixup() call to reclaim apicd->prev_vector, if the interrupt is currently or used to be affine to the outgoing CPU. Additionally, reclaim the vector in __vector_schedule_cleanup() as well, following a warning message, although theoretically it should never see apicd->move_in_progress with apicd->prev_cpu pointing to an offline CPU. CVE-2024-31076 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-31076.html CVE-2024-31076 https://bugzilla.suse.com/1226765 SUSE Bug 1226765 In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this task it accesses the entry pointed by 'ventry->entry', but this entry can be changed concurrently by the rehash delayed work, leading to a use-after-free [1]. Fix by closing the race and perform the activity query under the 'vregion->lock' mutex. [1] BUG: KASAN: slab-use-after-free in mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140 Read of size 8 at addr ffff8881054ed808 by task kworker/0:18/181 CPU: 0 PID: 181 Comm: kworker/0:18 Not tainted 6.9.0-rc2-custom-00781-gd5ab772d32f7 #2 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_rule_activity_update_work Call Trace: <TASK> dump_stack_lvl+0xc6/0x120 print_report+0xce/0x670 kasan_report+0xd7/0x110 mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140 mlxsw_sp_acl_rule_activity_update_work+0x219/0x400 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 1039: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc+0x19c/0x360 mlxsw_sp_acl_tcam_entry_create+0x7b/0x1f0 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x30d/0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 Freed by task 1039: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 poison_slab_object+0x102/0x170 __kasan_slab_free+0x14/0x30 kfree+0xc1/0x290 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3d7/0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 CVE-2024-35855 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-35855.html CVE-2024-35855 https://bugzilla.suse.com/1224694 SUSE Bug 1224694 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both commands are combined, this results in deleting a basechain while leaving its hook still registered in the core. CVE-2024-35897 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-35897.html CVE-2024-35897 https://bugzilla.suse.com/1224510 SUSE Bug 1224510 In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * The following call-sites pass a NULL cp argument to __rds_rdma_map() - rds_get_mr() - rds_get_mr_for_dest * Prior to the code above, the following assumes that cp may be NULL (which is indicative, but could itself be unnecessary) trans_private = rs->rs_transport->get_mr( sg, nents, rs, &mr->r_key, cp ? cp->cp_conn : NULL, args->vec.addr, args->vec.bytes, need_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED); * The code modified by this patch is guarded by IS_ERR(trans_private), where trans_private is assigned as per the previous point in this analysis. The only implementation of get_mr that I could locate is rds_ib_get_mr() which can return an ERR_PTR if the conn (4th) argument is NULL. * ret is set to PTR_ERR(trans_private). rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL. Thus ret may be -ENODEV in which case the code in question will execute. Conclusion: * cp may be NULL at the point where this patch adds a check; this patch does seem to address a possible bug CVE-2024-35902 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-35902.html CVE-2024-35902 https://bugzilla.suse.com/1224496 SUSE Bug 1224496 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF When we want to know whether we should look for the mac_id or the link_id in struct iwl_mvm_session_prot_notif, we should look at the version of SESSION_PROTECTION_NOTIF. This causes WARNINGs: WARNING: CPU: 0 PID: 11403 at drivers/net/wireless/intel/iwlwifi/mvm/time-event.c:959 iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] RIP: 0010:iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] Code: 00 49 c7 84 24 48 07 00 00 00 00 00 00 41 c6 84 24 78 07 00 00 ff 4c 89 f7 e8 e9 71 54 d9 e9 7d fd ff ff 0f 0b e9 23 fe ff ff <0f> 0b e9 1c fe ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffb4bb00003d40 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff9ae63a361000 RCX: ffff9ae4a98b60d4 RDX: ffff9ae4588499c0 RSI: 0000000000000305 RDI: ffff9ae4a98b6358 RBP: ffffb4bb00003d68 R08: 0000000000000003 R09: 0000000000000010 R10: ffffb4bb00003d00 R11: 000000000000000f R12: ffff9ae441399050 R13: ffff9ae4761329e8 R14: 0000000000000001 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9ae7af400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055fb75680018 CR3: 00000003dae32006 CR4: 0000000000f70ef0 PKRU: 55555554 Call Trace: <IRQ> ? show_regs+0x69/0x80 ? __warn+0x8d/0x150 ? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] ? report_bug+0x196/0x1c0 ? handle_bug+0x45/0x80 ? exc_invalid_op+0x1c/0xb0 ? asm_exc_invalid_op+0x1f/0x30 ? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] iwl_mvm_rx_common+0x115/0x340 [iwlmvm] iwl_mvm_rx_mq+0xa6/0x100 [iwlmvm] iwl_pcie_rx_handle+0x263/0xa10 [iwlwifi] iwl_pcie_napi_poll_msix+0x32/0xd0 [iwlwifi] CVE-2024-35913 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-35913.html CVE-2024-35913 https://bugzilla.suse.com/1224485 SUSE Bug 1224485 In the Linux kernel, the following vulnerability has been resolved: dma-direct: Leak pages on dma_set_decrypted() failure On TDX it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. DMA could free decrypted/shared pages if dma_set_decrypted() fails. This should be a rare case. Just leak the pages in this case instead of freeing them. CVE-2024-35939 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-35939.html CVE-2024-35939 https://bugzilla.suse.com/1224535 SUSE Bug 1224535 In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set on the header flags. This leaves a gap in our checking, because we could end up with corruption on disk where WRITTEN isn't set on the leaf, and then the extended leaf checks don't get run which we rely on to validate all of the item pointers to make sure we don't access memory outside of the extent buffer. However, since 732fab95abe2 ("btrfs: check-integrity: remove CONFIG_BTRFS_FS_CHECK_INTEGRITY option") we no longer call btrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only ever call it on blocks that are being written out, and thus have WRITTEN set, or that are being read in, which should have WRITTEN set. Add checks to make sure we have WRITTEN set appropriately, and then make sure __btrfs_check_leaf() always does the item checking. This will protect us from file systems that have been corrupted and no longer have WRITTEN set on some of the blocks. This was hit on a crafted image tweaking the WRITTEN bit and reported by KASAN as out-of-bound access in the eb accessors. The example is a dir item at the end of an eb. [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2 [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f] [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1 [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0 [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206 [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0 [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748 [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9 [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8 [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000 [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0 [2.621] Call Trace: [2.621] <TASK> [2.621] ? show_regs+0x74/0x80 [2.621] ? die_addr+0x46/0xc0 [2.621] ? exc_general_protection+0x161/0x2a0 [2.621] ? asm_exc_general_protection+0x26/0x30 [2.621] ? btrfs_get_16+0x33a/0x6d0 [2.621] ? btrfs_get_16+0x34b/0x6d0 [2.621] ? btrfs_get_16+0x33a/0x6d0 [2.621] ? __pfx_btrfs_get_16+0x10/0x10 [2.621] ? __pfx_mutex_unlock+0x10/0x10 [2.621] btrfs_match_dir_item_name+0x101/0x1a0 [2.621] btrfs_lookup_dir_item+0x1f3/0x280 [2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10 [2.621] btrfs_get_tree+0xd25/0x1910 [ copy more details from report ] CVE-2024-35949 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-35949.html CVE-2024-35949 https://bugzilla.suse.com/1224700 SUSE Bug 1224700 https://bugzilla.suse.com/1229273 SUSE Bug 1229273 In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [..] RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62 Call Trace: nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline] nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168 __in_dev_get_rcu() can return NULL, so check for this. CVE-2024-36270 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-36270.html CVE-2024-36270 https://bugzilla.suse.com/1226798 SUSE Bug 1226798 In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted net/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor.4/13427: #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline] #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471 #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline] #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172 stack backtrace: CPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712 nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline] nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397 nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline] instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172 rcu_do_batch kernel/rcu/tree.c:2196 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471 handle_softirqs+0x2d6/0x990 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 </IRQ> <TASK> CVE-2024-36286 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-36286.html CVE-2024-36286 https://bugzilla.suse.com/1226801 SUSE Bug 1226801 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages[] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f] CVE-2024-36288 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-36288.html CVE-2024-36288 https://bugzilla.suse.com/1226834 SUSE Bug 1226834 In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}. CPU0 CPU1 ----- ----- // In tls_init() // In tls_ctx_create() ctx = kzalloc() ctx->sk_proto = READ_ONCE(sk->sk_prot) -(1) // In update_sk_prot() WRITE_ONCE(sk->sk_prot, tls_prots) -(2) // In sock_common_setsockopt() READ_ONCE(sk->sk_prot)->setsockopt() // In tls_{setsockopt,getsockopt}() ctx->sk_proto->setsockopt() -(3) In the above scenario, when (1) and (2) are reordered, (3) can observe the NULL value of ctx->sk_proto, causing NULL dereference. To fix it, we rely on rcu_assign_pointer() which implies the release barrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is initialized, we can ensure that ctx->sk_proto are visible when changing sk->sk_prot. CVE-2024-36489 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-36489.html CVE-2024-36489 https://bugzilla.suse.com/1226874 SUSE Bug 1226874 In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover that too. This fixes a WARN trace. The only user visible side effect is the user can observe leftover wr-protect bits even if the user close()ed on an userfaultfd when releasing the last reference of it. However hopefully that should be harmless, and nothing bad should happen even if so. This change is now more important after the recent page-table-check patch we merged in mm-unstable (446dd9ad37d0 ("mm/page_table_check: support userfault wr-protect entries")), as we'll do sanity check on uffd-wp bits without vma context. So it's better if we can 100% guarantee no uffd-wp bit leftovers, to make sure each report will be valid. CVE-2024-36881 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-36881.html CVE-2024-36881 https://bugzilla.suse.com/1225718 SUSE Bug 1225718 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-36907 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-36907.html CVE-2024-36907 https://bugzilla.suse.com/1225751 SUSE Bug 1225751 In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in order to prevent a crash on a potential later call to skb_gso_segment. CVE-2024-36929 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-36929.html CVE-2024-36929 https://bugzilla.suse.com/1225814 SUSE Bug 1225814 In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols: ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP NSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner protocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls skb_mac_gso_segment() to invoke inner protocol GSO handlers. nsh_gso_segment() does the following for the original skb before calling skb_mac_gso_segment() 1. reset skb->network_header 2. save the original skb->{mac_heaeder,mac_len} in a local variable 3. pull the NSH header 4. resets skb->mac_header 5. set up skb->mac_len and skb->protocol for the inner protocol. and does the following for the segmented skb 6. set ntohs(ETH_P_NSH) to skb->protocol 7. push the NSH header 8. restore skb->mac_header 9. set skb->mac_header + mac_len to skb->network_header 10. restore skb->mac_len There are two problems in 6-7 and 8-9. (a) After 6 & 7, skb->data points to the NSH header, so the outer header (ETH_P_8021AD in this case) is stripped when skb is sent out of netdev. Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH), skb_pull() in the first nsh_gso_segment() will make skb->data point to the middle of the outer NSH or Ethernet header because the Ethernet header is not pulled by the second nsh_gso_segment(). (b) While restoring skb->{mac_header,network_header} in 8 & 9, nsh_gso_segment() does not assume that the data in the linear buffer is shifted. However, udp6_ufo_fragment() could shift the data and change skb->mac_header accordingly as demonstrated by syzbot. If this happens, even the restored skb->mac_header points to the middle of the outer header. It seems nsh_gso_segment() has never worked with outer headers so far. At the end of nsh_gso_segment(), the outer header must be restored for the segmented skb, instead of the NSH header. To do that, let's calculate the outer header position relatively from the inner header and set skb->{data,mac_header,protocol} properly. [0]: BUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline] BUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline] BUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668 ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline] ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668 ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222 __netdev_start_xmit include/linux/netdevice.h:4989 [inline] netdev_start_xmit include/linux/netdevice.h:5003 [inline] xmit_one net/core/dev.c:3547 [inline] dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563 __dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351 dev_queue_xmit include/linux/netdevice.h:3171 [inline] packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3081 [inline] packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook mm/slub.c:3819 [inline] slab_alloc_node mm/slub.c:3860 [inline] __do_kmalloc_node mm/slub.c:3980 [inline] __kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 __ ---truncated--- CVE-2024-36933 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-36933.html CVE-2024-36933 https://bugzilla.suse.com/1225832 SUSE Bug 1225832 In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning [0] triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least the initial commit 1da177e4c3f4 ("Linux-2.6.12-rc2"). Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs in net namespaces") converted the procfs to per-netns and made the problem more visible. Even when rpc_proc_register() fails, nfs_net_init() could succeed, and thus nfs_net_exit() will be called while destroying the netns. Then, remove_proc_entry() will be called for non-existing proc directory and trigger the warning below. Let's handle the error of rpc_proc_register() properly in nfs_net_init(). [0]: name 'nfs' WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711 Modules linked in: CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711 Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8 FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310 nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438 ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170 setup_net+0x46c/0x660 net/core/net_namespace.c:372 copy_net_ns+0x244/0x590 net/core/net_namespace.c:505 create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228 ksys_unshare+0x342/0x760 kernel/fork.c:3322 __do_sys_unshare kernel/fork.c:3393 [inline] __se_sys_unshare kernel/fork.c:3391 [inline] __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x46/0x4e RIP: 0033:0x7f30d0febe5d Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48 RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600 RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000 </TASK> CVE-2024-36939 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-36939.html CVE-2024-36939 https://bugzilla.suse.com/1225838 SUSE Bug 1225838 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use request_module_nowait This appears to work around a deadlock regression that came in with the LED merge in 6.9. The deadlock happens on my system with 24 iwlwifi radios, so maybe it something like all worker threads are busy and some work that needs to complete cannot complete. [also remove unnecessary "load_module" var and now-wrong comment] CVE-2024-36970 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-36970.html CVE-2024-36970 https://bugzilla.suse.com/1226127 SUSE Bug 1226127 In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path (br forward delay timer). Fix the rcu usage and also make sure we are not accessing freed memory by making br_mst_vlan_set_state use rcu read lock. [1] WARNING: suspicious RCU usage 6.9.0-rc6-syzkaller #0 Not tainted ----------------------------- net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage! ... stack backtrace: CPU: 1 PID: 8017 Comm: syz-executor.1 Not tainted 6.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712 nbp_vlan_group net/bridge/br_private.h:1599 [inline] br_mst_set_state+0x1ea/0x650 net/bridge/br_mst.c:105 br_set_state+0x28a/0x7b0 net/bridge/br_stp.c:47 br_forward_delay_timer_expired+0x176/0x440 net/bridge/br_stp_timer.c:88 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793 expire_timers kernel/time/timer.c:1844 [inline] __run_timers kernel/time/timer.c:2418 [inline] __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2429 run_timer_base kernel/time/timer.c:2438 [inline] run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2448 __do_softirq+0x2c6/0x980 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758 Code: 2b 00 74 08 4c 89 f7 e8 ba d1 84 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 RSP: 0018:ffffc90013657100 EFLAGS: 00000206 RAX: 0000000000000001 RBX: 1ffff920026cae2c RCX: 0000000000000001 RDX: dffffc0000000000 RSI: ffffffff8bcaca00 RDI: ffffffff8c1eaa60 RBP: ffffc90013657260 R08: ffffffff92efe507 R09: 1ffffffff25dfca0 R10: dffffc0000000000 R11: fffffbfff25dfca1 R12: 1ffff920026cae28 R13: dffffc0000000000 R14: ffffc90013657160 R15: 0000000000000246 CVE-2024-36979 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-36979.html CVE-2024-36979 https://bugzilla.suse.com/1226604 SUSE Bug 1226604 https://bugzilla.suse.com/1227369 SUSE Bug 1227369 In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it in drm_mode_set_name(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Fix this bug add a check of mhdp_state->current_mode. CVE-2024-38548 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-38548.html CVE-2024-38548 https://bugzilla.suse.com/1228202 SUSE Bug 1228202 In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Without this commit, reading chip temperature will cause memory leakage. CVE-2024-38563 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-38563.html CVE-2024-38563 https://bugzilla.suse.com/1226743 SUSE Bug 1226743 In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: connac: check for null before dereferencing The wcid can be NULL. It should be checked for validity before dereferencing it to avoid crash. CVE-2024-38609 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-38609.html CVE-2024-38609 https://bugzilla.suse.com/1226751 SUSE Bug 1226751 In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don't intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. From now on only BPF programs which were previously allowed to update sockmap/sockhash can delete from these map types. CVE-2024-38662 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-38662.html CVE-2024-38662 https://bugzilla.suse.com/1226885 SUSE Bug 1226885 In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Xiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with small possibility, the root cause is exactly the same as commit bed9e27baf52 ("Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"") However, Dan reported another hang after that, and junxiao investigated the problem and found out that this is caused by plugged bio can't issue from raid5d(). Current implementation in raid5d() has a weird dependence: 1) md_check_recovery() from raid5d() must hold 'reconfig_mutex' to clear MD_SB_CHANGE_PENDING; 2) raid5d() handles IO in a deadloop, until all IO are issued; 3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared; This behaviour is introduce before v2.6, and for consequence, if other context hold 'reconfig_mutex', and md_check_recovery() can't update super_block, then raid5d() will waste one cpu 100% by the deadloop, until 'reconfig_mutex' is released. Refer to the implementation from raid1 and raid10, fix this problem by skipping issue IO if MD_SB_CHANGE_PENDING is still set after md_check_recovery(), daemon thread will be woken up when 'reconfig_mutex' is released. Meanwhile, the hang problem will be fixed as well. CVE-2024-39476 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39476.html CVE-2024-39476 https://bugzilla.suse.com/1227437 SUSE Bug 1227437 In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked When requesting an NMI window, WARN on vNMI support being enabled if and only if NMIs are actually masked, i.e. if the vCPU is already handling an NMI. KVM's ABI for NMIs that arrive simultanesouly (from KVM's point of view) is to inject one NMI and pend the other. When using vNMI, KVM pends the second NMI simply by setting V_NMI_PENDING, and lets the CPU do the rest (hardware automatically sets V_NMI_BLOCKING when an NMI is injected). However, if KVM can't immediately inject an NMI, e.g. because the vCPU is in an STI shadow or is running with GIF=0, then KVM will request an NMI window and trigger the WARN (but still function correctly). Whether or not the GIF=0 case makes sense is debatable, as the intent of KVM's behavior is to provide functionality that is as close to real hardware as possible. E.g. if two NMIs are sent in quick succession, the probability of both NMIs arriving in an STI shadow is infinitesimally low on real hardware, but significantly larger in a virtual environment, e.g. if the vCPU is preempted in the STI shadow. For GIF=0, the argument isn't as clear cut, because the window where two NMIs can collide is much larger in bare metal (though still small). That said, KVM should not have divergent behavior for the GIF=0 case based on whether or not vNMI support is enabled. And KVM has allowed simultaneous NMIs with GIF=0 for over a decade, since commit 7460fb4a3400 ("KVM: Fix simultaneous NMIs"). I.e. KVM's GIF=0 handling shouldn't be modified without a *really* good reason to do so, and if KVM's behavior were to be modified, it should be done irrespective of vNMI support. CVE-2024-39483 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39483.html CVE-2024-39483 https://bugzilla.suse.com/1227494 SUSE Bug 1227494 In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callback being discarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g. using sysfs or hotplug), the driver is just removed without the cleanup being performed. This results in resource leaks. Fix it by compiling in the remove callback unconditionally. This also fixes a W=1 modpost warning: WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in reference: davinci_mmcsd_driver+0x10 (section: .data) -> davinci_mmcsd_remove (section: .exit.text) CVE-2024-39484 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39484.html CVE-2024-39484 https://bugzilla.suse.com/1227493 SUSE Bug 1227493 In the Linux kernel, the following vulnerability has been resolved: drm/drm_file: Fix pid refcounting race <maarten.lankhorst@linux.intel.com>, Maxime Ripard <mripard@kernel.org>, Thomas Zimmermann <tzimmermann@suse.de> filp->pid is supposed to be a refcounted pointer; however, before this patch, drm_file_update_pid() only increments the refcount of a struct pid after storing a pointer to it in filp->pid and dropping the dev->filelist_mutex, making the following race possible: process A process B ========= ========= begin drm_file_update_pid mutex_lock(&dev->filelist_mutex) rcu_replace_pointer(filp->pid, <pid B>, 1) mutex_unlock(&dev->filelist_mutex) begin drm_file_update_pid mutex_lock(&dev->filelist_mutex) rcu_replace_pointer(filp->pid, <pid A>, 1) mutex_unlock(&dev->filelist_mutex) get_pid(<pid A>) synchronize_rcu() put_pid(<pid B>) *** pid B reaches refcount 0 and is freed here *** get_pid(<pid B>) *** UAF *** synchronize_rcu() put_pid(<pid A>) As far as I know, this race can only occur with CONFIG_PREEMPT_RCU=y because it requires RCU to detect a quiescent state in code that is not explicitly calling into the scheduler. This race leads to use-after-free of a "struct pid". It is probably somewhat hard to hit because process A has to pass through a synchronize_rcu() operation while process B is between mutex_unlock() and get_pid(). Fix it by ensuring that by the time a pointer to the current task's pid is stored in the file, an extra reference to the pid has been taken. This fix also removes the condition for synchronize_rcu(); I think that optimization is unnecessary complexity, since in that case we would usually have bailed out on the lockless check above. CVE-2024-39486 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39486.html CVE-2024-39486 https://bugzilla.suse.com/1227492 SUSE Bug 1227492 In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY When CONFIG_DEBUG_BUGVERBOSE=n, we fail to add necessary padding bytes to bug_table entries, and as a result the last entry in a bug table will be ignored, potentially leading to an unexpected panic(). All prior entries in the table will be handled correctly. The arm64 ABI requires that struct fields of up to 8 bytes are naturally-aligned, with padding added within a struct such that struct are suitably aligned within arrays. When CONFIG_DEBUG_BUGVERPOSE=y, the layout of a bug_entry is: struct bug_entry { signed int bug_addr_disp; // 4 bytes signed int file_disp; // 4 bytes unsigned short line; // 2 bytes unsigned short flags; // 2 bytes } ... with 12 bytes total, requiring 4-byte alignment. When CONFIG_DEBUG_BUGVERBOSE=n, the layout of a bug_entry is: struct bug_entry { signed int bug_addr_disp; // 4 bytes unsigned short flags; // 2 bytes < implicit padding > // 2 bytes } ... with 8 bytes total, with 6 bytes of data and 2 bytes of trailing padding, requiring 4-byte alginment. When we create a bug_entry in assembly, we align the start of the entry to 4 bytes, which implicitly handles padding for any prior entries. However, we do not align the end of the entry, and so when CONFIG_DEBUG_BUGVERBOSE=n, the final entry lacks the trailing padding bytes. For the main kernel image this is not a problem as find_bug() doesn't depend on the trailing padding bytes when searching for entries: for (bug = __start___bug_table; bug < __stop___bug_table; ++bug) if (bugaddr == bug_addr(bug)) return bug; However for modules, module_bug_finalize() depends on the trailing bytes when calculating the number of entries: mod->num_bugs = sechdrs[i].sh_size / sizeof(struct bug_entry); ... and as the last bug_entry lacks the necessary padding bytes, this entry will not be counted, e.g. in the case of a single entry: sechdrs[i].sh_size == 6 sizeof(struct bug_entry) == 8; sechdrs[i].sh_size / sizeof(struct bug_entry) == 0; Consequently module_find_bug() will miss the last bug_entry when it does: for (i = 0; i < mod->num_bugs; ++i, ++bug) if (bugaddr == bug_addr(bug)) goto out; ... which can lead to a kenrel panic due to an unhandled bug. This can be demonstrated with the following module: static int __init buginit(void) { WARN(1, "hello\n"); return 0; } static void __exit bugexit(void) { } module_init(buginit); module_exit(bugexit); MODULE_LICENSE("GPL"); ... which will trigger a kernel panic when loaded: ------------[ cut here ]------------ hello Unexpected kernel BRK exception at EL1 Internal error: BRK handler: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: hello(O+) CPU: 0 PID: 50 Comm: insmod Tainted: G O 6.9.1 #8 Hardware name: linux,dummy-virt (DT) pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : buginit+0x18/0x1000 [hello] lr : buginit+0x18/0x1000 [hello] sp : ffff800080533ae0 x29: ffff800080533ae0 x28: 0000000000000000 x27: 0000000000000000 x26: ffffaba8c4e70510 x25: ffff800080533c30 x24: ffffaba8c4a28a58 x23: 0000000000000000 x22: 0000000000000000 x21: ffff3947c0eab3c0 x20: ffffaba8c4e3f000 x19: ffffaba846464000 x18: 0000000000000006 x17: 0000000000000000 x16: ffffaba8c2492834 x15: 0720072007200720 x14: 0720072007200720 x13: ffffaba8c49b27c8 x12: 0000000000000312 x11: 0000000000000106 x10: ffffaba8c4a0a7c8 x9 : ffffaba8c49b27c8 x8 : 00000000ffffefff x7 : ffffaba8c4a0a7c8 x6 : 80000000fffff000 x5 : 0000000000000107 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff3947c0eab3c0 Call trace: buginit+0x18/0x1000 [hello] do_one_initcall+0x80/0x1c8 do_init_module+0x60/0x218 load_module+0x1ba4/0x1d70 __do_sys_init_module+0x198/0x1d0 __arm64_sys_init_module+0x1c/0x28 invoke_syscall+0x48/0x114 el0_svc ---truncated--- CVE-2024-39488 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39488.html CVE-2024-39488 https://bugzilla.suse.com/1227618 SUSE Bug 1227618 In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6_hmac_exit to only free the memory when allocated, so we can reuse the code directly. CVE-2024-39489 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39489.html CVE-2024-39489 https://bugzilla.suse.com/1227623 SUSE Bug 1227623 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance The cs_dsp instance is initialized in the driver probe() so it should be freed in the driver remove(). Also fix a missing call to cs_dsp_remove() in the error path of cs35l56_hda_common_probe(). The call to cs_dsp_remove() was being done in the component unbind callback cs35l56_hda_unbind(). This meant that if the driver was unbound and then re-bound it would be using an uninitialized cs_dsp instance. It is best to initialize the cs_dsp instance in probe() so that it can return an error if it fails. The component binding API doesn't have any error handling so there's no way to handle a failure if cs_dsp was initialized in the bind. CVE-2024-39491 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39491.html CVE-2024-39491 https://bugzilla.suse.com/1227627 SUSE Bug 1227627 In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called wait_for_completion, resulting in another potential UAF. Fix this by making the caller use cancel_work_sync and then freeing the memory safely. CVE-2024-39493 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39493.html CVE-2024-39493 https://bugzilla.suse.com/1227620 SUSE Bug 1227620 In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) Lack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap allows users to call mmap with PROT_WRITE and MAP_PRIVATE flag causing a kernel panic due to BUG_ON in vmf_insert_pfn_prot: BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags)); Return -EINVAL early if COW mapping is detected. This bug affects all drm drivers using default shmem helpers. It can be reproduced by this simple example: void *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset); ptr[0] = 0; CVE-2024-39497 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39497.html CVE-2024-39497 https://bugzilla.suse.com/1227722 SUSE Bug 1227722 In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in event_deliver() Coverity spotted that event_msg is controlled by user-space, event_msg->event_data.event is passed to event_deliver() and used as an index without sanitization. This change ensures that the event index is sanitized to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Only compile tested, no access to HW. CVE-2024-39499 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39499.html CVE-2024-39499 https://bugzilla.suse.com/1227725 SUSE Bug 1227725 In the Linux kernel, the following vulnerability has been resolved: sock_map: avoid race between sock_map_close and sk_psock_put sk_psock_get will return NULL if the refcount of psock has gone to 0, which will happen when the last call of sk_psock_put is done. However, sk_psock_drop may not have finished yet, so the close callback will still point to sock_map_close despite psock being NULL. This can be reproduced with a thread deleting an element from the sock map, while the second one creates a socket, adds it to the map and closes it. That will trigger the WARN_ON_ONCE: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7220 at net/core/sock_map.c:1701 sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701 Modules linked in: CPU: 1 PID: 7220 Comm: syz-executor380 Not tainted 6.9.0-syzkaller-07726-g3c999d1ae3c7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701 Code: df e8 92 29 88 f8 48 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 79 29 88 f8 4c 8b 23 eb 89 e8 4f 15 23 f8 90 <0f> 0b 90 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 13 26 3d 02 RSP: 0018:ffffc9000441fda8 EFLAGS: 00010293 RAX: ffffffff89731ae1 RBX: ffffffff94b87540 RCX: ffff888029470000 RDX: 0000000000000000 RSI: ffffffff8bcab5c0 RDI: ffffffff8c1faba0 RBP: 0000000000000000 R08: ffffffff92f9b61f R09: 1ffffffff25f36c3 R10: dffffc0000000000 R11: fffffbfff25f36c4 R12: ffffffff89731840 R13: ffff88804b587000 R14: ffff88804b587000 R15: ffffffff89731870 FS: 000055555e080380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000207d4000 CR4: 0000000000350ef0 Call Trace: <TASK> unix_release+0x87/0xc0 net/unix/af_unix.c:1048 __sock_release net/socket.c:659 [inline] sock_close+0xbe/0x240 net/socket.c:1421 __fput+0x42b/0x8a0 fs/file_table.c:422 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1541 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb37d618070 Code: 00 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d4 e8 10 2c 00 00 80 3d 31 f0 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c RSP: 002b:00007ffcd4a525d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fb37d618070 RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000100000000 R09: 0000000100000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Use sk_psock, which will only check that the pointer is not been set to NULL yet, which should only happen after the callbacks are restored. If, then, a reference can still be gotten, we may call sk_psock_stop and cancel psock->work. As suggested by Paolo Abeni, reorder the condition so the control flow is less convoluted. After that change, the reproducer does not trigger the WARN_ON_ONCE anymore. CVE-2024-39500 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39500.html CVE-2024-39500 https://bugzilla.suse.com/1227724 SUSE Bug 1227724 In the Linux kernel, the following vulnerability has been resolved: drivers: core: synchronize really_probe() and dev_uevent() Synchronize the dev->driver usage in really_probe() and dev_uevent(). These can run in different threads, what can result in the following race condition for dev->driver uninitialization: Thread #1: ========== really_probe() { ... probe_failed: ... device_unbind_cleanup(dev) { ... dev->driver = NULL; // <= Failed probe sets dev->driver to NULL ... } ... } Thread #2: ========== dev_uevent() { ... if (dev->driver) // If dev->driver is NULLed from really_probe() from here on, // after above check, the system crashes add_uevent_var(env, "DRIVER=%s", dev->driver->name); ... } really_probe() holds the lock, already. So nothing needs to be done there. dev_uevent() is called with lock held, often, too. But not always. What implies that we can't add any locking in dev_uevent() itself. So fix this race by adding the lock to the non-protected path. This is the path where above race is observed: dev_uevent+0x235/0x380 uevent_show+0x10c/0x1f0 <= Add lock here dev_attr_show+0x3a/0xa0 sysfs_kf_seq_show+0x17c/0x250 kernfs_seq_show+0x7c/0x90 seq_read_iter+0x2d7/0x940 kernfs_fop_read_iter+0xc6/0x310 vfs_read+0x5bc/0x6b0 ksys_read+0xeb/0x1b0 __x64_sys_read+0x42/0x50 x64_sys_call+0x27ad/0x2d30 do_syscall_64+0xcd/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Similar cases are reported by syzkaller in https://syzkaller.appspot.com/bug?extid=ffa8143439596313a85a But these are regarding the *initialization* of dev->driver dev->driver = drv; As this switches dev->driver to non-NULL these reports can be considered to be false-positives (which should be "fixed" by this commit, as well, though). The same issue was reported and tried to be fixed back in 2015 in https://lore.kernel.org/lkml/1421259054-2574-1-git-send-email-a.sangwan@samsung.com/ already. CVE-2024-39501 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39501.html CVE-2024-39501 https://bugzilla.suse.com/1227754 SUSE Bug 1227754 In the Linux kernel, the following vulnerability has been resolved: drm/komeda: check for error-valued pointer komeda_pipeline_get_state() may return an error-valued pointer, thus check the pointer for negative or null value before dereferencing. CVE-2024-39505 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39505.html CVE-2024-39505 https://bugzilla.suse.com/1227728 SUSE Bug 1227728 In the Linux kernel, the following vulnerability has been resolved: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet In lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value, but then it is unconditionally passed to skb_add_rx_frag() which looks strange and could lead to null pointer dereference. lio_vf_rep_copy_packet() call trace looks like: octeon_droq_process_packets octeon_droq_fast_process_packets octeon_droq_dispatch_pkt octeon_create_recv_info ...search in the dispatch_list... ->disp_fn(rdisp->rinfo, ...) lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...) In this path there is no code which sets pg_info->page to NULL. So this check looks unneeded and doesn't solve potential problem. But I guess the author had reason to add a check and I have no such card and can't do real test. In addition, the code in the function liquidio_push_packet() in liquidio/lio_core.c does exactly the same. Based on this, I consider the most acceptable compromise solution to adjust this issue by moving skb_add_rx_frag() into conditional scope. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-39506 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39506.html CVE-2024-39506 https://bugzilla.suse.com/1227729 SUSE Bug 1227729 In the Linux kernel, the following vulnerability has been resolved: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags Utilize set_bit() and test_bit() on worker->flags within io_uring/io-wq to address potential data races. The structure io_worker->flags may be accessed through various data paths, leading to concurrency issues. When KCSAN is enabled, it reveals data races occurring in io_worker_handle_work and io_wq_activate_free_worker functions. BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28: io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569) io_wq_worker (io_uring/io-wq.c:?) <snip> read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5: io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285) io_wq_enqueue (io_uring/io-wq.c:947) io_queue_iowq (io_uring/io_uring.c:524) io_req_task_submit (io_uring/io_uring.c:1511) io_handle_tw_list (io_uring/io_uring.c:1198) <snip> Line numbers against commit 18daea77cca6 ("Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm"). These races involve writes and reads to the same memory location by different tasks running on different CPUs. To mitigate this, refactor the code to use atomic operations such as set_bit(), test_bit(), and clear_bit() instead of basic "and" and "or" operations. This ensures thread-safe manipulation of worker flags. Also, move `create_index` to avoid holes in the structure. CVE-2024-39508 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39508.html CVE-2024-39508 https://bugzilla.suse.com/1227732 SUSE Bug 1227732 In the Linux kernel, the following vulnerability has been resolved: HID: core: remove unnecessary WARN_ON() in implement() Syzkaller hit a warning [1] in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: ... value &= m; ... WARN_ON may be considered superfluous. Remove it to suppress future syzkaller triggers. [1] WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline] WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863 Modules linked in: CPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:implement drivers/hid/hid-core.c:1451 [inline] RIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863 ... Call Trace: <TASK> __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline] usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636 hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... CVE-2024-39509 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39509.html CVE-2024-39509 https://bugzilla.suse.com/1227733 SUSE Bug 1227733 In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0xb41/0xb60 Read of size 8 at addr ffff888122e84088 by task ondemand-04-dae/963 CPU: 13 PID: 963 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #564 Call Trace: kasan_report+0x93/0xc0 cachefiles_ondemand_daemon_read+0xb41/0xb60 vfs_read+0x169/0xb50 ksys_read+0xf5/0x1e0 Allocated by task 116: kmem_cache_alloc+0x140/0x3a0 cachefiles_lookup_cookie+0x140/0xcd0 fscache_cookie_state_machine+0x43c/0x1230 [...] Freed by task 792: kmem_cache_free+0xfe/0x390 cachefiles_put_object+0x241/0x480 fscache_cookie_state_machine+0x5c8/0x1230 [...] ================================================================== Following is the process that triggers the issue: mount | daemon_thread1 | daemon_thread2 ------------------------------------------------------------ cachefiles_withdraw_cookie cachefiles_ondemand_clean_object(object) cachefiles_ondemand_send_req REQ_A = kzalloc(sizeof(*req) + data_len) wait_for_completion(&REQ_A->done) cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req msg->object_id = req->object->ondemand->ondemand_id ------ restore ------ cachefiles_ondemand_restore xas_for_each(&xas, req, ULONG_MAX) xas_set_mark(&xas, CACHEFILES_REQ_NEW) cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req copy_to_user(_buffer, msg, n) xa_erase(&cache->reqs, id) complete(&REQ_A->done) ------ close(fd) ------ cachefiles_ondemand_fd_release cachefiles_put_object cachefiles_put_object kmem_cache_free(cachefiles_object_jar, object) REQ_A->object->ondemand->ondemand_id // object UAF !!! When we see the request within xa_lock, req->object must not have been freed yet, so grab the reference count of object before xa_unlock to avoid the above issue. CVE-2024-39510 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-39510.html CVE-2024-39510 https://bugzilla.suse.com/1227734 SUSE Bug 1227734 In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab0 Write of size 4 at addr ffff888109164a80 by task ondemand-04-dae/4962 CPU: 11 PID: 4962 Comm: ondemand-04-dae Not tainted 6.8.0-rc7-dirty #542 Call Trace: kasan_report+0x94/0xc0 cachefiles_ondemand_daemon_read+0x609/0xab0 vfs_read+0x169/0xb50 ksys_read+0xf5/0x1e0 Allocated by task 626: __kmalloc+0x1df/0x4b0 cachefiles_ondemand_send_req+0x24d/0x690 cachefiles_create_tmpfile+0x249/0xb30 cachefiles_create_file+0x6f/0x140 cachefiles_look_up_object+0x29c/0xa60 cachefiles_lookup_cookie+0x37d/0xca0 fscache_cookie_state_machine+0x43c/0x1230 [...] Freed by task 626: kfree+0xf1/0x2c0 cachefiles_ondemand_send_req+0x568/0x690 cachefiles_create_tmpfile+0x249/0xb30 cachefiles_create_file+0x6f/0x140 cachefiles_look_up_object+0x29c/0xa60 cachefiles_lookup_cookie+0x37d/0xca0 fscache_cookie_state_machine+0x43c/0x1230 [...] ================================================================== Following is the process that triggers the issue: mount | daemon_thread1 | daemon_thread2 ------------------------------------------------------------ cachefiles_ondemand_init_object cachefiles_ondemand_send_req REQ_A = kzalloc(sizeof(*req) + data_len) wait_for_completion(&REQ_A->done) cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req cachefiles_ondemand_get_fd copy_to_user(_buffer, msg, n) process_open_req(REQ_A) ------ restore ------ cachefiles_ondemand_restore xas_for_each(&xas, req, ULONG_MAX) xas_set_mark(&xas, CACHEFILES_REQ_NEW); cachefiles_daemon_read cachefiles_ondemand_daemon_read REQ_A = cachefiles_ondemand_select_req write(devfd, ("copen %u,%llu", msg->msg_id, size)); cachefiles_ondemand_copen xa_erase(&cache->reqs, id) complete(&REQ_A->done) kfree(REQ_A) cachefiles_ondemand_get_fd(REQ_A) fd = get_unused_fd_flags file = anon_inode_getfile fd_install(fd, file) load = (void *)REQ_A->msg.data; load->fd = fd; // load UAF !!! This issue is caused by issuing a restore command when the daemon is still alive, which results in a request being processed multiple times thus triggering a UAF. So to avoid this problem, add an additional reference count to cachefiles_req, which is held while waiting and reading, and then released when the waiting and reading is over. Note that since there is only one reference count for waiting, we need to avoid the same request being completed multiple times, so we can only complete the request if it is successfully removed from the xarray. CVE-2024-40899 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40899.html CVE-2024-40899 https://bugzilla.suse.com/1227758 SUSE Bug 1227758 In the Linux kernel, the following vulnerability has been resolved: cachefiles: remove requests from xarray during flushing requests Even with CACHEFILES_DEAD set, we can still read the requests, so in the following concurrency the request may be used after it has been freed: mount | daemon_thread1 | daemon_thread2 ------------------------------------------------------------ cachefiles_ondemand_init_object cachefiles_ondemand_send_req REQ_A = kzalloc(sizeof(*req) + data_len) wait_for_completion(&REQ_A->done) cachefiles_daemon_read cachefiles_ondemand_daemon_read // close dev fd cachefiles_flush_reqs complete(&REQ_A->done) kfree(REQ_A) xa_lock(&cache->reqs); cachefiles_ondemand_select_req req->msg.opcode != CACHEFILES_OP_READ // req use-after-free !!! xa_unlock(&cache->reqs); xa_destroy(&cache->reqs) Hence remove requests from cache->reqs when flushing them to avoid accessing freed requests. CVE-2024-40900 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40900.html CVE-2024-40900 https://bugzilla.suse.com/1227760 SUSE Bug 1227760 In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer. Fix this all up by properly restricting the size of the debug hex dump in the kernel log. CVE-2024-40902 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40902.html CVE-2024-40902 https://bugzilla.suse.com/1227764 SUSE Bug 1227764 In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps There could be a potential use-after-free case in tcpm_register_source_caps(). This could happen when: * new (say invalid) source caps are advertised * the existing source caps are unregistered * tcpm_register_source_caps() returns with an error as usb_power_delivery_register_capabilities() fails This causes port->partner_source_caps to hold on to the now freed source caps. Reset port->partner_source_caps value to NULL after unregistering existing source caps. CVE-2024-40903 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40903.html CVE-2024-40903 https://bugzilla.suse.com/1227766 SUSE Bug 1227766 In the Linux kernel, the following vulnerability has been resolved: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages The syzbot fuzzer found that the interrupt-URB completion callback in the cdc-wdm driver was taking too long, and the driver's immediate resubmission of interrupt URBs with -EPROTO status combined with the dummy-hcd emulation to cause a CPU lockup: cdc_wdm 1-1:1.0: nonzero urb status received: -71 cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625] CPU#0 Utilization every 4s during lockup: #1: 98% system, 0% softirq, 3% hardirq, 0% idle #2: 98% system, 0% softirq, 3% hardirq, 0% idle #3: 98% system, 0% softirq, 3% hardirq, 0% idle #4: 98% system, 0% softirq, 3% hardirq, 0% idle #5: 98% system, 1% softirq, 3% hardirq, 0% idle Modules linked in: irq event stamp: 73096 hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline] hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994 hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline] softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582 softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588 CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Testing showed that the problem did not occur if the two error messages -- the first two lines above -- were removed; apparently adding material to the kernel log takes a surprisingly large amount of time. In any case, the best approach for preventing these lockups and to avoid spamming the log with thousands of error messages per second is to ratelimit the two dev_err() calls. Therefore we replace them with dev_err_ratelimited(). CVE-2024-40904 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40904.html CVE-2024-40904 https://bugzilla.suse.com/1227772 SUSE Bug 1227772 In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in __fib6_drop_pcpu_from() syzbot found a race in __fib6_drop_pcpu_from() [1] If compiler reads more than once (*ppcpu_rt), second read could read NULL, if another cpu clears the value in rt6_get_pcpu_route(). Add a READ_ONCE() to prevent this race. Also add rcu_read_lock()/rcu_read_unlock() because we rely on RCU protection while dereferencing pcpu_rt. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: netns cleanup_net RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984 Code: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48 RSP: 0018:ffffc900040df070 EFLAGS: 00010206 RAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16 RDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091 RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007 R10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8 R13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline] fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline] fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038 fib6_del_route net/ipv6/ip6_fib.c:1998 [inline] fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043 fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205 fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127 fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175 fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255 __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271 rt6_sync_down_dev net/ipv6/route.c:4906 [inline] rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911 addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855 addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778 notifier_call_chain+0xb9/0x410 kernel/notifier.c:93 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992 call_netdevice_notifiers_extack net/core/dev.c:2030 [inline] call_netdevice_notifiers net/core/dev.c:2044 [inline] dev_close_many+0x333/0x6a0 net/core/dev.c:1585 unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193 unregister_netdevice_many net/core/dev.c:11276 [inline] default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759 ops_exit_list+0x128/0x180 net/core/net_namespace.c:178 cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 CVE-2024-40905 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40905.html CVE-2024-40905 https://bugzilla.suse.com/1227761 SUSE Bug 1227761 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free in bpf_link_free() After commit 1a80dbcb2dba, bpf_link can be freed by link->ops->dealloc_deferred, but the code still tests and uses link->ops->dealloc afterward, which leads to a use-after-free as reported by syzbot. Actually, one of them should be sufficient, so just call one of them instead of both. Also add a WARN_ON() in case of any problematic implementation. CVE-2024-40909 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40909.html CVE-2024-40909 https://bugzilla.suse.com/1227798 SUSE Bug 1227798 https://bugzilla.suse.com/1228349 SUSE Bug 1228349 In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount imbalance on inbound connections When releasing a socket in ax25_release(), we call netdev_put() to decrease the refcount on the associated ax.25 device. However, the execution path for accepting an incoming connection never calls netdev_hold(). This imbalance leads to refcount errors, and ultimately to kernel crashes. A typical call trace for the above situation will start with one of the following errors: refcount_t: decrement hit 0; leaking memory. refcount_t: underflow; use-after-free. And will then have a trace like: Call Trace: <TASK> ? show_regs+0x64/0x70 ? __warn+0x83/0x120 ? refcount_warn_saturate+0xb2/0x100 ? report_bug+0x158/0x190 ? prb_read_valid+0x20/0x30 ? handle_bug+0x3e/0x70 ? exc_invalid_op+0x1c/0x70 ? asm_exc_invalid_op+0x1f/0x30 ? refcount_warn_saturate+0xb2/0x100 ? refcount_warn_saturate+0xb2/0x100 ax25_release+0x2ad/0x360 __sock_release+0x35/0xa0 sock_close+0x19/0x20 [...] On reboot (or any attempt to remove the interface), the kernel gets stuck in an infinite loop: unregister_netdevice: waiting for ax0 to become free. Usage count = 0 This patch corrects these issues by ensuring that we call netdev_hold() and ax25_dev_hold() for new connections in ax25_accept(). This makes the logic leading to ax25_accept() match the logic for ax25_bind(): in both cases we increment the refcount, which is ultimately decremented in ax25_release(). CVE-2024-40910 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40910.html CVE-2024-40910 https://bugzilla.suse.com/1227832 SUSE Bug 1227832 https://bugzilla.suse.com/1227902 SUSE Bug 1227902 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Lock wiphy in cfg80211_get_station Wiphy should be locked before calling rdev_get_station() (see lockdep assert in ieee80211_get_station()). This fixes the following kernel NULL dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000003001000 [0000000000000050] pgd=0800000002dca003, p4d=0800000002dca003, pud=08000000028e9003, pmd=0000000000000000 Internal error: Oops: 0000000096000006 [#1] SMP Modules linked in: netconsole dwc3_meson_g12a dwc3_of_simple dwc3 ip_gre gre ath10k_pci ath10k_core ath9k ath9k_common ath9k_hw ath CPU: 0 PID: 1091 Comm: kworker/u8:0 Not tainted 6.4.0-02144-g565f9a3a7911-dirty #705 Hardware name: RPT (r1) (DT) Workqueue: bat_events batadv_v_elp_throughput_metric_update pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ath10k_sta_statistics+0x10/0x2dc [ath10k_core] lr : sta_set_sinfo+0xcc/0xbd4 sp : ffff000007b43ad0 x29: ffff000007b43ad0 x28: ffff0000071fa900 x27: ffff00000294ca98 x26: ffff000006830880 x25: ffff000006830880 x24: ffff00000294c000 x23: 0000000000000001 x22: ffff000007b43c90 x21: ffff800008898acc x20: ffff00000294c6e8 x19: ffff000007b43c90 x18: 0000000000000000 x17: 445946354d552d78 x16: 62661f7200000000 x15: 57464f445946354d x14: 0000000000000000 x13: 00000000000000e3 x12: d5f0acbcebea978e x11: 00000000000000e3 x10: 000000010048fe41 x9 : 0000000000000000 x8 : ffff000007b43d90 x7 : 000000007a1e2125 x6 : 0000000000000000 x5 : ffff0000024e0900 x4 : ffff800000a0250c x3 : ffff000007b43c90 x2 : ffff00000294ca98 x1 : ffff000006831920 x0 : 0000000000000000 Call trace: ath10k_sta_statistics+0x10/0x2dc [ath10k_core] sta_set_sinfo+0xcc/0xbd4 ieee80211_get_station+0x2c/0x44 cfg80211_get_station+0x80/0x154 batadv_v_elp_get_throughput+0x138/0x1fc batadv_v_elp_throughput_metric_update+0x1c/0xa4 process_one_work+0x1ec/0x414 worker_thread+0x70/0x46c kthread+0xdc/0xe0 ret_from_fork+0x10/0x20 Code: a9bb7bfd 910003fd a90153f3 f9411c40 (f9402814) This happens because STA has time to disconnect and reconnect before batadv_v_elp_throughput_metric_update() delayed work gets scheduled. In this situation, ath10k_sta_state() can be in the middle of resetting arsta data when the work queue get chance to be scheduled and ends up accessing it. Locking wiphy prevents that. CVE-2024-40911 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40911.html CVE-2024-40911 https://bugzilla.suse.com/1227792 SUSE Bug 1227792 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to synchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from softirq context. However using only spin_lock() to get sta->ps_lock in ieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute on this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to take this same lock ending in deadlock. Below is an example of rcu stall that arises in such situation. rcu: INFO: rcu_sched self-detected stall on CPU rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996 rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4) CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742 Hardware name: RPT (r1) (DT) pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : queued_spin_lock_slowpath+0x58/0x2d0 lr : invoke_tx_handlers_early+0x5b4/0x5c0 sp : ffff00001ef64660 x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8 x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000 x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000 x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000 x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80 x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440 x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880 x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8 Call trace: queued_spin_lock_slowpath+0x58/0x2d0 ieee80211_tx+0x80/0x12c ieee80211_tx_pending+0x110/0x278 tasklet_action_common.constprop.0+0x10c/0x144 tasklet_action+0x20/0x28 _stext+0x11c/0x284 ____do_softirq+0xc/0x14 call_on_irq_stack+0x24/0x34 do_softirq_own_stack+0x18/0x20 do_softirq+0x74/0x7c __local_bh_enable_ip+0xa0/0xa4 _ieee80211_wake_txqs+0x3b0/0x4b8 __ieee80211_wake_queue+0x12c/0x168 ieee80211_add_pending_skbs+0xec/0x138 ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480 ieee80211_mps_sta_status_update.part.0+0xd8/0x11c ieee80211_mps_sta_status_update+0x18/0x24 sta_apply_parameters+0x3bc/0x4c0 ieee80211_change_station+0x1b8/0x2dc nl80211_set_station+0x444/0x49c genl_family_rcv_msg_doit.isra.0+0xa4/0xfc genl_rcv_msg+0x1b0/0x244 netlink_rcv_skb+0x38/0x10c genl_rcv+0x34/0x48 netlink_unicast+0x254/0x2bc netlink_sendmsg+0x190/0x3b4 ____sys_sendmsg+0x1e8/0x218 ___sys_sendmsg+0x68/0x8c __sys_sendmsg+0x44/0x84 __arm64_sys_sendmsg+0x20/0x28 do_el0_svc+0x6c/0xe8 el0_svc+0x14/0x48 el0t_64_sync_handler+0xb0/0xb4 el0t_64_sync+0x14c/0x150 Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise on the same CPU that is holding the lock. CVE-2024-40912 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40912.html CVE-2024-40912 https://bugzilla.suse.com/1227790 SUSE Bug 1227790 In the Linux kernel, the following vulnerability has been resolved: cachefiles: defer exposing anon_fd until after copy_to_user() succeeds After installing the anonymous fd, we can now see it in userland and close it. However, at this point we may not have gotten the reference count of the cache, but we will put it during colse fd, so this may cause a cache UAF. So grab the cache reference count before fd_install(). In addition, by kernel convention, fd is taken over by the user land after fd_install(), and the kernel should not call close_fd() after that, i.e., it should call fd_install() after everything is ready, thus fd_install() is called after copy_to_user() succeeds. CVE-2024-40913 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40913.html CVE-2024-40913 https://bugzilla.suse.com/1227839 SUSE Bug 1227839 In the Linux kernel, the following vulnerability has been resolved: drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found When reading EDID fails and driver reports no modes available, the DRM core adds an artificial 1024x786 mode to the connector. Unfortunately some variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not able to drive such mode, so report a safe 640x480 mode instead of nothing in case of the EDID reading failure. This fixes the following issue observed on Trats2 board since commit 13d5b040363c ("drm/exynos: do not return negative values from .get_modes()"): [drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations exynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops) exynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops) exynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b) exynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops) exynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops) [drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1 exynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state panel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c exynos-mixer 12c10000.mixer: timeout waiting for VSYNC ------------[ cut here ]------------ WARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8 [CRTC:70:crtc-1] vblank wait timed out Modules linked in: CPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913 Hardware name: Samsung Exynos (Flattened Device Tree) Workqueue: events_unbound deferred_probe_work_func Call trace: unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x68/0x88 dump_stack_lvl from __warn+0x7c/0x1c4 __warn from warn_slowpath_fmt+0x11c/0x1a8 warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8 drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184 commit_tail from drm_atomic_helper_commit+0x168/0x190 drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0 drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40 drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4 __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c drm_fb_helper_set_par from fbcon_init+0x3d8/0x550 fbcon_init from visual_init+0xc0/0x108 visual_init from do_bind_con_driver+0x1b8/0x3a4 do_bind_con_driver from do_take_over_console+0x140/0x1ec do_take_over_console from do_fbcon_takeover+0x70/0xd0 do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac fbcon_fb_registered from register_framebuffer+0x190/0x21c register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574 __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0 exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94 drm_client_register from exynos_drm_bind+0x160/0x190 exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8 try_to_bring_up_aggregate_device from __component_add+0xb0/0x170 __component_add from mixer_probe+0x74/0xcc mixer_probe from platform_probe+0x5c/0xb8 platform_probe from really_probe+0xe0/0x3d8 really_probe from __driver_probe_device+0x9c/0x1e4 __driver_probe_device from driver_probe_device+0x30/0xc0 driver_probe_device from __device_attach_driver+0xa8/0x120 __device_attach_driver from bus_for_each_drv+0x80/0xcc bus_for_each_drv from __device_attach+0xac/0x1fc __device_attach from bus_probe_device+0x8c/0x90 bus_probe_device from deferred_probe_work_func+0 ---truncated--- CVE-2024-40916 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40916.html CVE-2024-40916 https://bugzilla.suse.com/1227846 SUSE Bug 1227846 In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state I converted br_mst_set_state to RCU to avoid a vlan use-after-free but forgot to change the vlan group dereference helper. Switch to vlan group RCU deref helper to fix the suspicious rcu usage warning. CVE-2024-40920 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40920.html CVE-2024-40920 https://bugzilla.suse.com/1227781 SUSE Bug 1227781 In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state Pass the already obtained vlan group pointer to br_mst_vlan_set_state() instead of dereferencing it again. Each caller has already correctly dereferenced it for their context. This change is required for the following suspicious RCU dereference fix. No functional changes intended. CVE-2024-40921 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40921.html CVE-2024-40921 https://bugzilla.suse.com/1227784 SUSE Bug 1227784 In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: don't lock while !TASK_RUNNING There is a report of io_rsrc_ref_quiesce() locking a mutex while not TASK_RUNNING, which is due to forgetting restoring the state back after io_run_task_work_sig() and attempts to break out of the waiting loop. do not call blocking ops when !TASK_RUNNING; state=1 set at [<ffffffff815d2494>] prepare_to_wait+0xa4/0x380 kernel/sched/wait.c:237 WARNING: CPU: 2 PID: 397056 at kernel/sched/core.c:10099 __might_sleep+0x114/0x160 kernel/sched/core.c:10099 RIP: 0010:__might_sleep+0x114/0x160 kernel/sched/core.c:10099 Call Trace: <TASK> __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0xb4/0x940 kernel/locking/mutex.c:752 io_rsrc_ref_quiesce+0x590/0x940 io_uring/rsrc.c:253 io_sqe_buffers_unregister+0xa2/0x340 io_uring/rsrc.c:799 __io_uring_register io_uring/register.c:424 [inline] __do_sys_io_uring_register+0x5b9/0x2400 io_uring/register.c:613 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd8/0x270 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6f/0x77 CVE-2024-40922 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40922.html CVE-2024-40922 https://bugzilla.suse.com/1227785 SUSE Bug 1227785 In the Linux kernel, the following vulnerability has been resolved: drm/i915/dpt: Make DPT object unshrinkable In some scenarios, the DPT object gets shrunk but the actual framebuffer did not and thus its still there on the DPT's vm->bound_list. Then it tries to rewrite the PTEs via a stale CPU mapping. This causes panic. [vsyrjala: Add TODO comment] (cherry picked from commit 51064d471c53dcc8eddd2333c3f1c1d9131ba36c) CVE-2024-40924 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40924.html CVE-2024-40924 https://bugzilla.suse.com/1227787 SUSE Bug 1227787 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: don't attempt to schedule hpd_work on headless cards If the card doesn't have display hardware, hpd_work and hpd_lock are left uninitialized which causes BUG when attempting to schedule hpd_work on runtime PM resume. Fix it by adding headless flag to DRM and skip any hpd if it's set. CVE-2024-40926 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40926.html CVE-2024-40926 https://bugzilla.suse.com/1227791 SUSE Bug 1227791 In the Linux kernel, the following vulnerability has been resolved: xhci: Handle TD clearing for multiple streams case When multiple streams are in use, multiple TDs might be in flight when an endpoint is stopped. We need to issue a Set TR Dequeue Pointer for each, to ensure everything is reset properly and the caches cleared. Change the logic so that any N>1 TDs found active for different streams are deferred until after the first one is processed, calling xhci_invalidate_cancelled_tds() again from xhci_handle_cmd_set_deq() to queue another command until we are done with all of them. Also change the error/"should never happen" paths to ensure we at least clear any affected TDs, even if we can't issue a command to clear the hardware cache, and complain loudly with an xhci_warn() if this ever happens. This problem case dates back to commit e9df17eb1408 ("USB: xhci: Correct assumptions about number of rings per endpoint.") early on in the XHCI driver's life, when stream support was first added. It was then identified but not fixed nor made into a warning in commit 674f8438c121 ("xhci: split handling halted endpoints into two steps"), which added a FIXME comment for the problem case (without materially changing the behavior as far as I can tell, though the new logic made the problem more obvious). Then later, in commit 94f339147fc3 ("xhci: Fix failure to give back some cached cancelled URBs."), it was acknowledged again. [Mathias: commit 94f339147fc3 ("xhci: Fix failure to give back some cached cancelled URBs.") was a targeted regression fix to the previously mentioned patch. Users reported issues with usb stuck after unmounting/disconnecting UAS devices. This rolled back the TD clearing of multiple streams to its original state.] Apparently the commit author was aware of the problem (yet still chose to submit it): It was still mentioned as a FIXME, an xhci_dbg() was added to log the problem condition, and the remaining issue was mentioned in the commit description. The choice of making the log type xhci_dbg() for what is, at this point, a completely unhandled and known broken condition is puzzling and unfortunate, as it guarantees that no actual users would see the log in production, thereby making it nigh undebuggable (indeed, even if you turn on DEBUG, the message doesn't really hint at there being a problem at all). It took me *months* of random xHC crashes to finally find a reliable repro and be able to do a deep dive debug session, which could all have been avoided had this unhandled, broken condition been actually reported with a warning, as it should have been as a bug intentionally left in unfixed (never mind that it shouldn't have been left in at all). > Another fix to solve clearing the caches of all stream rings with > cancelled TDs is needed, but not as urgent. 3 years after that statement and 14 years after the original bug was introduced, I think it's finally time to fix it. And maybe next time let's not leave bugs unfixed (that are actually worse than the original bug), and let's actually get people to review kernel commits please. Fixes xHC crashes and IOMMU faults with UAS devices when handling errors/faults. Easiest repro is to use `hdparm` to mark an early sector (e.g. 1024) on a disk as bad, then `cat /dev/sdX > /dev/null` in a loop. At least in the case of JMicron controllers, the read errors end up having to cancel two TDs (for two queued requests to different streams) and the one that didn't get cleared properly ends up faulting the xHC entirely when it tries to access DMA pages that have since been unmapped, referred to by the stale TDs. This normally happens quickly (after two or three loops). After this fix, I left the `cat` in a loop running overnight and experienced no xHC failures, with all read errors recovered properly. Repro'd and tested on an Apple M1 Mac Mini (dwc3 host). On systems without an IOMMU, this bug would instead silently corrupt freed memory, making this a ---truncated--- CVE-2024-40927 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40927.html CVE-2024-40927 https://bugzilla.suse.com/1227816 SUSE Bug 1227816 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids In some versions of cfg80211, the ssids poinet might be a valid one even though n_ssids is 0. Accessing the pointer in this case will cuase an out-of-bound access. Fix this by checking n_ssids first. CVE-2024-40929 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40929.html CVE-2024-40929 https://bugzilla.suse.com/1227774 SUSE Bug 1227774 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: validate HE operation element parsing Validate that the HE operation element has the correct length before parsing it. CVE-2024-40930 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40930.html CVE-2024-40930 https://bugzilla.suse.com/1228236 SUSE Bug 1228236 In the Linux kernel, the following vulnerability has been resolved: drm/exynos/vidi: fix memory leak in .get_modes() The duplicated EDID is never freed. Fix it. CVE-2024-40932 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40932.html CVE-2024-40932 https://bugzilla.suse.com/1227828 SUSE Bug 1227828 In the Linux kernel, the following vulnerability has been resolved: HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Fix a memory leak on logi_dj_recv_send_report() error path. CVE-2024-40934 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40934.html CVE-2024-40934 https://bugzilla.suse.com/1227796 SUSE Bug 1227796 In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix memregion leaks in devm_cxl_add_region() Move the mode verification to __create_region() before allocating the memregion to avoid the memregion leaks. CVE-2024-40936 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40936.html CVE-2024-40936 https://bugzilla.suse.com/1227833 SUSE Bug 1227833 In the Linux kernel, the following vulnerability has been resolved: landlock: Fix d_parent walk The WARN_ON_ONCE() in collect_domain_accesses() can be triggered when trying to link a root mount point. This cannot work in practice because this directory is mounted, but the VFS check is done after the call to security_path_link(). Do not use source directory's d_parent when the source directory is the mount point. [mic: Fix commit message] CVE-2024-40938 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40938.html CVE-2024-40938 https://bugzilla.suse.com/1227840 SUSE Bug 1227840 In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail In case of region creation fail in ipc_devlink_create_region(), previously created regions delete process starts from tainted pointer which actually holds error code value. Fix this bug by decreasing region index before delete. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-40939 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40939.html CVE-2024-40939 https://bugzilla.suse.com/1227799 SUSE Bug 1227799 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the buffer, we won't see it by default. If needed, we can see the content with tracing. This was reported by KFENCE. CVE-2024-40941 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40941.html CVE-2024-40941 https://bugzilla.suse.com/1227771 SUSE Bug 1227771 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned. Fix this by flushing all corresponding items of the preq_queue in mesh_path_flush_pending(). This should take care of KASAN reports like this: unreferenced object 0xffff00000668d800 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419552 (age 1836.444s) hex dump (first 32 bytes): 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h..... 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>........... backtrace: [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c [<00000000049bd418>] kmalloc_trace+0x34/0x80 [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8 [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4 [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764 [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4 [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440 [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4 [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508 [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c [<00000000b36425d1>] worker_thread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] ret_from_fork+0x10/0x20 unreferenced object 0xffff000009051f00 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419553 (age 1836.440s) hex dump (first 32 bytes): 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h..... 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy..... backtrace: [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c [<00000000049bd418>] kmalloc_trace+0x34/0x80 [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8 [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4 [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764 [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4 [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440 [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4 [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508 [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c [<00000000b36425d1>] worker_thread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] ret_from_fork+0x10/0x20 CVE-2024-40942 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40942.html CVE-2024-40942 https://bugzilla.suse.com/1227770 SUSE Bug 1227770 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block", fstests/generic/300 become from always failed to sometimes failed: ======================================================================== [ 473.293420 ] run fstests generic/300 [ 475.296983 ] JBD2: Ignoring recovery information on journal [ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode. [ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found [ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 494.292018 ] OCFS2: File system is now read-only. [ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30 [ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3 fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072 ========================================================================= In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten extents to a list. extents are also inserted into extent tree in ocfs2_write_begin_nolock. Then another thread call fallocate to puch a hole at one of the unwritten extent. The extent at cpos was removed by ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list found there is no such extent at the cpos. T1 T2 T3 inode lock ... insert extents ... inode unlock ocfs2_fallocate __ocfs2_change_file_space inode lock lock ip_alloc_sem ocfs2_remove_inode_range inode ocfs2_remove_btree_range ocfs2_remove_extent ^---remove the extent at cpos 78723 ... unlock ip_alloc_sem inode unlock ocfs2_dio_end_io ocfs2_dio_end_io_write lock ip_alloc_sem ocfs2_mark_extent_written ocfs2_change_extent_flag ocfs2_search_extent_list ^---failed to find extent ... unlock ip_alloc_sem In most filesystems, fallocate is not compatible with racing with AIO+DIO, so fix it by adding to wait for all dio before fallocate/punch_hole like ext4. CVE-2024-40943 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40943.html CVE-2024-40943 https://bugzilla.suse.com/1227849 SUSE Bug 1227849 In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix bug with call depth tracking The call to cc_platform_has() triggers a fault and system crash if call depth tracking is active because the GS segment has been reset by load_segments() and GS_BASE is now 0 but call depth tracking uses per-CPU variables to operate. Call cc_platform_has() earlier in the function when GS is still valid. [ bp: Massage. ] CVE-2024-40944 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40944.html CVE-2024-40944 https://bugzilla.suse.com/1227883 SUSE Bug 1227883 In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn't cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA. In this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will return an error, and the device drivers won't call iommu_sva_bind_device() at all. CVE-2024-40945 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40945.html CVE-2024-40945 https://bugzilla.suse.com/1227802 SUSE Bug 1227802 In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: * attaching an fentry probe to __sock_release() and the probe calling the bpf_get_socket_cookie() helper * running traceroute -I 1.1.1.1 on a freshly booted VM A KASAN enabled kernel will log something like below (decoded and stripped): ================================================================== BUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) Read of size 8 at addr ffff888007110dd8 by task traceroute/299 CPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1)) print_report (mm/kasan/report.c:378 mm/kasan/report.c:488) ? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) kasan_report (mm/kasan/report.c:603) ? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189) __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) bpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092) bpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e bpf_trampoline_6442506592+0x47/0xaf __sock_release (net/socket.c:652) __sock_create (net/socket.c:1601) ... Allocated by task 299 on cpu 2 at 78.328492s: kasan_save_stack (mm/kasan/common.c:48) kasan_save_track (mm/kasan/common.c:68) __kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338) kmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007) sk_prot_alloc (net/core/sock.c:2075) sk_alloc (net/core/sock.c:2134) inet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252) __sock_create (net/socket.c:1572) __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) __x64_sys_socket (net/socket.c:1718) do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Freed by task 299 on cpu 2 at 78.328502s: kasan_save_stack (mm/kasan/common.c:48) kasan_save_track (mm/kasan/common.c:68) kasan_save_free_info (mm/kasan/generic.c:582) poison_slab_object (mm/kasan/common.c:242) __kasan_slab_free (mm/kasan/common.c:256) kmem_cache_free (mm/slub.c:4437 mm/slub.c:4511) __sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208) inet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252) __sock_create (net/socket.c:1572) __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) __x64_sys_socket (net/socket.c:1718) do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Fix this by clearing the struct socket reference in sk_common_release() to cover all protocol families create functions, which may already attached the reference to the sk object with sock_init_data(). CVE-2024-40954 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40954.html CVE-2024-40954 https://bugzilla.suse.com/1227808 SUSE Bug 1227808 https://bugzilla.suse.com/1228786 SUSE Bug 1228786 In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed via idxd_desc_complete() and there's a slight chance may cause issue for the list iterator when the descriptor is reused by another thread without it being deleted from the list. CVE-2024-40956 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40956.html CVE-2024-40956 https://bugzilla.suse.com/1227810 SUSE Bug 1227810 https://bugzilla.suse.com/1228585 SUSE Bug 1228585 In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors input_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for PREROUTING hook, in PREROUTING hook, we should passing a valid indev, and a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer dereference, as below: [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090 [74830.655633] #PF: supervisor read access in kernel mode [74830.657888] #PF: error_code(0x0000) - not-present page [74830.659500] PGD 0 P4D 0 [74830.660450] Oops: 0000 [#1] PREEMPT SMP PTI ... [74830.664953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [74830.666569] RIP: 0010:rpfilter_mt+0x44/0x15e [ipt_rpfilter] ... [74830.689725] Call Trace: [74830.690402] <IRQ> [74830.690953] ? show_trace_log_lvl+0x1c4/0x2df [74830.692020] ? show_trace_log_lvl+0x1c4/0x2df [74830.693095] ? ipt_do_table+0x286/0x710 [ip_tables] [74830.694275] ? __die_body.cold+0x8/0xd [74830.695205] ? page_fault_oops+0xac/0x140 [74830.696244] ? exc_page_fault+0x62/0x150 [74830.697225] ? asm_exc_page_fault+0x22/0x30 [74830.698344] ? rpfilter_mt+0x44/0x15e [ipt_rpfilter] [74830.699540] ipt_do_table+0x286/0x710 [ip_tables] [74830.700758] ? ip6_route_input+0x19d/0x240 [74830.701752] nf_hook_slow+0x3f/0xb0 [74830.702678] input_action_end_dx4+0x19b/0x1e0 [74830.703735] ? input_action_end_t+0xe0/0xe0 [74830.704734] seg6_local_input_core+0x2d/0x60 [74830.705782] lwtunnel_input+0x5b/0xb0 [74830.706690] __netif_receive_skb_one_core+0x63/0xa0 [74830.707825] process_backlog+0x99/0x140 [74830.709538] __napi_poll+0x2c/0x160 [74830.710673] net_rx_action+0x296/0x350 [74830.711860] __do_softirq+0xcb/0x2ac [74830.713049] do_softirq+0x63/0x90 input_action_end_dx4() passing a NULL indev to NF_HOOK(), and finally trigger a NULL dereference in rpfilter_mt()->rpfilter_is_loopback(): static bool rpfilter_is_loopback(const struct sk_buff *skb, const struct net_device *in) { // in is NULL return skb->pkt_type == PACKET_LOOPBACK || in->flags & IFF_LOOPBACK; } CVE-2024-40957 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40957.html CVE-2024-40957 https://bugzilla.suse.com/1227811 SUSE Bug 1227811 In the Linux kernel, the following vulnerability has been resolved: netns: Make get_net_ns() handle zero refcount net Syzkaller hit a warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0 Modules linked in: CPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:refcount_warn_saturate+0xdf/0x1d0 Code: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 <0f> 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1 RSP: 0018:ffff8881067b7da0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac RDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001 RBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139 R10: 0000000000000000 R11: 205d303938375420 R12: ffff8881086500c4 R13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040 FS: 00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055d7ed36fd18 CR3: 00000001482f6000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? show_regs+0xa3/0xc0 ? __warn+0xa5/0x1c0 ? refcount_warn_saturate+0xdf/0x1d0 ? report_bug+0x1fc/0x2d0 ? refcount_warn_saturate+0xdf/0x1d0 ? handle_bug+0xa1/0x110 ? exc_invalid_op+0x3c/0xb0 ? asm_exc_invalid_op+0x1f/0x30 ? __warn_printk+0xcc/0x140 ? __warn_printk+0xd5/0x140 ? refcount_warn_saturate+0xdf/0x1d0 get_net_ns+0xa4/0xc0 ? __pfx_get_net_ns+0x10/0x10 open_related_ns+0x5a/0x130 __tun_chr_ioctl+0x1616/0x2370 ? __sanitizer_cov_trace_switch+0x58/0xa0 ? __sanitizer_cov_trace_const_cmp2+0x1c/0x30 ? __pfx_tun_chr_ioctl+0x10/0x10 tun_chr_ioctl+0x2f/0x40 __x64_sys_ioctl+0x11b/0x160 x64_sys_call+0x1211/0x20d0 do_syscall_64+0x9e/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5b28f165d7 Code: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 8 RSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7 RDX: 0000000000000000 RSI: 00000000000054e3 RDI: 0000000000000003 RBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0 R10: 0000000029690010 R11: 0000000000000246 R12: 0000000000400730 R13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 0000000000000000 </TASK> Kernel panic - not syncing: kernel: panic_on_warn set ... This is trigger as below: ns0 ns1 tun_set_iff() //dev is tun0 tun->dev = dev //ip link set tun0 netns ns1 put_net() //ref is 0 __tun_chr_ioctl() //TUNGETDEVNETNS net = dev_net(tun->dev); open_related_ns(&net->ns, get_net_ns); //ns1 get_net_ns() get_net() //addition on 0 Use maybe_get_net() in get_net_ns in case net's ref is zero to fix this CVE-2024-40958 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40958.html CVE-2024-40958 https://bugzilla.suse.com/1227812 SUSE Bug 1227812 In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 12 Comm: kworker/u8:1 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker RIP: 0010:xfrm6_get_saddr+0x93/0x130 net/ipv6/xfrm6_policy.c:64 Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 97 00 00 00 4c 8b ab d8 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 86 00 00 00 4d 8b 6d 00 e8 ca 13 47 01 48 b8 00 RSP: 0018:ffffc90000117378 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88807b079dc0 RCX: ffffffff89a0d6d7 RDX: 0000000000000000 RSI: ffffffff89a0d6e9 RDI: ffff88807b079e98 RBP: ffff88807ad73248 R08: 0000000000000007 R09: fffffffffffff000 R10: ffff88807b079dc0 R11: 0000000000000007 R12: ffffc90000117480 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4586d00440 CR3: 0000000079042000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> xfrm_get_saddr net/xfrm/xfrm_policy.c:2452 [inline] xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2481 [inline] xfrm_tmpl_resolve+0xa26/0xf10 net/xfrm/xfrm_policy.c:2541 xfrm_resolve_and_create_bundle+0x140/0x2570 net/xfrm/xfrm_policy.c:2835 xfrm_bundle_lookup net/xfrm/xfrm_policy.c:3070 [inline] xfrm_lookup_with_ifid+0x4d1/0x1e60 net/xfrm/xfrm_policy.c:3201 xfrm_lookup net/xfrm/xfrm_policy.c:3298 [inline] xfrm_lookup_route+0x3b/0x200 net/xfrm/xfrm_policy.c:3309 ip6_dst_lookup_flow+0x15c/0x1d0 net/ipv6/ip6_output.c:1256 send6+0x611/0xd20 drivers/net/wireguard/socket.c:139 wg_socket_send_skb_to_peer+0xf9/0x220 drivers/net/wireguard/socket.c:178 wg_socket_send_buffer_to_peer+0x12b/0x190 drivers/net/wireguard/socket.c:200 wg_packet_send_handshake_initiation+0x227/0x360 drivers/net/wireguard/send.c:40 wg_packet_handshake_send_worker+0x1c/0x30 drivers/net/wireguard/send.c:51 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 CVE-2024-40959 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40959.html CVE-2024-40959 https://bugzilla.suse.com/1227884 SUSE Bug 1227884 In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes Shin'ichiro reported that when he's running fstests' test-case btrfs/167 on emulated zoned devices, he's seeing the following NULL pointer dereference in 'btrfs_zone_finish_endio()': Oops: general protection fault, probably for non-canonical address 0xdffffc0000000011: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f] CPU: 4 PID: 2332440 Comm: kworker/u80:15 Tainted: G W 6.10.0-rc2-kts+ #4 Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020 Workqueue: btrfs-endio-write btrfs_work_helper [btrfs] RIP: 0010:btrfs_zone_finish_endio.part.0+0x34/0x160 [btrfs] RSP: 0018:ffff88867f107a90 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff893e5534 RDX: 0000000000000011 RSI: 0000000000000004 RDI: 0000000000000088 RBP: 0000000000000002 R08: 0000000000000001 R09: ffffed1081696028 R10: ffff88840b4b0143 R11: ffff88834dfff600 R12: ffff88840b4b0000 R13: 0000000000020000 R14: 0000000000000000 R15: ffff888530ad5210 FS: 0000000000000000(0000) GS:ffff888e3f800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f87223fff38 CR3: 00000007a7c6a002 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? die_addr+0x46/0x70 ? exc_general_protection+0x14f/0x250 ? asm_exc_general_protection+0x26/0x30 ? do_raw_read_unlock+0x44/0x70 ? btrfs_zone_finish_endio.part.0+0x34/0x160 [btrfs] btrfs_finish_one_ordered+0x5d9/0x19a0 [btrfs] ? __pfx_lock_release+0x10/0x10 ? do_raw_write_lock+0x90/0x260 ? __pfx_do_raw_write_lock+0x10/0x10 ? __pfx_btrfs_finish_one_ordered+0x10/0x10 [btrfs] ? _raw_write_unlock+0x23/0x40 ? btrfs_finish_ordered_zoned+0x5a9/0x850 [btrfs] ? lock_acquire+0x435/0x500 btrfs_work_helper+0x1b1/0xa70 [btrfs] ? __schedule+0x10a8/0x60b0 ? __pfx___might_resched+0x10/0x10 process_one_work+0x862/0x1410 ? __pfx_lock_acquire+0x10/0x10 ? __pfx_process_one_work+0x10/0x10 ? assign_work+0x16c/0x240 worker_thread+0x5e6/0x1010 ? __pfx_worker_thread+0x10/0x10 kthread+0x2c3/0x3a0 ? trace_irq_enable.constprop.0+0xce/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Enabling CONFIG_BTRFS_ASSERT revealed the following assertion to trigger: assertion failed: !list_empty(&ordered->list), in fs/btrfs/zoned.c:1815 This indicates, that we're missing the checksums list on the ordered_extent. As btrfs/167 is doing a NOCOW write this is to be expected. Further analysis with drgn confirmed the assumption: >>> inode = prog.crashed_thread().stack_trace()[11]['ordered'].inode >>> btrfs_inode = drgn.container_of(inode, "struct btrfs_inode", \ "vfs_inode") >>> print(btrfs_inode.flags) (u32)1 As zoned emulation mode simulates conventional zones on regular devices, we cannot use zone-append for writing. But we're only attaching dummy checksums if we're doing a zone-append write. So for NOCOW zoned data writes on conventional zones, also attach a dummy checksum. CVE-2024-40962 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40962.html CVE-2024-40962 https://bugzilla.suse.com/1227815 SUSE Bug 1227815 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() The cs35l41_hda_unbind() function clears the hda_component entry matching it's index and then dereferences the codec pointer held in the first element of the hda_component array, this is an issue when the device index was 0. Instead use the codec pointer stashed in the cs35l41_hda structure as it will still be valid. CVE-2024-40964 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40964.html CVE-2024-40964 https://bugzilla.suse.com/1227818 SUSE Bug 1227818 In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue. CVE-2024-40967 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40967.html CVE-2024-40967 https://bugzilla.suse.com/1227891 SUSE Bug 1227891 In the Linux kernel, the following vulnerability has been resolved: drm/lima: mask irqs in timeout path before hard reset There is a race condition in which a rendering job might take just long enough to trigger the drm sched job timeout handler but also still complete before the hard reset is done by the timeout handler. This runs into race conditions not expected by the timeout handler. In some very specific cases it currently may result in a refcount imbalance on lima_pm_idle, with a stack dump such as: [10136.669170] WARNING: CPU: 0 PID: 0 at drivers/gpu/drm/lima/lima_devfreq.c:205 lima_devfreq_record_idle+0xa0/0xb0 ... [10136.669459] pc : lima_devfreq_record_idle+0xa0/0xb0 ... [10136.669628] Call trace: [10136.669634] lima_devfreq_record_idle+0xa0/0xb0 [10136.669646] lima_sched_pipe_task_done+0x5c/0xb0 [10136.669656] lima_gp_irq_handler+0xa8/0x120 [10136.669666] __handle_irq_event_percpu+0x48/0x160 [10136.669679] handle_irq_event+0x4c/0xc0 We can prevent that race condition entirely by masking the irqs at the beginning of the timeout handler, at which point we give up on waiting for that job entirely. The irqs will be enabled again at the next hard reset which is already done as a recovery by the timeout handler. CVE-2024-40976 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40976.html CVE-2024-40976 https://bugzilla.suse.com/1227893 SUSE Bug 1227893 In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery During chip recovery (e.g. chip reset), there is a possible situation that kernel worker reset_work is holding the lock and waiting for kernel thread stat_worker to be parked, while stat_worker is waiting for the release of the same lock. It causes a deadlock resulting in the dumping of hung tasks messages and possible rebooting of the device. This patch prevents the execution of stat_worker during the chip recovery. CVE-2024-40977 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40977.html CVE-2024-40977 https://bugzilla.suse.com/1227950 SUSE Bug 1227950 In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf() and then call simple_read_from_buffer(), which in turns make the copy_to_user() call. BUG: unable to handle page fault for address: 00007f4801111000 PGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0 Oops: 0002 [#1] PREEMPT SMP PTI Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023 RIP: 0010:memcpy_orig+0xcd/0x130 RSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202 RAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f RDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000 RBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572 R10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff R13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af FS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x183/0x510 ? exc_page_fault+0x69/0x150 ? asm_exc_page_fault+0x22/0x30 ? memcpy_orig+0xcd/0x130 vsnprintf+0x102/0x4c0 sprintf+0x51/0x80 qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324] full_proxy_read+0x50/0x80 vfs_read+0xa5/0x2e0 ? folio_add_new_anon_rmap+0x44/0xa0 ? set_pte_at+0x15/0x30 ? do_pte_missing+0x426/0x7f0 ksys_read+0xa5/0xe0 do_syscall_64+0x58/0x80 ? __count_memcg_events+0x46/0x90 ? count_memcg_event_mm+0x3d/0x60 ? handle_mm_fault+0x196/0x2f0 ? do_user_addr_fault+0x267/0x890 ? exc_page_fault+0x69/0x150 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f4800f20b4d CVE-2024-40978 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40978.html CVE-2024-40978 https://bugzilla.suse.com/1227929 SUSE Bug 1227929 In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadv_purge_orig_ref() Many syzbot reports are pointing to soft lockups in batadv_purge_orig_ref() [1] Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting reports. [1] watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621] Modules linked in: irq event stamp: 6182794 hardirqs last enabled at (6182793): [<ffff8000801dae10>] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 hardirqs last disabled at (6182794): [<ffff80008ad66a78>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (6182794): [<ffff80008ad66a78>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (6182792): [<ffff80008aab71c4>] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (6182792): [<ffff80008aab71c4>] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 softirqs last disabled at (6182790): [<ffff80008aab61dc>] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (6182790): [<ffff80008aab61dc>] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271 CPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: bat_events batadv_purge_orig pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline] pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388 lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 sp : ffff800099007970 x29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000 x26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001 x23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4 x20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0 x17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001 x14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline] __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300 process_one_work+0x694/0x1204 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51 lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103 sp : ffff800093a17d30 x29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4 x26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002 x23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000 x20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396 x17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001 ---truncated--- CVE-2024-40981 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40981.html CVE-2024-40981 https://bugzilla.suse.com/1227864 SUSE Bug 1227864 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-40982 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40982.html CVE-2024-40982 https://bugzilla.suse.com/1227865 SUSE Bug 1227865 In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid "Info: mapping multiple BARs. Your kernel is fine.""). The initial purpose of this commit was to stop memory mappings for operation regions from overlapping page boundaries, as it can trigger warnings if different page attributes are present. However, it was found that when this situation arises, mapping continues until the boundary's end, but there is still an attempt to read/write the entire length of the map, leading to a NULL pointer deference. For example, if a four-byte mapping request is made but only one byte is mapped because it hits the current page boundary's end, a four-byte read/write attempt is still made, resulting in a NULL pointer deference. Instead, map the entire length, as the ACPI specification does not mandate that it must be within the same page boundary. It is permissible for it to be mapped across different regions. CVE-2024-40984 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40984.html CVE-2024-40984 https://bugzilla.suse.com/1227820 SUSE Bug 1227820 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry. CVE-2024-40987 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40987.html CVE-2024-40987 https://bugzilla.suse.com/1228235 SUSE Bug 1228235 In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry. CVE-2024-40988 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40988.html CVE-2024-40988 https://bugzilla.suse.com/1227957 SUSE Bug 1227957 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu. CVE-2024-40989 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40989.html CVE-2024-40989 https://bugzilla.suse.com/1227823 SUSE Bug 1227823 https://bugzilla.suse.com/1228589 SUSE Bug 1228589 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq max_sge attribute max_sge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it. CVE-2024-40990 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40990.html CVE-2024-40990 https://bugzilla.suse.com/1227824 SUSE Bug 1227824 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently dropped by the responder. The responder then waits for a new request packet. commit 689c5421bfe0 ("RDMA/rxe: Fix incorrect responder length checking") defers responder length check for UD QPs in function `copy_data`. But it introduces a regression issue for UD QPs. When the packet size is too large to fit in the receive buffer. `copy_data` will return error code -EINVAL. Then `send_data_in` will return RESPST_ERR_MALFORMED_WQE. UD QP will transfer into ERROR state. CVE-2024-40992 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40992.html CVE-2024-40992 https://bugzilla.suse.com/1227826 SUSE Bug 1227826 In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc() to do the allocation to prevent this. CVE-2024-40994 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40994.html CVE-2024-40994 https://bugzilla.suse.com/1227829 SUSE Bug 1227829 https://bugzilla.suse.com/1228587 SUSE Bug 1228587 In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() syzbot found hanging tasks waiting on rtnl_lock [1] A reproducer is available in the syzbot bug. When a request to add multiple actions with the same index is sent, the second request will block forever on the first request. This holds rtnl_lock, and causes tasks to hang. Return -EAGAIN to prevent infinite looping, while keeping documented behavior. [1] INFO: task kworker/1:0:5088 blocked for more than 143 seconds. Not tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000 Workqueue: events_power_efficient reg_check_chans_work Call Trace: <TASK> context_switch kernel/sched/core.c:5409 [inline] __schedule+0xf15/0x5d00 kernel/sched/core.c:6746 __schedule_loop kernel/sched/core.c:6823 [inline] schedule+0xe7/0x350 kernel/sched/core.c:6838 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895 __mutex_lock_common kernel/locking/mutex.c:684 [inline] __mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752 wiphy_lock include/net/cfg80211.h:5953 [inline] reg_leave_invalid_chans net/wireless/reg.c:2466 [inline] reg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481 CVE-2024-40995 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40995.html CVE-2024-40995 https://bugzilla.suse.com/1227830 SUSE Bug 1227830 In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is not freed in the analogous exit function, so fix that. [ rjw: Subject and changelog edits ] CVE-2024-40997 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-40997.html CVE-2024-40997 https://bugzilla.suse.com/1227853 SUSE Bug 1227853 In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer shows this report: [ 62.982337] ------------[ cut here ]------------ [ 62.985692] cgroup: Invalid name [ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46 [ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1 [ 62.992992] 9223372036854775807 + 4095 cannot be represented in type 'long long' [ 62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1 [ 62.999369] random: crng reseeded on system resumption [ 63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000) [ 63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.000682] Call Trace: [ 63.000686] <TASK> [ 63.000731] dump_stack_lvl+0x93/0xd0 [ 63.000919] __get_user_pages+0x903/0xd30 [ 63.001030] __gup_longterm_locked+0x153e/0x1ba0 [ 63.001041] ? _raw_read_unlock_irqrestore+0x17/0x50 [ 63.001072] ? try_get_folio+0x29c/0x2d0 [ 63.001083] internal_get_user_pages_fast+0x1119/0x1530 [ 63.001109] iov_iter_extract_pages+0x23b/0x580 [ 63.001206] bio_iov_iter_get_pages+0x4de/0x1220 [ 63.001235] iomap_dio_bio_iter+0x9b6/0x1410 [ 63.001297] __iomap_dio_rw+0xab4/0x1810 [ 63.001316] iomap_dio_rw+0x45/0xa0 [ 63.001328] ext4_file_write_iter+0xdde/0x1390 [ 63.001372] vfs_write+0x599/0xbd0 [ 63.001394] ksys_write+0xc8/0x190 [ 63.001403] do_syscall_64+0xd4/0x1b0 [ 63.001421] ? arch_exit_to_user_mode_prepare+0x3a/0x60 [ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 63.001535] RIP: 0033:0x7f7fd3ebf539 [ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539 [ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004 [ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000 [ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8 ... [ 63.018142] ---[ end trace ]--- Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang; It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's rework this overflow checking logic to not actually perform an overflow during the check itself, thus avoiding the UBSAN splat. [1]: https://github.com/llvm/llvm-project/pull/82432 CVE-2024-41000 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41000.html CVE-2024-41000 https://bugzilla.suse.com/1227867 SUSE Bug 1227867 In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: work around a potential audit memory leak kmemleak complains that there's a memory leak related to connect handling: unreferenced object 0xffff0001093bdf00 (size 128): comm "iou-sqp-455", pid 457, jiffies 4294894164 hex dump (first 32 bytes): 02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 2e481b1a): [<00000000c0a26af4>] kmemleak_alloc+0x30/0x38 [<000000009c30bb45>] kmalloc_trace+0x228/0x358 [<000000009da9d39f>] __audit_sockaddr+0xd0/0x138 [<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8 [<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4 [<00000000abfbcd99>] io_submit_sqes+0x588/0x1e48 [<00000000e7c25e07>] io_sq_thread+0x8a4/0x10e4 [<00000000d999b491>] ret_from_fork+0x10/0x20 which can can happen if: 1) The command type does something on the prep side that triggers an audit call. 2) The thread hasn't done any operations before this that triggered an audit call inside ->issue(), where we have audit_uring_entry() and audit_uring_exit(). Work around this by issuing a blanket NOP operation before the SQPOLL does anything. CVE-2024-41001 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41001.html CVE-2024-41001 https://bugzilla.suse.com/1227869 SUSE Bug 1227869 In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - Fix memory leak for sec resource release The AIV is one of the SEC resources. When releasing resources, it need to release the AIV resources at the same time. Otherwise, memory leakage occurs. The aiv resource release is added to the sec resource release function. CVE-2024-41002 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41002.html CVE-2024-41002 https://bugzilla.suse.com/1227870 SUSE Bug 1227870 In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock (get a reference) those event file reference in module init function, and unlock and delete it in module exit function. This is because those are designed for playing as modules. If we make those modules as built-in, those events are left locked in the kernel, and never be removed. This causes kprobe event self-test failure as below. [ 97.349708] ------------[ cut here ]------------ [ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480 [ 97.357106] Modules linked in: [ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14 [ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480 [ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 <0f> 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90 [ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286 [ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000 [ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68 [ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000 [ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000 [ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000 [ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0 [ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 97.391196] Call Trace: [ 97.391967] <TASK> [ 97.392647] ? __warn+0xcc/0x180 [ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480 [ 97.395181] ? report_bug+0xbd/0x150 [ 97.396234] ? handle_bug+0x3e/0x60 [ 97.397311] ? exc_invalid_op+0x1a/0x50 [ 97.398434] ? asm_exc_invalid_op+0x1a/0x20 [ 97.399652] ? trace_kprobe_is_busy+0x20/0x20 [ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90 [ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480 [ 97.403773] ? init_kprobe_trace+0x50/0x50 [ 97.404972] do_one_initcall+0x112/0x240 [ 97.406113] do_initcall_level+0x95/0xb0 [ 97.407286] ? kernel_init+0x1a/0x1a0 [ 97.408401] do_initcalls+0x3f/0x70 [ 97.409452] kernel_init_freeable+0x16f/0x1e0 [ 97.410662] ? rest_init+0x1f0/0x1f0 [ 97.411738] kernel_init+0x1a/0x1a0 [ 97.412788] ret_from_fork+0x39/0x50 [ 97.413817] ? rest_init+0x1f0/0x1f0 [ 97.414844] ret_from_fork_asm+0x11/0x20 [ 97.416285] </TASK> [ 97.417134] irq event stamp: 13437323 [ 97.418376] hardirqs last enabled at (13437337): [<ffffffff8110bc0c>] console_unlock+0x11c/0x150 [ 97.421285] hardirqs last disabled at (13437370): [<ffffffff8110bbf1>] console_unlock+0x101/0x150 [ 97.423838] softirqs last enabled at (13437366): [<ffffffff8108e17f>] handle_softirqs+0x23f/0x2a0 [ 97.426450] softirqs last disabled at (13437393): [<ffffffff8108e346>] __irq_exit_rcu+0x66/0xd0 [ 97.428850] ---[ end trace 0000000000000000 ]--- And also, since we can not cleanup dynamic_event file, ftracetest are failed too. To avoid these issues, build these tests only as modules. CVE-2024-41004 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41004.html CVE-2024-41004 https://bugzilla.suse.com/1227851 SUSE Bug 1227851 In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4. CVE-2024-41007 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41007.html CVE-2024-41007 https://bugzilla.suse.com/1227863 SUSE Bug 1227863 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer counter to show which logical position the consumer consumed the data, and producer_pos which is the producer counter denoting the amount of data reserved by all producers. Each time a record is reserved, the producer that "owns" the record will successfully advance producer counter. In user space each time a record is read, the consumer of the data advanced the consumer counter once it finished processing. Both counters are stored in separate pages so that from user space, the producer counter is read-only and the consumer counter is read-write. One aspect that simplifies and thus speeds up the implementation of both producers and consumers is how the data area is mapped twice contiguously back-to-back in the virtual memory, allowing to not take any special measures for samples that have to wrap around at the end of the circular buffer data area, because the next page after the last data page would be first data page again, and thus the sample will still appear completely contiguous in virtual memory. Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for book-keeping the length and offset, and is inaccessible to the BPF program. Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ` for the BPF program to use. Bing-Jhong and Muhammad reported that it is however possible to make a second allocated memory chunk overlapping with the first chunk and as a result, the BPF program is now able to edit first chunk's header. For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in [0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets allocate a chunk B with size 0x3000. This will succeed because consumer_pos was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask` check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data pages. This means that chunk B at [0x4000,0x4008] is chunk A's header. bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong page and could cause a crash. Fix it by calculating the oldest pending_pos and check whether the range from the oldest outstanding record to the newest would span beyond the ring buffer size. If that is the case, then reject the request. We've tested with the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh) before/after the fix and while it seems a bit slower on some benchmarks, it is still not significantly enough to matter. CVE-2024-41009 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41009.html CVE-2024-41009 https://bugzilla.suse.com/1228020 SUSE Bug 1228020 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix too early release of tcx_entry Pedro Pinto and later independently also Hyunwoo Kim and Wongi Lee reported an issue that the tcx_entry can be released too early leading to a use after free (UAF) when an active old-style ingress or clsact qdisc with a shared tc block is later replaced by another ingress or clsact instance. Essentially, the sequence to trigger the UAF (one example) can be as follows: 1. A network namespace is created 2. An ingress qdisc is created. This allocates a tcx_entry, and &tcx_entry->miniq is stored in the qdisc's miniqp->p_miniq. At the same time, a tcf block with index 1 is created. 3. chain0 is attached to the tcf block. chain0 must be connected to the block linked to the ingress qdisc to later reach the function tcf_chain0_head_change_cb_del() which triggers the UAF. 4. Create and graft a clsact qdisc. This causes the ingress qdisc created in step 1 to be removed, thus freeing the previously linked tcx_entry: rtnetlink_rcv_msg() => tc_modify_qdisc() => qdisc_create() => clsact_init() [a] => qdisc_graft() => qdisc_destroy() => __qdisc_destroy() => ingress_destroy() [b] => tcx_entry_free() => kfree_rcu() // tcx_entry freed 5. Finally, the network namespace is closed. This registers the cleanup_net worker, and during the process of releasing the remaining clsact qdisc, it accesses the tcx_entry that was already freed in step 4, causing the UAF to occur: cleanup_net() => ops_exit_list() => default_device_exit_batch() => unregister_netdevice_many() => unregister_netdevice_many_notify() => dev_shutdown() => qdisc_put() => clsact_destroy() [c] => tcf_block_put_ext() => tcf_chain0_head_change_cb_del() => tcf_chain_head_change_item() => clsact_chain_head_change() => mini_qdisc_pair_swap() // UAF There are also other variants, the gist is to add an ingress (or clsact) qdisc with a specific shared block, then to replace that qdisc, waiting for the tcx_entry kfree_rcu() to be executed and subsequently accessing the current active qdisc's miniq one way or another. The correct fix is to turn the miniq_active boolean into a counter. What can be observed, at step 2 above, the counter transitions from 0->1, at step [a] from 1->2 (in order for the miniq object to remain active during the replacement), then in [b] from 2->1 and finally [c] 1->0 with the eventual release. The reference counter in general ranges from [0,2] and it does not need to be atomic since all access to the counter is protected by the rtnl mutex. With this in place, there is no longer a UAF happening and the tcx_entry is freed at the correct time. CVE-2024-41010 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41010.html CVE-2024-41010 https://bugzilla.suse.com/1228021 SUSE Bug 1228021 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space. CVE-2024-41011 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41011.html CVE-2024-41011 https://bugzilla.suse.com/1228114 SUSE Bug 1228114 https://bugzilla.suse.com/1228115 SUSE Bug 1228115 In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. Separately, posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush(). CVE-2024-41012 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41012.html CVE-2024-41012 https://bugzilla.suse.com/1228247 SUSE Bug 1228247 In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_check_dir_entry() This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don't stray beyond valid memory region. CVE-2024-41015 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41015.html CVE-2024-41015 https://bugzilla.suse.com/1228409 SUSE Bug 1228409 In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. CVE-2024-41016 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41016.html CVE-2024-41016 https://bugzilla.suse.com/1228410 SUSE Bug 1228410 In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normal version, and the version for 64-bit offsets on 32-bit kernels. Thanks to Greg KH for stumbling over this while doing the stable backport... Apply exactly the same fix to the compat path for 32-bit kernels. CVE-2024-41020 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41020.html CVE-2024-41020 https://bugzilla.suse.com/1228427 SUSE Bug 1228427 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() The "instance" variable needs to be signed for the error handling to work. CVE-2024-41022 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41022.html CVE-2024-41022 https://bugzilla.suse.com/1228429 SUSE Bug 1228429 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-41024 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41024.html CVE-2024-41024 https://bugzilla.suse.com/1228525 SUSE Bug 1228525 https://bugzilla.suse.com/1229274 SUSE Bug 1229274 In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix memory leak in audio daemon attach operation Audio PD daemon send the name as part of the init IOCTL call. This name needs to be copied to kernel for which memory is allocated. This memory is never freed which might result in memory leak. Free the memory when it is not needed. CVE-2024-41025 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41025.html CVE-2024-41025 https://bugzilla.suse.com/1228527 SUSE Bug 1228527 In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix array out-of-bounds access In order to use toshiba_dmi_quirks[] together with the standard DMI matching functions, it must be terminated by a empty entry. Since this entry is missing, an array out-of-bounds access occurs every time the quirk list is processed. Fix this by adding the terminating empty entry. CVE-2024-41028 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41028.html CVE-2024-41028 https://bugzilla.suse.com/1228539 SUSE Bug 1228539 In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: check if a hash-index is in cpu_possible_mask The problem is that there are systems where cpu_possible_mask has gaps between set CPUs, for example SPARC. In this scenario addr_to_vb_xa() hash function can return an index which accesses to not-possible and not setup CPU area using per_cpu() macro. This results in an oops on SPARC. A per-cpu vmap_block_queue is also used as hash table, incorrectly assuming the cpu_possible_mask has no gaps. Fix it by adjusting an index to a next possible CPU. CVE-2024-41032 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41032.html CVE-2024-41032 https://bugzilla.suse.com/1228460 SUSE Bug 1228460 In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the Closes: tag below) caused by our assumption that the reserved bits in an endpoint descriptor's bEndpointAddress field will always be 0. As a result of the bug, the endpoint_is_duplicate() routine in config.c (and possibly other routines as well) may believe that two descriptors are for distinct endpoints, even though they have the same direction and endpoint number. This can lead to confusion, including the bug identified by syzbot (two descriptors with matching endpoint numbers and directions, where one was interrupt and the other was bulk). To fix the bug, we will clear the reserved bits in bEndpointAddress when we parse the descriptor. (Note that both the USB-2.0 and USB-3.1 specs say these bits are "Reserved, reset to zero".) This requires us to make a copy of the descriptor earlier in usb_parse_endpoint() and use the copy instead of the original when checking for duplicates. CVE-2024-41035 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41035.html CVE-2024-41035 https://bugzilla.suse.com/1228485 SUSE Bug 1228485 In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0x100/0x284 do_raw_spin_lock+0x34/0x44 ks8851_start_xmit_spi+0x30/0xb8 ks8851_start_xmit+0x14/0x20 netdev_start_xmit+0x40/0x6c dev_hard_start_xmit+0x6c/0xbc sch_direct_xmit+0xa4/0x22c __qdisc_run+0x138/0x3fc qdisc_run+0x24/0x3c net_tx_action+0xf8/0x130 handle_softirqs+0x1ac/0x1f0 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x3c/0x58 do_softirq_own_stack+0x1c/0x28 __irq_exit_rcu+0x54/0x9c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x50 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x64/0x68 __netif_schedule+0x6c/0x80 netif_tx_wake_queue+0x38/0x48 ks8851_irq+0xb8/0x2c8 irq_thread_fn+0x2c/0x74 irq_thread+0x10c/0x1b0 kthread+0xc8/0xd8 ret_from_fork+0x10/0x20 This issue has not been identified earlier because tests were done on a device with SMP disabled and so spinlocks were actually NOPs. Now use spin_(un)lock_bh for TX queue related locking to avoid execution of softirq work synchronously that would lead to a deadlock. CVE-2024-41036 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41036.html CVE-2024-41036 https://bugzilla.suse.com/1228496 SUSE Bug 1228496 In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: fix null deref on system suspend entry When system enters suspend with an active stream, SOF core calls hw_params_upon_resume(). On Intel platforms with HDA DMA used to manage the link DMA, this leads to call chain of hda_dsp_set_hw_params_upon_resume() -> hda_dsp_dais_suspend() -> hda_dai_suspend() -> hda_ipc4_post_trigger() A bug is hit in hda_dai_suspend() as hda_link_dma_cleanup() is run first, which clears hext_stream->link_substream, and then hda_ipc4_post_trigger() is called with a NULL snd_pcm_substream pointer. CVE-2024-41037 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41037.html CVE-2024-41037 https://bugzilla.suse.com/1228508 SUSE Bug 1228508 In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the algorithm block header. This means the overall header length is variable, and the position of most fields varies depending on the length of the string fields. Each field must be checked to ensure that it does not overflow the firmware data buffer. As this ia bugfix patch, the fixes avoid making any significant change to the existing code. This makes it easier to review and less likely to introduce new bugs. CVE-2024-41038 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41038.html CVE-2024-41038 https://bugzilla.suse.com/1228509 SUSE Bug 1228509 In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmware data buffer contained enough bytes for the sums of the size of the structs wmfw_header + wmfw_adsp1_sizes + wmfw_footer But wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and Halo Core the equivalent struct is wmfw_adsp2_sizes, which is 4 bytes longer. So the length check didn't guarantee that there are enough bytes in the firmware buffer for a header with wmfw_adsp2_sizes. This patch splits the length check into three separate parts. Each of the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked separately before they are used. CVE-2024-41039 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41039.html CVE-2024-41039 https://bugzilla.suse.com/1228515 SUSE Bug 1228515 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] Read of size 1 at addr ffff888c07603600 by task handler130/6469 Call Trace: <IRQ> dump_stack_lvl+0x48/0x70 print_address_description.constprop.0+0x33/0x3d0 print_report+0xc0/0x2b0 kasan_report+0xd0/0x120 __asan_load1+0x6c/0x80 tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] tcf_ct_act+0x886/0x1350 [act_ct] tcf_action_exec+0xf8/0x1f0 fl_classify+0x355/0x360 [cls_flower] __tcf_classify+0x1fd/0x330 tcf_classify+0x21c/0x3c0 sch_handle_ingress.constprop.0+0x2c5/0x500 __netif_receive_skb_core.constprop.0+0xb25/0x1510 __netif_receive_skb_list_core+0x220/0x4c0 netif_receive_skb_list_internal+0x446/0x620 napi_complete_done+0x157/0x3d0 gro_cell_poll+0xcf/0x100 __napi_poll+0x65/0x310 net_rx_action+0x30c/0x5c0 __do_softirq+0x14f/0x491 __irq_exit_rcu+0x82/0xc0 irq_exit_rcu+0xe/0x20 common_interrupt+0xa1/0xb0 </IRQ> <TASK> asm_common_interrupt+0x27/0x40 Allocated by task 6469: kasan_save_stack+0x38/0x70 kasan_set_track+0x25/0x40 kasan_save_alloc_info+0x1e/0x40 __kasan_krealloc+0x133/0x190 krealloc+0xaa/0x130 nf_ct_ext_add+0xed/0x230 [nf_conntrack] tcf_ct_act+0x1095/0x1350 [act_ct] tcf_action_exec+0xf8/0x1f0 fl_classify+0x355/0x360 [cls_flower] __tcf_classify+0x1fd/0x330 tcf_classify+0x21c/0x3c0 sch_handle_ingress.constprop.0+0x2c5/0x500 __netif_receive_skb_core.constprop.0+0xb25/0x1510 __netif_receive_skb_list_core+0x220/0x4c0 netif_receive_skb_list_internal+0x446/0x620 napi_complete_done+0x157/0x3d0 gro_cell_poll+0xcf/0x100 __napi_poll+0x65/0x310 net_rx_action+0x30c/0x5c0 __do_softirq+0x14f/0x491 Freed by task 6469: kasan_save_stack+0x38/0x70 kasan_set_track+0x25/0x40 kasan_save_free_info+0x2b/0x60 ____kasan_slab_free+0x180/0x1f0 __kasan_slab_free+0x12/0x30 slab_free_freelist_hook+0xd2/0x1a0 __kmem_cache_free+0x1a2/0x2f0 kfree+0x78/0x120 nf_conntrack_free+0x74/0x130 [nf_conntrack] nf_ct_destroy+0xb2/0x140 [nf_conntrack] __nf_ct_resolve_clash+0x529/0x5d0 [nf_conntrack] nf_ct_resolve_clash+0xf6/0x490 [nf_conntrack] __nf_conntrack_confirm+0x2c6/0x770 [nf_conntrack] tcf_ct_act+0x12ad/0x1350 [act_ct] tcf_action_exec+0xf8/0x1f0 fl_classify+0x355/0x360 [cls_flower] __tcf_classify+0x1fd/0x330 tcf_classify+0x21c/0x3c0 sch_handle_ingress.constprop.0+0x2c5/0x500 __netif_receive_skb_core.constprop.0+0xb25/0x1510 __netif_receive_skb_list_core+0x220/0x4c0 netif_receive_skb_list_internal+0x446/0x620 napi_complete_done+0x157/0x3d0 gro_cell_poll+0xcf/0x100 __napi_poll+0x65/0x310 net_rx_action+0x30c/0x5c0 __do_softirq+0x14f/0x491 The ct may be dropped if a clash has been resolved but is still passed to the tcf_ct_flow_table_process_conn function for further usage. This issue can be fixed by retrieving ct from skb again after confirming conntrack. CVE-2024-41040 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41040.html CVE-2024-41040 https://bugzilla.suse.com/1228518 SUSE Bug 1228518 In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). syzkaller triggered the warning [0] in udp_v4_early_demux(). In udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount of the looked-up sk and use sock_pfree() as skb->destructor, so we check SOCK_RCU_FREE to ensure that the sk is safe to access during the RCU grace period. Currently, SOCK_RCU_FREE is flagged for a bound socket after being put into the hash table. Moreover, the SOCK_RCU_FREE check is done too early in udp_v[46]_early_demux() and sk_lookup(), so there could be a small race window: CPU1 CPU2 ---- ---- udp_v4_early_demux() udp_lib_get_port() | |- hlist_add_head_rcu() |- sk = __udp4_lib_demux_lookup() | |- DEBUG_NET_WARN_ON_ONCE(sk_is_refcounted(sk)); `- sock_set_flag(sk, SOCK_RCU_FREE) We had the same bug in TCP and fixed it in commit 871019b22d1b ("net: set SOCK_RCU_FREE before inserting socket into hashtable"). Let's apply the same fix for UDP. [0]: WARNING: CPU: 0 PID: 11198 at net/ipv4/udp.c:2599 udp_v4_early_demux+0x481/0xb70 net/ipv4/udp.c:2599 Modules linked in: CPU: 0 PID: 11198 Comm: syz-executor.1 Not tainted 6.9.0-g93bda33046e7 #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:udp_v4_early_demux+0x481/0xb70 net/ipv4/udp.c:2599 Code: c5 7a 15 fe bb 01 00 00 00 44 89 e9 31 ff d3 e3 81 e3 bf ef ff ff 89 de e8 2c 74 15 fe 85 db 0f 85 02 06 00 00 e8 9f 7a 15 fe <0f> 0b e8 98 7a 15 fe 49 8d 7e 60 e8 4f 39 2f fe 49 c7 46 60 20 52 RSP: 0018:ffffc9000ce3fa58 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8318c92c RDX: ffff888036ccde00 RSI: ffffffff8318c2f1 RDI: 0000000000000001 RBP: ffff88805a2dd6e0 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0001ffffffffffff R12: ffff88805a2dd680 R13: 0000000000000007 R14: ffff88800923f900 R15: ffff88805456004e FS: 00007fc449127640(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc449126e38 CR3: 000000003de4b002 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 PKRU: 55555554 Call Trace: <TASK> ip_rcv_finish_core.constprop.0+0xbdd/0xd20 net/ipv4/ip_input.c:349 ip_rcv_finish+0xda/0x150 net/ipv4/ip_input.c:447 NF_HOOK include/linux/netfilter.h:314 [inline] NF_HOOK include/linux/netfilter.h:308 [inline] ip_rcv+0x16c/0x180 net/ipv4/ip_input.c:569 __netif_receive_skb_one_core+0xb3/0xe0 net/core/dev.c:5624 __netif_receive_skb+0x21/0xd0 net/core/dev.c:5738 netif_receive_skb_internal net/core/dev.c:5824 [inline] netif_receive_skb+0x271/0x300 net/core/dev.c:5884 tun_rx_batched drivers/net/tun.c:1549 [inline] tun_get_user+0x24db/0x2c50 drivers/net/tun.c:2002 tun_chr_write_iter+0x107/0x1a0 drivers/net/tun.c:2048 new_sync_write fs/read_write.c:497 [inline] vfs_write+0x76f/0x8d0 fs/read_write.c:590 ksys_write+0xbf/0x190 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x41/0x50 fs/read_write.c:652 x64_sys_call+0xe66/0x1990 arch/x86/include/generated/asm/syscalls_64.h:2 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x4b/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7fc44a68bc1f Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 e9 cf f5 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 3c d0 f5 ff 48 RSP: 002b:00007fc449126c90 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00000000004bc050 RCX: 00007fc44a68bc1f R ---truncated--- CVE-2024-41041 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41041.html CVE-2024-41041 https://bugzilla.suse.com/1228520 SUSE Bug 1228520 In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual body beyond PPP_LCP header bytes, and reject claimed-as-LCP but actually malformed data otherwise. CVE-2024-41044 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41044.html CVE-2024-41044 https://bugzilla.suse.com/1228530 SUSE Bug 1228530 In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpf_timer_cancel_and_free Currently, the same case as previous patch (two timer callbacks trying to cancel each other) can be invoked through bpf_map_update_elem as well, or more precisely, freeing map elements containing timers. Since this relies on hrtimer_cancel as well, it is prone to the same deadlock situation as the previous patch. It would be sufficient to use hrtimer_try_to_cancel to fix this problem, as the timer cannot be enqueued after async_cancel_and_free. Once async_cancel_and_free has been done, the timer must be reinitialized before it can be armed again. The callback running in parallel trying to arm the timer will fail, and freeing bpf_hrtimer without waiting is sufficient (given kfree_rcu), and bpf_timer_cb will return HRTIMER_NORESTART, preventing the timer from being rearmed again. However, there exists a UAF scenario where the callback arms the timer before entering this function, such that if cancellation fails (due to timer callback invoking this routine, or the target timer callback running concurrently). In such a case, if the timer expiration is significantly far in the future, the RCU grace period expiration happening before it will free the bpf_hrtimer state and along with it the struct hrtimer, that is enqueued. Hence, it is clear cancellation needs to occur after async_cancel_and_free, and yet it cannot be done inline due to deadlock issues. We thus modify bpf_timer_cancel_and_free to defer work to the global workqueue, adding a work_struct alongside rcu_head (both used at _different_ points of time, so can share space). Update existing code comments to reflect the new state of affairs. CVE-2024-41045 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41045.html CVE-2024-41045 https://bugzilla.suse.com/1228531 SUSE Bug 1228531 In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in sk_msg_recvmsg When running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch platform, the following kernel panic occurs: [...] Oops[#1]: CPU: 22 PID: 2824 Comm: test_progs Tainted: G OE 6.10.0-rc2+ #18 Hardware name: LOONGSON Dabieshan/Loongson-TC542F0, BIOS Loongson-UDK2018 ... ... ra: 90000000048bf6c0 sk_msg_recvmsg+0x120/0x560 ERA: 9000000004162774 copy_page_to_iter+0x74/0x1c0 CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) PRMD: 0000000c (PPLV0 +PIE +PWE) EUEN: 00000007 (+FPE +SXE +ASXE -BTE) ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7) ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) BADV: 0000000000000040 PRID: 0014c011 (Loongson-64bit, Loongson-3C5000) Modules linked in: bpf_testmod(OE) xt_CHECKSUM xt_MASQUERADE xt_conntrack Process test_progs (pid: 2824, threadinfo=0000000000863a31, task=...) Stack : ... Call Trace: [<9000000004162774>] copy_page_to_iter+0x74/0x1c0 [<90000000048bf6c0>] sk_msg_recvmsg+0x120/0x560 [<90000000049f2b90>] tcp_bpf_recvmsg_parser+0x170/0x4e0 [<90000000049aae34>] inet_recvmsg+0x54/0x100 [<900000000481ad5c>] sock_recvmsg+0x7c/0xe0 [<900000000481e1a8>] __sys_recvfrom+0x108/0x1c0 [<900000000481e27c>] sys_recvfrom+0x1c/0x40 [<9000000004c076ec>] do_syscall+0x8c/0xc0 [<9000000003731da4>] handle_syscall+0xc4/0x160 Code: ... ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception Kernel relocated by 0x3510000 .text @ 0x9000000003710000 .data @ 0x9000000004d70000 .bss @ 0x9000000006469400 ---[ end Kernel panic - not syncing: Fatal exception ]--- [...] This crash happens every time when running sockmap_skb_verdict_shutdown subtest in sockmap_basic. This crash is because a NULL pointer is passed to page_address() in the sk_msg_recvmsg(). Due to the different implementations depending on the architecture, page_address(NULL) will trigger a panic on Loongarch platform but not on x86 platform. So this bug was hidden on x86 platform for a while, but now it is exposed on Loongarch platform. The root cause is that a zero length skb (skb->len == 0) was put on the queue. This zero length skb is a TCP FIN packet, which was sent by shutdown(), invoked in test_sockmap_skb_verdict_shutdown(): shutdown(p1, SHUT_WR); In this case, in sk_psock_skb_ingress_enqueue(), num_sge is zero, and no page is put to this sge (see sg_set_page in sg_set_page), but this empty sge is queued into ingress_msg list. And in sk_msg_recvmsg(), this empty sge is used, and a NULL page is got by sg_page(sge). Pass this NULL page to copy_page_to_iter(), which passes it to kmap_local_page() and to page_address(), then kernel panics. To solve this, we should skip this zero length skb. So in sk_msg_recvmsg(), if copy is zero, that means it's a zero length skb, skip invoking copy_page_to_iter(). We are using the EFAULT return triggered by copy_page_to_iter to check for is_fin in tcp_bpf.c. CVE-2024-41048 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41048.html CVE-2024-41048 https://bugzilla.suse.com/1228565 SUSE Bug 1228565 In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen. CVE-2024-41049 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41049.html CVE-2024-41049 https://bugzilla.suse.com/1228486 SUSE Bug 1228486 In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msg_id to avoid reuse Reusing the msg_id after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below: t1 | t2 | t3 ------------------------------------------------- cachefiles_ondemand_select_req cachefiles_ondemand_object_is_close(A) cachefiles_ondemand_set_object_reopening(A) queue_work(fscache_object_wq, &info->work) ondemand_object_worker cachefiles_ondemand_init_object(A) cachefiles_ondemand_send_req(OPEN) // get msg_id 6 wait_for_completion(&req_A->done) cachefiles_ondemand_daemon_read // read msg_id 6 req_A cachefiles_ondemand_get_fd copy_to_user // Malicious completion msg_id 6 copen 6,-1 cachefiles_ondemand_copen complete(&req_A->done) // will not set the object to close // because ondemand_id && fd is valid. // ondemand_object_worker() is done // but the object is still reopening. // new open req_B cachefiles_ondemand_init_object(B) cachefiles_ondemand_send_req(OPEN) // reuse msg_id 6 process_open_req copen 6,A.size // The expected failed copen was executed successfully Expect copen to fail, and when it does, it closes fd, which sets the object to close, and then close triggers reopen again. However, due to msg_id reuse resulting in a successful copen, the anonymous fd is not closed until the daemon exits. Therefore read requests waiting for reopen to complete may trigger hung task. To avoid this issue, allocate the msg_id cyclically to avoid reusing the msg_id for a very short duration of time. CVE-2024-41050 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41050.html CVE-2024-41050 https://bugzilla.suse.com/1228499 SUSE Bug 1228499 In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemand_object_worker to finish when dropping object When queuing ondemand_object_worker() to re-open the object, cachefiles_object is not pinned. The cachefiles_object may be freed when the pending read request is completed intentionally and the related erofs is umounted. If ondemand_object_worker() runs after the object is freed, it will incur use-after-free problem as shown below. process A processs B process C process D cachefiles_ondemand_send_req() // send a read req X // wait for its completion // close ondemand fd cachefiles_ondemand_fd_release() // set object as CLOSE cachefiles_ondemand_daemon_read() // set object as REOPENING queue_work(fscache_wq, &info->ondemand_work) // close /dev/cachefiles cachefiles_daemon_release cachefiles_flush_reqs complete(&req->done) // read req X is completed // umount the erofs fs cachefiles_put_object() // object will be freed cachefiles_ondemand_deinit_obj_info() kmem_cache_free(object) // both info and object are freed ondemand_object_worker() When dropping an object, it is no longer necessary to reopen the object, so use cancel_work_sync() to cancel or wait for ondemand_object_worker() to finish. CVE-2024-41051 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41051.html CVE-2024-41051 https://bugzilla.suse.com/1228468 SUSE Bug 1228468 In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-terminated string in a fixed-size array. cs_dsp should protect against overrunning the array if the NUL terminator is missing. CVE-2024-41056 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41056.html CVE-2024-41056 https://bugzilla.suse.com/1228480 SUSE Bug 1228480 In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_withdraw_cookie+0x4d9/0x600 Read of size 8 at addr ffff888118efc000 by task kworker/u78:0/109 CPU: 13 PID: 109 Comm: kworker/u78:0 Not tainted 6.8.0-dirty #566 Call Trace: <TASK> kasan_report+0x93/0xc0 cachefiles_withdraw_cookie+0x4d9/0x600 fscache_cookie_state_machine+0x5c8/0x1230 fscache_cookie_worker+0x91/0x1c0 process_one_work+0x7fa/0x1800 [...] Allocated by task 117: kmalloc_trace+0x1b3/0x3c0 cachefiles_acquire_volume+0xf3/0x9c0 fscache_create_volume_work+0x97/0x150 process_one_work+0x7fa/0x1800 [...] Freed by task 120301: kfree+0xf1/0x2c0 cachefiles_withdraw_cache+0x3fa/0x920 cachefiles_put_unbind_pincount+0x1f6/0x250 cachefiles_daemon_release+0x13b/0x290 __fput+0x204/0xa00 task_work_run+0x139/0x230 do_exit+0x87a/0x29b0 [...] ================================================================== Following is the process that triggers the issue: p1 | p2 ------------------------------------------------------------ fscache_begin_lookup fscache_begin_volume_access fscache_cache_is_live(fscache_cache) cachefiles_daemon_release cachefiles_put_unbind_pincount cachefiles_daemon_unbind cachefiles_withdraw_cache fscache_withdraw_cache fscache_set_cache_state(cache, FSCACHE_CACHE_IS_WITHDRAWN); cachefiles_withdraw_objects(cache) fscache_wait_for_objects(fscache) atomic_read(&fscache_cache->object_count) == 0 fscache_perform_lookup cachefiles_lookup_cookie cachefiles_alloc_object refcount_set(&object->ref, 1); object->volume = volume fscache_count_object(vcookie->cache); atomic_inc(&fscache_cache->object_count) cachefiles_withdraw_volumes cachefiles_withdraw_volume fscache_withdraw_volume __cachefiles_free_volume kfree(cachefiles_volume) fscache_cookie_state_machine cachefiles_withdraw_cookie cache = object->volume->cache; // cachefiles_volume UAF !!! After setting FSCACHE_CACHE_IS_WITHDRAWN, wait for all the cookie lookups to complete first, and then wait for fscache_cache->object_count == 0 to avoid the cookie exiting after the volume has been freed and triggering the above issue. Therefore call fscache_withdraw_volume() before calling cachefiles_withdraw_objects(). This way, after setting FSCACHE_CACHE_IS_WITHDRAWN, only the following two cases will occur: 1) fscache_begin_lookup fails in fscache_begin_volume_access(). 2) fscache_withdraw_volume() will ensure that fscache_count_object() has been executed before calling fscache_wait_for_objects(). CVE-2024-41057 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41057.html CVE-2024-41057 https://bugzilla.suse.com/1228462 SUSE Bug 1228462 https://bugzilla.suse.com/1229275 SUSE Bug 1229275 In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: slab-use-after-free in fscache_withdraw_volume+0x2e1/0x370 Read of size 4 at addr ffff88810680be08 by task ondemand-04-dae/5798 CPU: 0 PID: 5798 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #565 Call Trace: kasan_check_range+0xf6/0x1b0 fscache_withdraw_volume+0x2e1/0x370 cachefiles_withdraw_volume+0x31/0x50 cachefiles_withdraw_cache+0x3ad/0x900 cachefiles_put_unbind_pincount+0x1f6/0x250 cachefiles_daemon_release+0x13b/0x290 __fput+0x204/0xa00 task_work_run+0x139/0x230 Allocated by task 5820: __kmalloc+0x1df/0x4b0 fscache_alloc_volume+0x70/0x600 __fscache_acquire_volume+0x1c/0x610 erofs_fscache_register_volume+0x96/0x1a0 erofs_fscache_register_fs+0x49a/0x690 erofs_fc_fill_super+0x6c0/0xcc0 vfs_get_super+0xa9/0x140 vfs_get_tree+0x8e/0x300 do_new_mount+0x28c/0x580 [...] Freed by task 5820: kfree+0xf1/0x2c0 fscache_put_volume.part.0+0x5cb/0x9e0 erofs_fscache_unregister_fs+0x157/0x1b0 erofs_kill_sb+0xd9/0x1c0 deactivate_locked_super+0xa3/0x100 vfs_get_super+0x105/0x140 vfs_get_tree+0x8e/0x300 do_new_mount+0x28c/0x580 [...] ================================================================== Following is the process that triggers the issue: mount failed | daemon exit ------------------------------------------------------------ deactivate_locked_super cachefiles_daemon_release erofs_kill_sb erofs_fscache_unregister_fs fscache_relinquish_volume __fscache_relinquish_volume fscache_put_volume(fscache_volume, fscache_volume_put_relinquish) zero = __refcount_dec_and_test(&fscache_volume->ref, &ref); cachefiles_put_unbind_pincount cachefiles_daemon_unbind cachefiles_withdraw_cache cachefiles_withdraw_volumes list_del_init(&volume->cache_link) fscache_free_volume(fscache_volume) cache->ops->free_volume cachefiles_free_volume list_del_init(&cachefiles_volume->cache_link); kfree(fscache_volume) cachefiles_withdraw_volume fscache_withdraw_volume fscache_volume->n_accesses // fscache_volume UAF !!! The fscache_volume in cache->volumes must not have been freed yet, but its reference count may be 0. So use the new fscache_try_get_volume() helper function try to get its reference count. If the reference count of fscache_volume is 0, fscache_put_volume() is freeing it, so wait for it to be removed from cache->volumes. If its reference count is not 0, call cachefiles_withdraw_volume() with reference count protection to avoid the above issue. CVE-2024-41058 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41058.html CVE-2024-41058 https://bugzilla.suse.com/1228459 SUSE Bug 1228459 In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750 vfs_listxattr fs/xattr.c:493 [inline] listxattr+0x1f3/0x6b0 fs/xattr.c:840 path_listxattr fs/xattr.c:864 [inline] __do_sys_listxattr fs/xattr.c:876 [inline] __se_sys_listxattr fs/xattr.c:873 [inline] __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873 x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:3877 [inline] slab_alloc_node mm/slub.c:3918 [inline] kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065 kmalloc include/linux/slab.h:628 [inline] hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699 vfs_listxattr fs/xattr.c:493 [inline] listxattr+0x1f3/0x6b0 fs/xattr.c:840 path_listxattr fs/xattr.c:864 [inline] __do_sys_listxattr fs/xattr.c:876 [inline] __se_sys_listxattr fs/xattr.c:873 [inline] __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873 x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [Fix] When allocating memory to strbuf, initialize memory to 0. CVE-2024-41059 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41059.html CVE-2024-41059 https://bugzilla.suse.com/1228561 SUSE Bug 1228561 https://bugzilla.suse.com/1228573 SUSE Bug 1228573 In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to check it before dereferencing it. CVE-2024-41060 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41060.html CVE-2024-41060 https://bugzilla.suse.com/1228567 SUSE Bug 1228567 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport [Why] Potential out of bounds access in dml2_calculate_rq_and_dlg_params() because the value of out_lowest_state_idx used as an index for FCLKChangeSupport array can be greater than 1. [How] Currently dml2 core specifies identical values for all FCLKChangeSupport elements. Always use index 0 in the condition to avoid out of bounds access. CVE-2024-41061 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41061.html CVE-2024-41061 https://bugzilla.suse.com/1228572 SUSE Bug 1228572 In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ---- sock_close hci_rx_work l2cap_sock_release hci_acldata_packet l2cap_sock_kill l2cap_recv_frame sk_free l2cap_conless_channel l2cap_sock_recv_cb If hci_rx_work processes the data that needs to be received before the sock is closed, then everything is normal; Otherwise, the work thread may access the released sock when receiving data. Add a chan mutex in the rx callback of the sock to achieve synchronization between the sock release and recv cb. Sock is dead, so set chan data to NULL, avoid others use invalid sock pointer. CVE-2024-41062 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41062.html CVE-2024-41062 https://bugzilla.suse.com/1228576 SUSE Bug 1228576 https://bugzilla.suse.com/1228578 SUSE Bug 1228578 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() syzbot is reporting that calling hci_release_dev() from hci_error_reset() due to hci_dev_put() from hci_error_reset() can cause deadlock at destroy_workqueue(), for hci_error_reset() is called from hdev->req_workqueue which destroy_workqueue() needs to flush. We need to make sure that hdev->{rx_work,cmd_work,tx_work} which are queued into hdev->workqueue and hdev->{power_on,error_reset} which are queued into hdev->req_workqueue are no longer running by the moment destroy_workqueue(hdev->workqueue); destroy_workqueue(hdev->req_workqueue); are called from hci_release_dev(). Call cancel_work_sync() on these work items from hci_unregister_dev() as soon as hdev->list is removed from hci_dev_list. CVE-2024-41063 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41063.html CVE-2024-41063 https://bugzilla.suse.com/1228580 SUSE Bug 1228580 In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: avoid possible crash when edev->pdev changes If a PCI device is removed during eeh_pe_report_edev(), edev->pdev will change and can cause a crash, hold the PCI rescan/remove lock while taking a copy of edev->pdev->bus. CVE-2024-41064 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41064.html CVE-2024-41064 https://bugzilla.suse.com/1228599 SUSE Bug 1228599 In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-* results in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as shown below. kernel BUG at mm/usercopy.c:102! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85 Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries NIP: c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8 REGS: c000000120c078c0 TRAP: 0700 Not tainted (6.10.0-rc3) MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 2828220f XER: 0000000e CFAR: c0000000001fdc80 IRQMASK: 0 [ ... GPRs omitted ... ] NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0 LR [c0000000005d23d0] usercopy_abort+0x74/0xb0 Call Trace: usercopy_abort+0x74/0xb0 (unreliable) __check_heap_object+0xf8/0x120 check_heap_object+0x218/0x240 __check_object_size+0x84/0x1a4 dtl_file_read+0x17c/0x2c4 full_proxy_read+0x8c/0x110 vfs_read+0xdc/0x3a0 ksys_read+0x84/0x144 system_call_exception+0x124/0x330 system_call_vectored_common+0x15c/0x2ec --- interrupt: 3000 at 0x7fff81f3ab34 Commit 6d07d1cd300f ("usercopy: Restrict non-usercopy caches to size 0") requires that only whitelisted areas in slab/slub objects can be copied to userspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY. Dtl contains hypervisor dispatch events which are expected to be read by privileged users. Hence mark this safe for user access. Specify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the entire object. CVE-2024-41065 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41065.html CVE-2024-41065 https://bugzilla.suse.com/1228636 SUSE Bug 1228636 In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: tx_buff[free_map[consumer_index]]->skb = new_skb; free_map[consumer_index] = IBMVNIC_INVALID_MAP; consumer_index ++; Where variable data looks like this: free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3] consumer_index^ tx_buff == [skb=null, skb=<ptr>, skb=<ptr>, skb=null, skb=null] The driver has checks to ensure that free_map[consumer_index] pointed to a valid index but there was no check to ensure that this index pointed to an unused/null skb address. So, if, by some chance, our free_map and tx_buff lists become out of sync then we were previously risking an skb memory leak. This could then cause tcp congestion control to stop sending packets, eventually leading to ETIMEDOUT. Therefore, add a conditional to ensure that the skb address is null. If not then warn the user (because this is still a bug that should be patched) and free the old pointer to prevent memleak/tcp problems. CVE-2024-41066 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41066.html CVE-2024-41066 https://bugzilla.suse.com/1228640 SUSE Bug 1228640 In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix sclp_init() cleanup on failure If sclp_init() fails it only partially cleans up: if there are multiple failing calls to sclp_init() sclp_state_change_event will be added several times to sclp_reg_list, which results in the following warning: ------------[ cut here ]------------ list_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10. WARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3 Krnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8) R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 ... Call Trace: [<000003ffe0d6076a>] __list_add_valid_or_report+0xe2/0xf8 ([<000003ffe0d60766>] __list_add_valid_or_report+0xde/0xf8) [<000003ffe0a8d37e>] sclp_init+0x40e/0x450 [<000003ffe00009f2>] do_one_initcall+0x42/0x1e0 [<000003ffe15b77a6>] do_initcalls+0x126/0x150 [<000003ffe15b7a0a>] kernel_init_freeable+0x1ba/0x1f8 [<000003ffe0d6650e>] kernel_init+0x2e/0x180 [<000003ffe000301c>] __ret_from_fork+0x3c/0x60 [<000003ffe0d759ca>] ret_from_fork+0xa/0x30 Fix this by removing sclp_state_change_event from sclp_reg_list when sclp_init() fails. CVE-2024-41068 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41068.html CVE-2024-41068 https://bugzilla.suse.com/1228579 SUSE Bug 1228579 In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, so having pointer references directly into topology file contents is wrong. Use devm_kmemdup(), to allocate memory as needed. CVE-2024-41069 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41069.html CVE-2024-41069 https://bugzilla.suse.com/1228644 SUSE Bug 1228644 https://bugzilla.suse.com/1228645 SUSE Bug 1228645 In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Al reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group(). It looks up `stt` from tablefd, but then continues to use it after doing fdput() on the returned fd. After the fdput() the tablefd is free to be closed by another thread. The close calls kvm_spapr_tce_release() and then release_spapr_tce_table() (via call_rcu()) which frees `stt`. Although there are calls to rcu_read_lock() in kvm_spapr_tce_attach_iommu_group() they are not sufficient to prevent the UAF, because `stt` is used outside the locked regions. With an artifcial delay after the fdput() and a userspace program which triggers the race, KASAN detects the UAF: BUG: KASAN: slab-use-after-free in kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm] Read of size 4 at addr c000200027552c30 by task kvm-vfio/2505 CPU: 54 PID: 2505 Comm: kvm-vfio Not tainted 6.10.0-rc3-next-20240612-dirty #1 Hardware name: 8335-GTH POWER9 0x4e1202 opal:skiboot-v6.5.3-35-g1851b2a06 PowerNV Call Trace: dump_stack_lvl+0xb4/0x108 (unreliable) print_report+0x2b4/0x6ec kasan_report+0x118/0x2b0 __asan_load4+0xb8/0xd0 kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm] kvm_vfio_set_attr+0x524/0xac0 [kvm] kvm_device_ioctl+0x144/0x240 [kvm] sys_ioctl+0x62c/0x1810 system_call_exception+0x190/0x440 system_call_vectored_common+0x15c/0x2ec ... Freed by task 0: ... kfree+0xec/0x3e0 release_spapr_tce_table+0xd4/0x11c [kvm] rcu_core+0x568/0x16a0 handle_softirqs+0x23c/0x920 do_softirq_own_stack+0x6c/0x90 do_softirq_own_stack+0x58/0x90 __irq_exit_rcu+0x218/0x2d0 irq_exit+0x30/0x80 arch_local_irq_restore+0x128/0x230 arch_local_irq_enable+0x1c/0x30 cpuidle_enter_state+0x134/0x5cc cpuidle_enter+0x6c/0xb0 call_cpuidle+0x7c/0x100 do_idle+0x394/0x410 cpu_startup_entry+0x60/0x70 start_secondary+0x3fc/0x410 start_secondary_prolog+0x10/0x14 Fix it by delaying the fdput() until `stt` is no longer in use, which is effectively the entire function. To keep the patch minimal add a call to fdput() at each of the existing return paths. Future work can convert the function to goto or __cleanup style cleanup. With the fix in place the test case no longer triggers the UAF. CVE-2024-41070 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41070.html CVE-2024-41070 https://bugzilla.suse.com/1228581 SUSE Bug 1228581 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-41071 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41071.html CVE-2024-41071 https://bugzilla.suse.com/1228625 SUSE Bug 1228625 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check whether number of channels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise. CVE-2024-41072 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41072.html CVE-2024-41072 https://bugzilla.suse.com/1228626 SUSE Bug 1228626 In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQF_SPECIAL_LOAD when the request is cleaned. CVE-2024-41073 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41073.html CVE-2024-41073 https://bugzilla.suse.com/1228635 SUSE Bug 1228635 In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemand_id < 0 in copen If copen is maliciously called in the user mode, it may delete the request corresponding to the random id. And the request may have not been read yet. Note that when the object is set to reopen, the open request will be done with the still reopen state in above case. As a result, the request corresponding to this object is always skipped in select_req function, so the read request is never completed and blocks other process. Fix this issue by simply set object to close if its id < 0 in copen. CVE-2024-41074 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41074.html CVE-2024-41074 https://bugzilla.suse.com/1228643 SUSE Bug 1228643 In the Linux kernel, the following vulnerability has been resolved: cachefiles: add consistency check for copen/cread This prevents malicious processes from completing random copen/cread requests and crashing the system. Added checks are listed below: * Generic, copen can only complete open requests, and cread can only complete read requests. * For copen, ondemand_id must not be 0, because this indicates that the request has not been read by the daemon. * For cread, the object corresponding to fd and req should be the same. CVE-2024-41075 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41075.html CVE-2024-41075 https://bugzilla.suse.com/1228646 SUSE Bug 1228646 In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4_set_security_label We leak nfs_fattr and nfs4_label every time we set a security xattr. CVE-2024-41076 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41076.html CVE-2024-41076 https://bugzilla.suse.com/1228649 SUSE Bug 1228649 In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix quota root leak after quota disable failure If during the quota disable we fail when cleaning the quota tree or when deleting the root from the root tree, we jump to the 'out' label without ever dropping the reference on the quota root, resulting in a leak of the root since fs_info->quota_root is no longer pointing to the root (we have set it to NULL just before those steps). Fix this by always doing a btrfs_put_root() call under the 'out' label. This is a problem that exists since qgroups were first added in 2012 by commit bed92eae26cc ("Btrfs: qgroup implementation and prototypes"), but back then we missed a kfree on the quota root and free_extent_buffer() calls on its root and commit root nodes, since back then roots were not yet reference counted. CVE-2024-41078 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41078.html CVE-2024-41078 https://bugzilla.suse.com/1228655 SUSE Bug 1228655 In the Linux kernel, the following vulnerability has been resolved: nvmet: always initialize cqe.result The spec doesn't mandate that the first two double words (aka results) for the command queue entry need to be set to 0 when they are not used (not specified). Though, the target implemention returns 0 for TCP and FC but not for RDMA. Let's make RDMA behave the same and thus explicitly initializing the result field. This prevents leaking any data from the stack. CVE-2024-41079 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41079.html CVE-2024-41079 https://bugzilla.suse.com/1228615 SUSE Bug 1228615 In the Linux kernel, the following vulnerability has been resolved: io_uring: fix possible deadlock in io_register_iowq_max_workers() The io_register_iowq_max_workers() function calls io_put_sq_data(), which acquires the sqd->lock without releasing the uring_lock. Similar to the commit 009ad9f0c6ee ("io_uring: drop ctx->uring_lock before acquiring sqd->lock"), this can lead to a potential deadlock situation. To resolve this issue, the uring_lock is released before calling io_put_sq_data(), and then it is re-acquired after the function call. This change ensures that the locks are acquired in the correct order, preventing the possibility of a deadlock. CVE-2024-41080 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41080.html CVE-2024-41080 https://bugzilla.suse.com/1228616 SUSE Bug 1228616 In the Linux kernel, the following vulnerability has been resolved: ila: block BH in ila_output() As explained in commit 1378817486d6 ("tipc: block BH before using dst_cache"), net/core/dst_cache.c helpers need to be called with BH disabled. ila_output() is called from lwtunnel_output() possibly from process context, and under rcu_read_lock(). We might be interrupted by a softirq, re-enter ila_output() and corrupt dst_cache data structures. Fix the race by using local_bh_disable(). CVE-2024-41081 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41081.html CVE-2024-41081 https://bugzilla.suse.com/1228617 SUSE Bug 1228617 In the Linux kernel, the following vulnerability has been resolved: cxl/region: Avoid null pointer dereference in region lookup cxl_dpa_to_region() looks up a region based on a memdev and DPA. It wrongly assumes an endpoint found mapping the DPA is also of a fully assembled region. When not true it leads to a null pointer dereference looking up the region name. This appears during testing of region lookup after a failure to assemble a BIOS defined region or if the lookup raced with the assembly of the BIOS defined region. Failure to clean up BIOS defined regions that fail assembly is an issue in itself and a fix to that problem will alleviate some of the impact. It will not alleviate the race condition so let's harden this path. The behavior change is that the kernel oops due to a null pointer dereference is replaced with a dev_dbg() message noting that an endpoint was mapped. Additional comments are added so that future users of this function can more clearly understand what it provides. CVE-2024-41084 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41084.html CVE-2024-41084 https://bugzilla.suse.com/1228472 SUSE Bug 1228472 In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_out label, which will call devres_release_group(). devres_release_group() will trigger a call to ata_host_release(). ata_host_release() calls kfree(host), so executing the kfree(host) in ata_host_alloc() will lead to a double free: kernel BUG at mm/slub.c:553! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 RIP: 0010:kfree+0x2cf/0x2f0 Code: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da RSP: 0018:ffffc90000f377f0 EFLAGS: 00010246 RAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320 RDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0 RBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780 R13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006 FS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x6a/0x90 ? kfree+0x2cf/0x2f0 ? exc_invalid_op+0x50/0x70 ? kfree+0x2cf/0x2f0 ? asm_exc_invalid_op+0x1a/0x20 ? ata_host_alloc+0xf5/0x120 [libata] ? ata_host_alloc+0xf5/0x120 [libata] ? kfree+0x2cf/0x2f0 ata_host_alloc+0xf5/0x120 [libata] ata_host_alloc_pinfo+0x14/0xa0 [libata] ahci_init_one+0x6c9/0xd20 [ahci] Ensure that we will not call kfree(host) twice, by performing the kfree() only if the devres_open_group() call failed. CVE-2024-41087 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41087.html CVE-2024-41087 https://bugzilla.suse.com/1228466 SUSE Bug 1228466 https://bugzilla.suse.com/1228740 SUSE Bug 1228740 In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfd_start_xmit() function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running application. Error messages: [ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16 [ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3). ... and repeat forever. The issue can be triggered when multiple devices share the same SPI interface. And there is concurrent access to the bus. The problem occurs because tx_ring->head increments even if mcp251xfd_start_xmit() fails. Consequently, the driver skips one TX package while still expecting a response in mcp251xfd_handle_tefif_one(). Resolve the issue by starting a workqueue to write the tx obj synchronously if err = -EBUSY. In case of another error, decrement tx_ring->head, remove skb from the echo stack, and drop the message. [mkl: use more imperative wording in patch description] CVE-2024-41088 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41088.html CVE-2024-41088 https://bugzilla.suse.com/1228469 SUSE Bug 1228469 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes In nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). The same applies to drm_cvt_mode(). Add a check to avoid null pointer dereference. CVE-2024-41089 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41089.html CVE-2024-41089 https://bugzilla.suse.com/1228658 SUSE Bug 1228658 In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by igt@i915_selftest@live@hangcheck on ADL-P and similar machines: <6> [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence ... <6> [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled <6> [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled <3> [414.070354] Unable to pin Y-tiled fence; err:-4 <3> [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(&fence->active)) ... <4>[ 609.603992] ------------[ cut here ]------------ <2>[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301! <4>[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <4>[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1 <4>[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023 <4>[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915] <4>[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915] ... <4>[ 609.604271] Call Trace: <4>[ 609.604273] <TASK> ... <4>[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915] <4>[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915] <4>[ 609.604977] force_unbind+0x24/0xa0 [i915] <4>[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915] <4>[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915] <4>[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915] <4>[ 609.605440] process_scheduled_works+0x351/0x690 ... In the past, there were similar failures reported by CI from other IGT tests, observed on other platforms. Before commit 63baf4f3d587 ("drm/i915/gt: Only wait for GPU activity before unbinding a GGTT fence"), i915_vma_revoke_fence() was waiting for idleness of vma->active via fence_update(). That commit introduced vma->fence->active in order for the fence_update() to be able to wait selectively on that one instead of vma->active since only idleness of fence registers was needed. But then, another commit 0d86ee35097a ("drm/i915/gt: Make fence revocation unequivocal") replaced the call to fence_update() in i915_vma_revoke_fence() with only fence_write(), and also added that GEM_BUG_ON(!i915_active_is_idle(&fence->active)) in front. No justification was provided on why we might then expect idleness of vma->fence->active without first waiting on it. The issue can be potentially caused by a race among revocation of fence registers on one side and sequential execution of signal callbacks invoked on completion of a request that was using them on the other, still processed in parallel to revocation of those fence registers. Fix it by waiting for idleness of vma->fence->active in i915_vma_revoke_fence(). (cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1) CVE-2024-41092 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41092.html CVE-2024-41092 https://bugzilla.suse.com/1228483 SUSE Bug 1228483 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer. CVE-2024-41093 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41093.html CVE-2024-41093 https://bugzilla.suse.com/1228660 SUSE Bug 1228660 In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Only set smem_start is enable per module option Only export struct fb_info.fix.smem_start if that is required by the user and the memory does not come from vmalloc(). Setting struct fb_info.fix.smem_start breaks systems where DMA memory is backed by vmalloc address space. An example error is shown below. [ 3.536043] ------------[ cut here ]------------ [ 3.540716] virt_to_phys used for non-linear address: 000000007fc4f540 (0xffff800086001000) [ 3.552628] WARNING: CPU: 4 PID: 61 at arch/arm64/mm/physaddr.c:12 __virt_to_phys+0x68/0x98 [ 3.565455] Modules linked in: [ 3.568525] CPU: 4 PID: 61 Comm: kworker/u12:5 Not tainted 6.6.23-06226-g4986cc3e1b75-dirty #250 [ 3.577310] Hardware name: NXP i.MX95 19X19 board (DT) [ 3.582452] Workqueue: events_unbound deferred_probe_work_func [ 3.588291] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.595233] pc : __virt_to_phys+0x68/0x98 [ 3.599246] lr : __virt_to_phys+0x68/0x98 [ 3.603276] sp : ffff800083603990 [ 3.677939] Call trace: [ 3.680393] __virt_to_phys+0x68/0x98 [ 3.684067] drm_fbdev_dma_helper_fb_probe+0x138/0x238 [ 3.689214] __drm_fb_helper_initial_config_and_unlock+0x2b0/0x4c0 [ 3.695385] drm_fb_helper_initial_config+0x4c/0x68 [ 3.700264] drm_fbdev_dma_client_hotplug+0x8c/0xe0 [ 3.705161] drm_client_register+0x60/0xb0 [ 3.709269] drm_fbdev_dma_setup+0x94/0x148 Additionally, DMA memory is assumed to by contiguous in physical address space, which is not guaranteed by vmalloc(). Resolve this by checking the module flag drm_leak_fbdev_smem when DRM allocated the instance of struct fb_info. Fbdev-dma then only sets smem_start only if required (via FBINFO_HIDE_SMEM_START). Also guarantee that the framebuffer is not located in vmalloc address space. CVE-2024-41094 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41094.html CVE-2024-41094 https://bugzilla.suse.com/1228458 SUSE Bug 1228458 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes In nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. CVE-2024-41095 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41095.html CVE-2024-41095 https://bugzilla.suse.com/1228662 SUSE Bug 1228662 In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Fix UAF in msi_capability_init KFENCE reports the following UAF: BUG: KFENCE: use-after-free read in __pci_enable_msi_range+0x2c0/0x488 Use-after-free read at 0x0000000024629571 (in kfence-#12): __pci_enable_msi_range+0x2c0/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 kfence-#12: 0x0000000008614900-0x00000000e06c228d, size=104, cache=kmalloc-128 allocated by task 81 on cpu 7 at 10.808142s: __kmem_cache_alloc_node+0x1f0/0x2bc kmalloc_trace+0x44/0x138 msi_alloc_desc+0x3c/0x9c msi_domain_insert_msi_desc+0x30/0x78 msi_setup_msi_desc+0x13c/0x184 __pci_enable_msi_range+0x258/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 freed by task 81 on cpu 7 at 10.811436s: msi_domain_free_descs+0xd4/0x10c msi_domain_free_locked.part.0+0xc0/0x1d8 msi_domain_alloc_irqs_all_locked+0xb4/0xbc pci_msi_setup_msi_irqs+0x30/0x4c __pci_enable_msi_range+0x2a8/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 Descriptor allocation done in: __pci_enable_msi_range msi_capability_init msi_setup_msi_desc msi_insert_msi_desc msi_domain_insert_msi_desc msi_alloc_desc ... Freed in case of failure in __msi_domain_alloc_locked() __pci_enable_msi_range msi_capability_init pci_msi_setup_msi_irqs msi_domain_alloc_irqs_all_locked msi_domain_alloc_locked __msi_domain_alloc_locked => fails msi_domain_free_locked ... That failure propagates back to pci_msi_setup_msi_irqs() in msi_capability_init() which accesses the descriptor for unmasking in the error exit path. Cure it by copying the descriptor and using the copy for the error exit path unmask operation. [ tglx: Massaged change log ] CVE-2024-41096 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41096.html CVE-2024-41096 https://bugzilla.suse.com/1228479 SUSE Bug 1228479 In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacru_bind() Syzbot is still reporting quite an old issue [1] that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting stage which in turn triggers a warning in usb_submit_urb(). Fix the issue by verifying that required endpoint types are present for both in and out endpoints, taking into account cmd endpoint type. Unfortunately, this patch has not been tested on real hardware. [1] Syzbot report: usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 Modules linked in: CPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 ... Call Trace: cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649 cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760 cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209 usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055 cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:517 [inline] really_probe+0x23c/0xcd0 drivers/base/dd.c:595 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427 __device_attach+0x228/0x4a0 drivers/base/dd.c:965 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487 device_add+0xc2f/0x2180 drivers/base/core.c:3354 usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293 CVE-2024-41097 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41097.html CVE-2024-41097 https://bugzilla.suse.com/1228513 SUSE Bug 1228513 In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error If the ata_port_alloc() call in ata_host_alloc() fails, ata_host_release() will get called. However, the code in ata_host_release() tries to free ata_port struct members unconditionally, which can lead to the following: BUG: unable to handle page fault for address: 0000000000003990 PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10.0-rc5 #44 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 RIP: 0010:ata_host_release.cold+0x2f/0x6e [libata] Code: e4 4d 63 f4 44 89 e2 48 c7 c6 90 ad 32 c0 48 c7 c7 d0 70 33 c0 49 83 c6 0e 41 RSP: 0018:ffffc90000ebb968 EFLAGS: 00010246 RAX: 0000000000000041 RBX: ffff88810fb52e78 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff88813b3218c0 RDI: ffff88813b3218c0 RBP: ffff88810fb52e40 R08: 0000000000000000 R09: 6c65725f74736f68 R10: ffffc90000ebb738 R11: 73692033203a746e R12: 0000000000000004 R13: 0000000000000000 R14: 0000000000000011 R15: 0000000000000006 FS: 00007f6cc55b9980(0000) GS:ffff88813b300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000003990 CR3: 00000001122a2000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2f0 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? ata_host_release.cold+0x2f/0x6e [libata] ? ata_host_release.cold+0x2f/0x6e [libata] release_nodes+0x35/0xb0 devres_release_group+0x113/0x140 ata_host_alloc+0xed/0x120 [libata] ata_host_alloc_pinfo+0x14/0xa0 [libata] ahci_init_one+0x6c9/0xd20 [ahci] Do not access ata_port struct members unconditionally. CVE-2024-41098 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-41098.html CVE-2024-41098 https://bugzilla.suse.com/1228467 SUSE Bug 1228467 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip pipe if the pipe idx not set properly [why] Driver crashes when pipe idx not set properly [how] Add code to skip the pipe that idx not set properly CVE-2024-42064 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42064.html CVE-2024-42064 https://bugzilla.suse.com/1228586 SUSE Bug 1228586 In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), callback function adev_release calls kfree(madev). We shouldn't call kfree(madev) again in the error handling path. Set 'madev' to NULL. CVE-2024-42069 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42069.html CVE-2024-42069 https://bugzilla.suse.com/1228463 SUSE Bug 1228463 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers. CVE-2024-42070 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42070.html CVE-2024-42070 https://bugzilla.suse.com/1228470 SUSE Bug 1228470 In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems The following two shared buffer operations make use of the Shared Buffer Status Register (SBSR): # devlink sb occupancy snapshot pci/0000:01:00.0 # devlink sb occupancy clearmax pci/0000:01:00.0 The register has two masks of 256 bits to denote on which ingress / egress ports the register should operate on. Spectrum-4 has more than 256 ports, so the register was extended by cited commit with a new 'port_page' field. However, when filling the register's payload, the driver specifies the ports as absolute numbers and not relative to the first port of the port page, resulting in memory corruptions [1]. Fix by specifying the ports relative to the first port of the port page. [1] BUG: KASAN: slab-use-after-free in mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0 Read of size 1 at addr ffff8881068cb00f by task devlink/1566 [...] Call Trace: <TASK> dump_stack_lvl+0xc6/0x120 print_report+0xce/0x670 kasan_report+0xd7/0x110 mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0 mlxsw_devlink_sb_occ_snapshot+0x75/0xb0 devlink_nl_sb_occ_snapshot_doit+0x1f9/0x2a0 genl_family_rcv_msg_doit+0x20c/0x300 genl_rcv_msg+0x567/0x800 netlink_rcv_skb+0x170/0x450 genl_rcv+0x2d/0x40 netlink_unicast+0x547/0x830 netlink_sendmsg+0x8d4/0xdb0 __sys_sendto+0x49b/0x510 __x64_sys_sendto+0xe5/0x1c0 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f [...] Allocated by task 1: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 copy_verifier_state+0xbc2/0xfb0 do_check_common+0x2c51/0xc7e0 bpf_check+0x5107/0x9960 bpf_prog_load+0xf0e/0x2690 __sys_bpf+0x1a61/0x49d0 __x64_sys_bpf+0x7d/0xc0 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 1: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 poison_slab_object+0x109/0x170 __kasan_slab_free+0x14/0x30 kfree+0xca/0x2b0 free_verifier_state+0xce/0x270 do_check_common+0x4828/0xc7e0 bpf_check+0x5107/0x9960 bpf_prog_load+0xf0e/0x2690 __sys_bpf+0x1a61/0x49d0 __x64_sys_bpf+0x7d/0xc0 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f CVE-2024-42073 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42073.html CVE-2024-42073 https://bugzilla.suse.com/1228457 SUSE Bug 1228457 In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: add a null check for chip_pdev structure When acp platform device creation is skipped, chip->chip_pdev value will remain NULL. Add NULL check for chip->chip_pdev structure in snd_acp_resume() function to avoid null pointer dereference. CVE-2024-42074 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42074.html CVE-2024-42074 https://bugzilla.suse.com/1228481 SUSE Bug 1228481 In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939_send_one() syzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one() creates full frame including unused data, but it doesn't initialize it. This causes the kernel-infoleak issue. Fix this by initializing unused data. [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copy_to_user_iter lib/iov_iter.c:24 [inline] iterate_ubuf include/linux/iov_iter.h:29 [inline] iterate_and_advance2 include/linux/iov_iter.h:245 [inline] iterate_and_advance include/linux/iov_iter.h:271 [inline] _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185 copy_to_iter include/linux/uio.h:196 [inline] memcpy_to_msg include/linux/skbuff.h:4113 [inline] raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008 sock_recvmsg_nosec net/socket.c:1046 [inline] sock_recvmsg+0x2c4/0x340 net/socket.c:1068 ____sys_recvmsg+0x18a/0x620 net/socket.c:2803 ___sys_recvmsg+0x223/0x840 net/socket.c:2845 do_recvmmsg+0x4fc/0xfd0 net/socket.c:2939 __sys_recvmmsg net/socket.c:3018 [inline] __do_sys_recvmmsg net/socket.c:3041 [inline] __se_sys_recvmmsg net/socket.c:3034 [inline] __x64_sys_recvmmsg+0x397/0x490 net/socket.c:3034 x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:3804 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577 __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668 alloc_skb include/linux/skbuff.h:1313 [inline] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795 sock_alloc_send_skb include/net/sock.h:1842 [inline] j1939_sk_alloc_skb net/can/j1939/socket.c:878 [inline] j1939_sk_send_loop net/can/j1939/socket.c:1142 [inline] j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 ____sys_sendmsg+0x877/0xb60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674 x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Bytes 12-15 of 16 are uninitialized Memory access of size 16 starts at ffff888120969690 Data copied to user address 00000000200017c0 CPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 CVE-2024-42076 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42076.html CVE-2024-42076 https://bugzilla.suse.com/1228484 SUSE Bug 1228484 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not take into account that the IO could be arbitrarily large and can contain arbitrary number of extents. Extent tree manipulations do often extend the current transaction but not in all of the cases. For example if we have only single block extents in the tree, ocfs2_mark_extent_written() will end up calling ocfs2_replace_extent_rec() all the time and we will never extend the current transaction and eventually exhaust all the transaction credits if the IO contains many single block extents. Once that happens a WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to this error. This was actually triggered by one of our customers on a heavily fragmented OCFS2 filesystem. To fix the issue make sure the transaction always has enough credits for one extent insert before each call of ocfs2_mark_extent_written(). Heming Zhao said: ------ PANIC: "Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error" PID: xxx TASK: xxxx CPU: 5 COMMAND: "SubmitThread-CA" #0 machine_kexec at ffffffff8c069932 #1 __crash_kexec at ffffffff8c1338fa #2 panic at ffffffff8c1d69b9 #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2] #4 __ocfs2_abort at ffffffffc0c88387 [ocfs2] #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2] #6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2] #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2] #8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2] #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2] #10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2] #11 dio_complete at ffffffff8c2b9fa7 #12 do_blockdev_direct_IO at ffffffff8c2bc09f #13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2] #14 generic_file_direct_write at ffffffff8c1dcf14 #15 __generic_file_write_iter at ffffffff8c1dd07b #16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2] #17 aio_write at ffffffff8c2cc72e #18 kmem_cache_alloc at ffffffff8c248dde #19 do_io_submit at ffffffff8c2ccada #20 do_syscall_64 at ffffffff8c004984 #21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba CVE-2024-42077 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42077.html CVE-2024-42077 https://bugzilla.suse.com/1228516 SUSE Bug 1228516 In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix NULL pointer dereference in gfs2_log_flush In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush lock to provide exclusion against gfs2_log_flush(). In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before dereferencing it. Otherwise, we could run into a NULL pointer dereference when outstanding glock work races with an unmount (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> gfs2_log_flush). CVE-2024-42079 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42079.html CVE-2024-42079 https://bugzilla.suse.com/1228672 SUSE Bug 1228672 In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Fix potential invalid address access struct rdma_restrack_entry's kern_name was set to KBUILD_MODNAME in ib_create_cq(), while if the module exited but forgot del this rdma_restrack_entry, it would cause a invalid address access in rdma_restrack_clean() when print the owner of this rdma_restrack_entry. These code is used to help find one forgotten PD release in one of the ULPs. But it is not needed anymore, so delete them. CVE-2024-42080 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42080.html CVE-2024-42080 https://bugzilla.suse.com/1228673 SUSE Bug 1228673 In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __mem_id_init_hash_table() returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtable_init() fails when some fields of rhashtable_params struct are not initialized properly. The second case cannot happen since there is a static const rhashtable_params struct with valid fields. So, warning is only triggered when there is a problem with memory allocation. Thus, there is no sense in using WARN() to handle this error and it can be safely removed. WARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 CPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 Call Trace: xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344 xdp_test_run_setup net/bpf/test_run.c:188 [inline] bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Found by Linux Verification Center (linuxtesting.org) with syzkaller. CVE-2024-42082 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42082.html CVE-2024-42082 https://bugzilla.suse.com/1228482 SUSE Bug 1228482 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock When config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system to enter suspend status with below command: echo mem > /sys/power/state There will be a deadlock issue occurring. Detailed invoking path as below: dwc3_suspend_common() spin_lock_irqsave(&dwc->lock, flags); <-- 1st dwc3_gadget_suspend(dwc); dwc3_gadget_soft_disconnect(dwc); spin_lock_irqsave(&dwc->lock, flags); <-- 2nd This issue is exposed by commit c7ebd8149ee5 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend") that removes the code of checking whether dwc->gadget_driver is NULL or not. It causes the following code is executed and deadlock occurs when trying to get the spinlock. In fact, the root cause is the commit 5265397f9442("usb: dwc3: Remove DWC3 locking during gadget suspend/resume") that forgot to remove the lock of otg mode. So, remove the redundant lock of otg mode during gadget suspend/resume. CVE-2024-42085 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42085.html CVE-2024-42085 https://bugzilla.suse.com/1228456 SUSE Bug 1228456 In the Linux kernel, the following vulnerability has been resolved: iio: chemical: bme680: Fix overflows in compensate() functions There are cases in the compensate functions of the driver that there could be overflows of variables due to bit shifting ops. These implications were initially discussed here [1] and they were mentioned in log message of Commit 1b3bd8592780 ("iio: chemical: Add support for Bosch BME680 sensor"). [1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/ CVE-2024-42086 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42086.html CVE-2024-42086 https://bugzilla.suse.com/1228452 SUSE Bug 1228452 In the Linux kernel, the following vulnerability has been resolved: drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleeping gpiod_set_value() function. This complains loudly when the GPIO controller needs to sleep. As the caller can sleep, use gpiod_set_value_cansleep() to fix the issue. CVE-2024-42087 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42087.html CVE-2024-42087 https://bugzilla.suse.com/1228677 SUSE Bug 1228677 In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: set priv->pdev before using it priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations. CVE-2024-42089 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42089.html CVE-2024-42089 https://bugzilla.suse.com/1228450 SUSE Bug 1228450 In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER In create_pinctrl(), pinctrl_maps_mutex is acquired before calling add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl() calls pinctrl_free(). However, pinctrl_free() attempts to acquire pinctrl_maps_mutex, which is already held by create_pinctrl(), leading to a potential deadlock. This patch resolves the issue by releasing pinctrl_maps_mutex before calling pinctrl_free(), preventing the deadlock. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. CVE-2024-42090 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42090.html CVE-2024-42090 https://bugzilla.suse.com/1228449 SUSE Bug 1228449 In the Linux kernel, the following vulnerability has been resolved: gpio: davinci: Validate the obtained number of IRQs Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken DT due to any error this value can be any. Without this value validation there can be out of chips->irqs array boundaries access in davinci_gpio_probe(). Validate the obtained nirq value so that it won't exceed the maximum number of IRQs per bank. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-42092 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42092.html CVE-2024-42092 https://bugzilla.suse.com/1228447 SUSE Bug 1228447 In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code should always use *cpumask_var API(s) to allocate cpumask var in config-neutral way, leaving allocation strategy to CONFIG_CPUMASK_OFFSTACK. Use *cpumask_var API(s) to address it. CVE-2024-42093 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42093.html CVE-2024-42093 https://bugzilla.suse.com/1228680 SUSE Bug 1228680 In the Linux kernel, the following vulnerability has been resolved: serial: 8250_omap: Implementation of Errata i2310 As per Errata i2310[0], Erroneous timeout can be triggered, if this Erroneous interrupt is not cleared then it may leads to storm of interrupts, therefore apply Errata i2310 solution. [0] https://www.ti.com/lit/pdf/sprz536 page 23 CVE-2024-42095 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42095.html CVE-2024-42095 https://bugzilla.suse.com/1228446 SUSE Bug 1228446 In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout that aren't necessarily valid. Basically, the code tries to account the time spent in spinlocks to the caller rather than the spinlock, and while I support that as a concept, it's not worth the code complexity or the KASAN warnings when no serious profiling is done using timers anyway these days. And the code really does depend on stack layout that is only true in the simplest of cases. We've lost the comment at some point (I think when the 32-bit and 64-bit code was unified), but it used to say: Assume the lock function has either no stack frame or a copy of eflags from PUSHF. which explains why it just blindly loads a word or two straight off the stack pointer and then takes a minimal look at the values to just check if they might be eflags or the return pc: Eflags always has bits 22 and up cleared unlike kernel addresses but that basic stack layout assumption assumes that there isn't any lock debugging etc going on that would complicate the code and cause a stack frame. It causes KASAN unhappiness reported for years by syzkaller [1] and others [2]. With no real practical reason for this any more, just remove the code. Just for historical interest, here's some background commits relating to this code from 2006: 0cb91a229364 ("i386: Account spinlocks to the caller during profiling for !FP kernels") 31679f38d886 ("Simplify profile_pc on x86-64") and a code unification from 2009: ef4512882dbe ("x86: time_32/64.c unify profile_pc") but the basics of this thing actually goes back to before the git tree. CVE-2024-42096 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42096.html CVE-2024-42096 https://bugzilla.suse.com/1228633 SUSE Bug 1228633 In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In load_data(), make the validation of and skipping over the main info block match that in load_guspatch(). In load_guspatch(), add checking that the specified patch length matches the actually supplied data, like load_data() already did. CVE-2024-42097 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42097.html CVE-2024-42097 https://bugzilla.suse.com/1228766 SUSE Bug 1228766 In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that the caller provides a key (or the newly generated key) which is shorter than the previous key. In that scenario, some key material from the previous key would not be overwritten. The easiest solution is to explicitly zeroize the entire private_key array first. Note that this patch slightly changes the behavior of this function: previously, if the ecc_gen_privkey failed, the old private_key would remain. Now, the private_key is always zeroized. This behavior is consistent with the case where params.key is set and ecc_is_key_valid fails. CVE-2024-42098 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42098.html CVE-2024-42098 https://bugzilla.suse.com/1228779 SUSE Bug 1228779 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. CVE-2024-42101 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42101.html CVE-2024-42101 https://bugzilla.suse.com/1228495 SUSE Bug 1228495 In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file inodes, which triggers a kernel bug in lru_add_fn(). As Jan Kara pointed out, this is because the link count of a metadata file gets corrupted to 0, and nilfs_evict_inode(), which is called from iput(), tries to delete that inode (ifile inode in this case). The inconsistency occurs because directories containing the inode numbers of these metadata files that should not be visible in the namespace are read without checking. Fix this issue by treating the inode numbers of these internal files as errors in the sanity check helper when reading directory folios/pages. Also thanks to Hillf Danton and Matthew Wilcox for their initial mm-layer analysis. CVE-2024-42104 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42104.html CVE-2024-42104 https://bugzilla.suse.com/1228654 SUSE Bug 1228654 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the namespace on a corrupted filesystem, and a couple of flaws that cause problems if the starting number of non-reserved inodes written in the on-disk super block is intentionally (or corruptly) changed from its default value. This patch (of 3): In the current implementation of nilfs2, "nilfs->ns_first_ino", which gives the first non-reserved inode number, is read from the superblock, but its lower limit is not checked. As a result, if a number that overlaps with the inode number range of reserved inodes such as the root directory or metadata files is set in the super block parameter, the inode number test macros (NILFS_MDT_INODE and NILFS_VALID_INODE) will not function properly. In addition, these test macros use left bit-shift calculations using with the inode number as the shift count via the BIT macro, but the result of a shift calculation that exceeds the bit width of an integer is undefined in the C specification, so if "ns_first_ino" is set to a large value other than the default value NILFS_USER_INO (=11), the macros may potentially malfunction depending on the environment. Fix these issues by checking the lower bound of "nilfs->ns_first_ino" and by preventing bit shifts equal to or greater than the NILFS_USER_INO constant in the inode number test macros. Also, change the type of "ns_first_ino" from signed integer to unsigned integer to avoid the need for type casting in comparisons such as the lower bound check introduced this time. CVE-2024-42105 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42105.html CVE-2024-42105 https://bugzilla.suse.com/1228665 SUSE Bug 1228665 In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. This field corresponds to the sdiag_raw_protocol field in struct inet_diag_req_raw. inet_diag_get_exact_compat() converts inet_diag_req to inet_diag_req_v2, but leaves the pad field uninitialized. So the issue occurs when raw_lookup() accesses the sdiag_raw_protocol field. Fix this by initializing the pad field in inet_diag_get_exact_compat(). Also, do the same fix in inet_diag_dump_compat() to avoid the similar issue in the future. [1] BUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline] BUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_lookup net/ipv4/raw_diag.c:49 [inline] raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639 __sys_sendmsg net/socket.c:2668 [inline] __do_sys_sendmsg net/socket.c:2677 [inline] __se_sys_sendmsg net/socket.c:2675 [inline] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639 __sys_sendmsg net/socket.c:2668 [inline] __do_sys_sendmsg net/socket.c:2677 [inline] __se_sys_sendmsg net/socket.c:2675 [inline] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable req.i created at: inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline] inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 CPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 CVE-2024-42106 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42106.html CVE-2024-42106 https://bugzilla.suse.com/1228493 SUSE Bug 1228493 In the Linux kernel, the following vulnerability has been resolved: ice: Don't process extts if PTP is disabled The ice_ptp_extts_event() function can race with ice_ptp_release() and result in a NULL pointer dereference which leads to a kernel panic. Panic occurs because the ice_ptp_extts_event() function calls ptp_clock_event() with a NULL pointer. The ice driver has already released the PTP clock by the time the interrupt for the next external timestamp event occurs. To fix this, modify the ice_ptp_extts_event() function to check the PTP state and bail early if PTP is not ready. CVE-2024-42107 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42107.html CVE-2024-42107 https://bugzilla.suse.com/1228494 SUSE Bug 1228494 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally flush pending work before notifier syzbot reports: KASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831 KASAN: slab-uaf in nft_commit_release net/netfilter/nf_tables_api.c:9530 KASAN: slab-uaf int nf_tables_trans_destroy_work+0x152b/0x1750 net/netfilter/nf_tables_api.c:9597 Read of size 2 at addr ffff88802b0051c4 by task kworker/1:1/45 [..] Workqueue: events nf_tables_trans_destroy_work Call Trace: nft_ctx_update include/net/netfilter/nf_tables.h:1831 [inline] nft_commit_release net/netfilter/nf_tables_api.c:9530 [inline] nf_tables_trans_destroy_work+0x152b/0x1750 net/netfilter/nf_tables_api.c:9597 Problem is that the notifier does a conditional flush, but its possible that the table-to-be-removed is still referenced by transactions being processed by the worker, so we need to flush unconditionally. We could make the flush_work depend on whether we found a table to delete in nf-next to avoid the flush for most cases. AFAICS this problem is only exposed in nf-next, with commit e169285f8c56 ("netfilter: nf_tables: do not store nft_ctx in transaction objects"), with this commit applied there is an unconditional fetch of table->family which is whats triggering the above splat. CVE-2024-42109 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42109.html CVE-2024-42109 https://bugzilla.suse.com/1228505 SUSE Bug 1228505 In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA) dmanegine as the data mover for ntb_transport that ntb_netdev uses. [74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526 [74412.556784] caller is netif_rx_internal+0x42/0x130 [74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5 [74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024 [74412.581699] Call Trace: [74412.584514] <TASK> [74412.586933] dump_stack_lvl+0x55/0x70 [74412.591129] check_preemption_disabled+0xc8/0xf0 [74412.596374] netif_rx_internal+0x42/0x130 [74412.600957] __netif_rx+0x20/0xd0 [74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev] [74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport] [74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport] [74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd] [74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd] [74412.634046] irq_thread_fn+0x21/0x60 [74412.638134] ? irq_thread+0xa8/0x290 [74412.642218] irq_thread+0x1a0/0x290 [74412.646212] ? __pfx_irq_thread_fn+0x10/0x10 [74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10 [74412.656117] ? __pfx_irq_thread+0x10/0x10 [74412.660686] kthread+0x100/0x130 [74412.664384] ? __pfx_kthread+0x10/0x10 [74412.668639] ret_from_fork+0x31/0x50 [74412.672716] ? __pfx_kthread+0x10/0x10 [74412.676978] ret_from_fork_asm+0x1a/0x30 [74412.681457] </TASK> The cause is due to the idxd driver interrupt completion handler uses threaded interrupt and the threaded handler is not hard or soft interrupt context. However __netif_rx() can only be called from interrupt context. Change the call to netif_rx() in order to allow completion via normal context for dmaengine drivers that utilize threaded irq handling. While the following commit changed from netif_rx() to __netif_rx(), baebdf48c360 ("net: dev: Makes sure netif_rx() can be invoked in any context."), the change should've been a noop instead. However, the code precedes this fix should've been using netif_rx_ni() or netif_rx_any_context(). CVE-2024-42110 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42110.html CVE-2024-42110 https://bugzilla.suse.com/1228501 SUSE Bug 1228501 In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx->num_q_vectors is uninitialized. Thus there will be kernel panic in wx_alloc_q_vectors() to allocate queue vectors. CVE-2024-42113 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42113.html CVE-2024-42113 https://bugzilla.suse.com/1228568 SUSE Bug 1228568 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM to 2^31. We had a similar issue in sch_fq, fixed with commit d9e15a273306 ("pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM") watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24] Modules linked in: irq event stamp: 131135 hardirqs last enabled at (131134): [<ffff80008ae8778c>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline] hardirqs last enabled at (131134): [<ffff80008ae8778c>] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95 hardirqs last disabled at (131135): [<ffff80008ae85378>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (131135): [<ffff80008ae85378>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (125892): [<ffff80008907e82c>] neigh_hh_init net/core/neighbour.c:1538 [inline] softirqs last enabled at (125892): [<ffff80008907e82c>] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553 softirqs last disabled at (125896): [<ffff80008904166c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: mld mld_ifc_work pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __list_del include/linux/list.h:195 [inline] pc : __list_del_entry include/linux/list.h:218 [inline] pc : list_move_tail include/linux/list.h:310 [inline] pc : fq_tin_dequeue include/net/fq_impl.h:112 [inline] pc : ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854 lr : __list_del_entry include/linux/list.h:218 [inline] lr : list_move_tail include/linux/list.h:310 [inline] lr : fq_tin_dequeue include/net/fq_impl.h:112 [inline] lr : ieee80211_tx_dequeue+0x67c/0x3b4c net/mac80211/tx.c:3854 sp : ffff800093d36700 x29: ffff800093d36a60 x28: ffff800093d36960 x27: dfff800000000000 x26: ffff0000d800ad50 x25: ffff0000d800abe0 x24: ffff0000d800abf0 x23: ffff0000e0032468 x22: ffff0000e00324d4 x21: ffff0000d800abf0 x20: ffff0000d800abf8 x19: ffff0000d800abf0 x18: ffff800093d363c0 x17: 000000000000d476 x16: ffff8000805519dc x15: ffff7000127a6cc8 x14: 1ffff000127a6cc8 x13: 0000000000000004 x12: ffffffffffffffff x11: ffff7000127a6cc8 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : ffff80009287aa08 x4 : 0000000000000008 x3 : ffff80008034c7fc x2 : ffff0000e0032468 x1 : 00000000da0e46b8 x0 : ffff0000e0032470 Call trace: __list_del include/linux/list.h:195 [inline] __list_del_entry include/linux/list.h:218 [inline] list_move_tail include/linux/list.h:310 [inline] fq_tin_dequeue include/net/fq_impl.h:112 [inline] ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854 wake_tx_push_queue net/mac80211/util.c:294 [inline] ieee80211_handle_wake_tx_queue+0x118/0x274 net/mac80211/util.c:315 drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline] schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline] ieee80211_queue_skb+0x18e8/0x2244 net/mac80211/tx.c:1664 ieee80211_tx+0x260/0x400 net/mac80211/tx.c:1966 ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2062 __ieee80211_subif_start_xmit+0xab8/0x122c net/mac80211/tx.c:4338 ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4532 __netdev_start_xmit include/linux/netdevice.h:4903 [inline] netdev_start_xmit include/linux/netdevice.h:4917 [inline] xmit_one net/core/dev.c:3531 [inline] dev_hard_start_xmit+0x27c/0x938 net/core/dev.c:3547 __dev_queue_xmit+0x1678/0x33fc net/core/dev.c:4341 dev_queue_xmit include/linux/netdevice.h:3091 [inline] neigh_resolve_output+0x558/0x658 net/core/neighbour.c:1563 neigh_output include/net/neighbour.h:542 [inline] ip6_fini ---truncated--- CVE-2024-42114 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42114.html CVE-2024-42114 https://bugzilla.suse.com/1228564 SUSE Bug 1228564 In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2_free_inode During the stress testing of the jffs2 file system,the following abnormal printouts were found: [ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948 [ 2430.649622] Mem abort info: [ 2430.649829] ESR = 0x96000004 [ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits [ 2430.650564] SET = 0, FnV = 0 [ 2430.650795] EA = 0, S1PTW = 0 [ 2430.651032] FSC = 0x04: level 0 translation fault [ 2430.651446] Data abort info: [ 2430.651683] ISV = 0, ISS = 0x00000004 [ 2430.652001] CM = 0, WnR = 0 [ 2430.652558] [0069696969696948] address between user and kernel address ranges [ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33 [ 2430.655008] Hardware name: linux,dummy-virt (DT) [ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2430.656142] pc : kfree+0x78/0x348 [ 2430.656630] lr : jffs2_free_inode+0x24/0x48 [ 2430.657051] sp : ffff800009eebd10 [ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000 [ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000 [ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14 [ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000 [ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000 [ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19 [ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14 [ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302 [ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342 [ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000 [ 2430.664217] Call trace: [ 2430.664528] kfree+0x78/0x348 [ 2430.664855] jffs2_free_inode+0x24/0x48 [ 2430.665233] i_callback+0x24/0x50 [ 2430.665528] rcu_do_batch+0x1ac/0x448 [ 2430.665892] rcu_core+0x28c/0x3c8 [ 2430.666151] rcu_core_si+0x18/0x28 [ 2430.666473] __do_softirq+0x138/0x3cc [ 2430.666781] irq_exit+0xf0/0x110 [ 2430.667065] handle_domain_irq+0x6c/0x98 [ 2430.667447] gic_handle_irq+0xac/0xe8 [ 2430.667739] call_on_irq_stack+0x28/0x54 The parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of the jffs_inode_info structure. It was found that all variables in the jffs_inode_info structure were 5a5a5a5a, except for the first member sem. It is suspected that these variables are not initialized because they were set to 5a5a5a5a during memory testing, which is meant to detect uninitialized memory.The sem variable is initialized in the function jffs2_i_init_once, while other members are initialized in the function jffs2_init_inode_info. The function jffs2_init_inode_info is called after iget_locked, but in the iget_locked function, the destroy_inode process is triggered, which releases the inode and consequently, the target member of the inode is not initialized.In concurrent high pressure scenarios, iget_locked may enter the destroy_inode branch as described in the code. Since the destroy_inode functionality of jffs2 only releases the target, the fix method is to set target to NULL in jffs2_i_init_once. CVE-2024-42115 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42115.html CVE-2024-42115 https://bugzilla.suse.com/1228656 SUSE Bug 1228656 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: ASSERT when failing to find index by plane/stream id [WHY] find_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id returns an array index and they return -1 when not found; however, -1 is not a valid index number. [HOW] When this happens, call ASSERT(), and return a positive number (which is fewer than callers' array size) instead. This fixes 4 OVERRUN and 2 NEGATIVE_RETURNS issues reported by Coverity. CVE-2024-42117 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42117.html CVE-2024-42117 https://bugzilla.suse.com/1228582 SUSE Bug 1228582 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip finding free audio for unknown engine_id [WHY] ENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it also means it is uninitialized and does not need free audio. [HOW] Skip and return NULL. This fixes 2 OVERRUN issues reported by Coverity. CVE-2024-42119 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42119.html CVE-2024-42119 https://bugzilla.suse.com/1228584 SUSE Bug 1228584 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check pipe offset before setting vblank pipe_ctx has a size of MAX_PIPES so checking its index before accessing the array. This fixes an OVERRUN issue reported by Coverity. CVE-2024-42120 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42120.html CVE-2024-42120 https://bugzilla.suse.com/1228588 SUSE Bug 1228588 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index msg_id before read or write [WHAT] msg_id is used as an array index and it cannot be a negative value, and therefore cannot be equal to MOD_HDCP_MESSAGE_ID_INVALID (-1). [HOW] Check whether msg_id is valid before reading and setting. This fixes 4 OVERRUN issues reported by Coverity. CVE-2024-42121 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42121.html CVE-2024-42121 https://bugzilla.suse.com/1228590 SUSE Bug 1228590 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer check for kzalloc [Why & How] Check return pointer of kzalloc before using it. CVE-2024-42122 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42122.html CVE-2024-42122 https://bugzilla.suse.com/1228591 SUSE Bug 1228591 In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Make qedf_execute_tmf() non-preemptible Stop calling smp_processor_id() from preemptible code in qedf_execute_tmf90. This results in BUG_ON() when running an RT kernel. [ 659.343280] BUG: using smp_processor_id() in preemptible [00000000] code: sg_reset/3646 [ 659.343282] caller is qedf_execute_tmf+0x8b/0x360 [qedf] CVE-2024-42124 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42124.html CVE-2024-42124 https://bugzilla.suse.com/1228705 SUSE Bug 1228705 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband We have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz sband will be NULL even if it is WiFi 7 chip. So, add NULL handling here to avoid crash. CVE-2024-42125 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42125.html CVE-2024-42125 https://bugzilla.suse.com/1228674 SUSE Bug 1228674 In the Linux kernel, the following vulnerability has been resolved: powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. nmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling (e.g. early HMI/MCE interrupt handler) if percpu allocation comes from vmalloc area. Early HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI() wrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when percpu allocation is from the embedded first chunk. However with CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu allocation can come from the vmalloc area. With kernel command line "percpu_alloc=page" we can force percpu allocation to come from vmalloc area and can see kernel crash in machine_check_early: [ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110 [ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0 [ 1.215719] --- interrupt: 200 [ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable) [ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0 [ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8 Fix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu first chunk is not embedded. CVE-2024-42126 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42126.html CVE-2024-42126 https://bugzilla.suse.com/1228718 SUSE Bug 1228718 In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix shared irq handling on driver remove lima uses a shared interrupt, so the interrupt handlers must be prepared to be called at any time. At driver removal time, the clocks are disabled early and the interrupts stay registered until the very end of the remove process due to the devm usage. This is potentially a bug as the interrupts access device registers which assumes clocks are enabled. A crash can be triggered by removing the driver in a kernel with CONFIG_DEBUG_SHIRQ enabled. This patch frees the interrupts at each lima device finishing callback so that the handlers are already unregistered by the time we fully disable clocks. CVE-2024-42127 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42127.html CVE-2024-42127 https://bugzilla.suse.com/1228721 SUSE Bug 1228721 In the Linux kernel, the following vulnerability has been resolved: nfc/nci: Add the inconsistency check between the input data length and count write$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="610501"], 0xf) Syzbot constructed a write() call with a data length of 3 bytes but a count value of 15, which passed too little data to meet the basic requirements of the function nci_rf_intf_activated_ntf_packet(). Therefore, increasing the comparison between data length and count value to avoid problems caused by inconsistent data length and count. CVE-2024-42130 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42130.html CVE-2024-42130 https://bugzilla.suse.com/1228687 SUSE Bug 1228687 In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits. For dirty_ratio / dirty_background_ratio it isn't so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc. So when converting dirty limits from ratios to numbers of pages, we just don't allow the result to exceed UINT_MAX. This is root-only triggerable problem which occurs when the operator sets dirty limits to >16 TB. CVE-2024-42131 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42131.html CVE-2024-42131 https://bugzilla.suse.com/1228650 SUSE Bug 1228650 In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Syzbot hit warning in hci_conn_del() caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by hci_le_big_sync_established_evt(), which makes code think it's unset connection. Add same check for handle upper bound as in hci_conn_set_handle() to prevent warning. CVE-2024-42132 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42132.html CVE-2024-42132 https://bugzilla.suse.com/1228492 SUSE Bug 1228492 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hci_le_big_sync_established_evt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hci_conn_cleanup. CVE-2024-42133 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42133.html CVE-2024-42133 https://bugzilla.suse.com/1228511 SUSE Bug 1228511 https://bugzilla.suse.com/1231419 SUSE Bug 1231419 In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat: [ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 366.027518] Call Trace: [ 366.027523] <TASK> [ 366.027533] dump_stack_lvl+0x93/0xd0 [ 366.027899] handle_overflow+0x171/0x1b0 [ 366.038787] ata1.00: invalid multi_count 32 ignored [ 366.043924] cdrom_ioctl+0x2c3f/0x2d10 [ 366.063932] ? __pm_runtime_resume+0xe6/0x130 [ 366.071923] sr_block_ioctl+0x15d/0x1d0 [ 366.074624] ? __pfx_sr_block_ioctl+0x10/0x10 [ 366.077642] blkdev_ioctl+0x419/0x500 [ 366.080231] ? __pfx_blkdev_ioctl+0x10/0x10 ... Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's rearrange the check to not perform any arithmetic, thus not tripping the sanitizer. CVE-2024-42136 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42136.html CVE-2024-42136 https://bugzilla.suse.com/1228758 SUSE Bug 1228758 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown() by adding condition to avoid the serdev is flushed or wrote after closed but also introduces this regression issue regarding above steps since the VSC is not sent to reset controller during warm reboot. Fixed by sending the VSC to reset controller within qca_serdev_shutdown() once BT was ever enabled, and the use-after-free issue is also fixed by this change since the serdev is still opened before it is flushed or wrote. Verified by the reported machine Dell XPS 13 9310 laptop over below two kernel commits: commit e00fc2700a3f ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of bluetooth-next tree. commit b23d98d46d28 ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of linus mainline tree. CVE-2024-42137 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42137.html CVE-2024-42137 https://bugzilla.suse.com/1228563 SUSE Bug 1228563 In the Linux kernel, the following vulnerability has been resolved: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file In case of invalid INI file mlxsw_linecard_types_init() deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred after mlxsw_linecard_types_init() call, mlxsw_linecards_init() calls mlxsw_linecard_types_fini() which performs memory deallocation again. Add pointer reset to NULL. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-42138 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42138.html CVE-2024-42138 https://bugzilla.suse.com/1228500 SUSE Bug 1228500 In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper extts handling Extts events are disabled and enabled by the application ts2phc. However, in case where the driver is removed when the application is running, a specific extts event remains enabled and can cause a kernel crash. As a side effect, when the driver is reloaded and application is started again, remaining extts event for the channel from a previous run will keep firing and the message "extts on unexpected channel" might be printed to the user. To avoid that, extts events shall be disabled when PTP is released. CVE-2024-42139 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42139.html CVE-2024-42139 https://bugzilla.suse.com/1228503 SUSE Bug 1228503 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Check socket flag instead of hcon This fixes the following Smatch static checker warning: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: we previously assumed 'pi->conn->hcon' could be null (line 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = sock->sk; 1351 struct iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG("sk %p", sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1356 lock_sock(sk); 1357 switch (sk->sk_state) { 1358 case BT_CONNECT2: 1359 if (pi->conn->hcon && ^^^^^^^^^^^^^^ If ->hcon is NULL 1360 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1361 iso_conn_big_sync(sk); 1362 sk->sk_state = BT_LISTEN; 1363 } else { --> 1364 iso_conn_defer_accept(pi->conn->hcon); ^^^^^^^^^^^^^^ then we're toast 1365 sk->sk_state = BT_CONFIG; 1366 } 1367 release_sock(sk); 1368 return 0; 1369 case BT_CONNECTED: 1370 if (test_bit(BT_SK_PA_SYNC, CVE-2024-42141 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42141.html CVE-2024-42141 https://bugzilla.suse.com/1228502 SUSE Bug 1228502 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-switch, Create ingress ACL when needed Currently, ingress acl is used for three features. It is created only when vport metadata match and prio tag are enabled. But active-backup lag mode also uses it. It is independent of vport metadata match and prio tag. And vport metadata match can be disabled using the following devlink command: # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \ value false cmode runtime If ingress acl is not created, will hit panic when creating drop rule for active-backup lag mode. If always create it, there will be about 5% performance degradation. Fix it by creating ingress acl when needed. If esw_port_metadata is true, ingress acl exists, then create drop rule using existing ingress acl. If esw_port_metadata is false, create ingress acl and then create drop rule. CVE-2024-42142 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42142.html CVE-2024-42142 https://bugzilla.suse.com/1228491 SUSE Bug 1228491 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-42143 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42143.html CVE-2024-42143 https://bugzilla.suse.com/1228748 SUSE Bug 1228748 In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data Verify that lvts_data is not NULL before using it. CVE-2024-42144 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42144.html CVE-2024-42144 https://bugzilla.suse.com/1228666 SUSE Bug 1228666 In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow. To address this, we introduce a limit to the size of the list. After considering typical scenarios, such as OpenSM processing, which can handle approximately 100k packets per second, and the 1-second retry timeout for most packets, we set the list size limit to 200k. Packets received beyond this limit are dropped, assuming they are likely timed out by the time they are handled by user-space. Notably, packets queued on the receive list due to reasons like timed-out sends are preserved even when the list is full. CVE-2024-42145 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42145.html CVE-2024-42145 https://bugzilla.suse.com/1223384 SUSE Bug 1223384 https://bugzilla.suse.com/1228743 SUSE Bug 1228743 https://bugzilla.suse.com/1228744 SUSE Bug 1228744 In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/debugfs - Fix debugfs uninit process issue During the zip probe process, the debugfs failure does not stop the probe. When debugfs initialization fails, jumping to the error branch will also release regs, in addition to its own rollback operation. As a result, it may be released repeatedly during the regs uninit process. Therefore, the null check needs to be added to the regs uninit process. CVE-2024-42147 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42147.html CVE-2024-42147 https://bugzilla.suse.com/1228764 SUSE Bug 1228764 In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equal to FP_SB_MAX_E1x using the num_queues module parameter. Currently there is a read/write out of bounds that occurs on the array "struct stats_query_entry query" present inside the "bnx2x_fw_stats_req" struct in "drivers/net/ethernet/broadcom/bnx2x/bnx2x.h". Looking at the definition of the "struct stats_query_entry query" array: struct stats_query_entry query[FP_SB_MAX_E1x+ BNX2X_FIRST_QUEUE_QUERY_IDX]; FP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and has a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3 meaning the array has a total size of 19. Since accesses to "struct stats_query_entry query" are offset-ted by BNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet queues should not exceed FP_SB_MAX_E1x (16). However one of these queues is reserved for FCOE and thus the number of Ethernet queues should be set to [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if it is not. This is also described in a comment in the source code in drivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition of FP_SB_MAX_E1x. Below is the part of this explanation that it important for this patch /* * The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is * control by the number of fast-path status blocks supported by the * device (HW/FW). Each fast-path status block (FP-SB) aka non-default * status block represents an independent interrupts context that can * serve a regular L2 networking queue. However special L2 queues such * as the FCoE queue do not require a FP-SB and other components like * the CNIC may consume FP-SB reducing the number of possible L2 queues * * If the maximum number of FP-SB available is X then: * a. If CNIC is supported it consumes 1 FP-SB thus the max number of * regular L2 queues is Y=X-1 * b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor) * c. If the FCoE L2 queue is supported the actual number of L2 queues * is Y+1 * d. The number of irqs (MSIX vectors) is either Y+1 (one extra for * slow-path interrupts) or Y+2 if CNIC is supported (one additional * FP interrupt context for the CNIC). * e. The number of HW context (CID count) is always X or X+1 if FCoE * L2 queue is supported. The cid for the FCoE L2 queue is always X. */ However this driver also supports NICs that use the E2 controller which can handle more queues due to having more FP-SB represented by FP_SB_MAX_E2. Looking at the commits when the E2 support was added, it was originally using the E1x parameters: commit f2e0899f0f27 ("bnx2x: Add 57712 support"). Back then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver was later updated to take full advantage of the E2 instead of having it be limited to the capabilities of the E1x. But as far as we can tell, the array "stats_query_entry query" was still limited to using the FP-SB available to the E1x cards as part of an oversignt when the driver was updated to take full advantage of the E2, and now with the driver being aware of the greater queue size supported by E2 NICs, it causes the UBSAN warnings seen in the stack traces below. This patch increases the size of the "stats_query_entry query" array by replacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle both types of NICs. Stack traces: UBSAN: array-index-out-of-bounds in drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11 index 20 is out of range for type 'stats_query_entry [19]' CPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic #202405052133 Hardware name: HP ProLiant DL360 Gen9/ProLiant DL360 ---truncated--- CVE-2024-42148 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42148.html CVE-2024-42148 https://bugzilla.suse.com/1228487 SUSE Bug 1228487 In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we know that a ctrl was allocated (in the admin connect request handler) and we need to release pending AERs, clear ctrl->sqs and sq->ctrl (for nvme-loop primarily), and drop the final reference on the ctrl. However, a small window is possible where nvmet_sq_destroy starts (as a result of the client giving up and disconnecting) concurrently with the nvme admin connect cmd (which may be in an early stage). But *before* kill_and_confirm of sq->ref (i.e. the admin connect managed to get an sq live reference). In this case, sq->ctrl was allocated however after it was captured in a local variable in nvmet_sq_destroy. This prevented the final reference drop on the ctrl. Solve this by re-capturing the sq->ctrl after all inflight request has completed, where for sure sq->ctrl reference is final, and move forward based on that. This issue was observed in an environment with many hosts connecting multiple ctrls simoutanuosly, creating a delay in allocating a ctrl leading up to this race window. CVE-2024-42152 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42152.html CVE-2024-42152 https://bugzilla.suse.com/1228724 SUSE Bug 1228724 In the Linux kernel, the following vulnerability has been resolved: i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr When del_timer_sync() is called in an interrupt context it throws a warning because of potential deadlock. The timer is used only to exit from wait_for_completion() after a timeout so replacing the call with wait_for_completion_timeout() allows to remove the problematic timer and its related functions altogether. CVE-2024-42153 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42153.html CVE-2024-42153 https://bugzilla.suse.com/1228510 SUSE Bug 1228510 In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copies of protected- or secure-keys from stack, even in case of an error. CVE-2024-42155 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42155.html CVE-2024-42155 https://bugzilla.suse.com/1228733 SUSE Bug 1228733 In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key. CVE-2024-42156 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42156.html CVE-2024-42156 https://bugzilla.suse.com/1228722 SUSE Bug 1228722 In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails. CVE-2024-42157 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42157.html CVE-2024-42157 https://bugzilla.suse.com/1228727 SUSE Bug 1228727 In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770) CVE-2024-42158 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42158.html CVE-2024-42158 https://bugzilla.suse.com/1228720 SUSE Bug 1228720 In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed. CVE-2024-42159 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42159.html CVE-2024-42159 https://bugzilla.suse.com/1228754 SUSE Bug 1228754 https://bugzilla.suse.com/1228755 SUSE Bug 1228755 In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val; \ [...] \ switch (__CORE_RELO(s, field, BYTE_SIZE)) { \ case 1: val = *(const unsigned char *)p; break; \ case 2: val = *(const unsigned short *)p; break; \ case 4: val = *(const unsigned int *)p; break; \ case 8: val = *(const unsigned long long *)p; break; \ } \ [...] val; \ } \ This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE. Tested in bpf-next master. No regressions. CVE-2024-42161 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42161.html CVE-2024-42161 https://bugzilla.suse.com/1228756 SUSE Bug 1228756 In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for a subset of queues. Without this change, gve_get_ethtool_stats might make an invalid access on the priv->stats_report->stats array. CVE-2024-42162 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42162.html CVE-2024-42162 https://bugzilla.suse.com/1228706 SUSE Bug 1228706 In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new 64 bit variable to hold the calculations. CVE-2024-42223 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42223.html CVE-2024-42223 https://bugzilla.suse.com/1228726 SUSE Bug 1228726 In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, use list_first_entry_or_null() which does return NULL if the list is empty. Flagged by Smatch. Compile tested only. CVE-2024-42224 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42224.html CVE-2024-42224 https://bugzilla.suse.com/1228723 SUSE Bug 1228723 In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data CVE-2024-42225 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42225.html CVE-2024-42225 https://bugzilla.suse.com/1228710 SUSE Bug 1228710 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-42226 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42226.html CVE-2024-42226 https://bugzilla.suse.com/1228709 SUSE Bug 1228709 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix overlapping copy within dml_core_mode_programming [WHY] &mode_lib->mp.Watermark and &locals->Watermark are the same address. memcpy may lead to unexpected behavior. [HOW] memmove should be used. CVE-2024-42227 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42227.html CVE-2024-42227 https://bugzilla.suse.com/1228707 SUSE Bug 1228707 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate value of 0xffffffff.(Christian) CVE-2024-42228 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42228.html CVE-2024-42228 https://bugzilla.suse.com/1228667 SUSE Bug 1228667 In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key. CVE-2024-42229 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42229.html CVE-2024-42229 https://bugzilla.suse.com/1228708 SUSE Bug 1228708 In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL is disabled, which causes an interrupt at an unexpected entry location that crashes the kernel. Change the kexec sequence to disable AIL after other CPUs have been brought down. As a refresher, the real-mode scv interrupt vector is 0x17000, and the fixed-location head code probably couldn't easily deal with implementing such high addresses so it was just decided not to support that interrupt at all. CVE-2024-42230 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42230.html CVE-2024-42230 https://bugzilla.suse.com/1228489 SUSE Bug 1228489 In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs -- __close_session() doesn't mess with the delayed work in order to avoid interfering with the hunting interval logic. This part was missed in commit b5d91704f53e ("libceph: behave in mon_fault() if cur_mon < 0") and use-after-free can still ensue on monc and objects that hang off of it, with monc->auth and monc->monmap being particularly susceptible to quickly being reused. To fix this: - clear monc->cur_mon and monc->hunting as part of closing the session in ceph_monc_stop() - bail from delayed_work() if monc->cur_mon is cleared, similar to how it's done in mon_fault() and finish_hunting() (based on monc->hunting) - call cancel_delayed_work_sync() after the session is closed CVE-2024-42232 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42232.html CVE-2024-42232 https://bugzilla.suse.com/1228959 SUSE Bug 1228959 https://bugzilla.suse.com/1229458 SUSE Bug 1229458 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == '\n') followed closely by an OOB write in the form `str[0 - 1] = '\0'`. There is already a validating check to catch strings that are too long. Let's supply an additional check for invalid strings that are too short. CVE-2024-42236 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42236.html CVE-2024-42236 https://bugzilla.suse.com/1228964 SUSE Bug 1228964 In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration. However, some code before that check used the length field without validating it. CVE-2024-42237 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42237.html CVE-2024-42237 https://bugzilla.suse.com/1228992 SUSE Bug 1228992 In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer than the amount of data left in the file. The previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop while there was enough data left in the file for a valid region. This protected against overrunning the end of the file data, but it didn't abort the file processing with an error. CVE-2024-42238 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42238.html CVE-2024-42238 https://bugzilla.suse.com/1228991 SUSE Bug 1228991 In the Linux kernel, the following vulnerability has been resolved: bpf: Fail bpf_timer_cancel when callback is being cancelled Given a schedule: timer1 cb timer2 cb bpf_timer_cancel(timer2); bpf_timer_cancel(timer1); Both bpf_timer_cancel calls would wait for the other callback to finish executing, introducing a lockup. Add an atomic_t count named 'cancelling' in bpf_hrtimer. This keeps track of all in-flight cancellation requests for a given BPF timer. Whenever cancelling a BPF timer, we must check if we have outstanding cancellation requests, and if so, we must fail the operation with an error (-EDEADLK) since cancellation is synchronous and waits for the callback to finish executing. This implies that we can enter a deadlock situation involving two or more timer callbacks executing in parallel and attempting to cancel one another. Note that we avoid incrementing the cancelling counter for the target timer (the one being cancelled) if bpf_timer_cancel is not invoked from a callback, to avoid spurious errors. The whole point of detecting cur->cancelling and returning -EDEADLK is to not enter a busy wait loop (which may or may not lead to a lockup). This does not apply in case the caller is in a non-callback context, the other side can continue to cancel as it sees fit without running into errors. Background on prior attempts: Earlier versions of this patch used a bool 'cancelling' bit and used the following pattern under timer->lock to publish cancellation status. lock(t->lock); t->cancelling = true; mb(); if (cur->cancelling) return -EDEADLK; unlock(t->lock); hrtimer_cancel(t->timer); t->cancelling = false; The store outside the critical section could overwrite a parallel requests t->cancelling assignment to true, to ensure the parallely executing callback observes its cancellation status. It would be necessary to clear this cancelling bit once hrtimer_cancel is done, but lack of serialization introduced races. Another option was explored where bpf_timer_start would clear the bit when (re)starting the timer under timer->lock. This would ensure serialized access to the cancelling bit, but may allow it to be cleared before in-flight hrtimer_cancel has finished executing, such that lockups can occur again. Thus, we choose an atomic counter to keep track of all outstanding cancellation requests and use it to prevent lockups in case callbacks attempt to cancel each other while executing in parallel. CVE-2024-42239 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42239.html CVE-2024-42239 https://bugzilla.suse.com/1228979 SUSE Bug 1228979 In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in #DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set then entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the clear_bhb_loop() before the TF flag is cleared. This causes the #DB handler (exc_debug_kernel()) to issue a warning because single-step is used outside the entry_SYSENTER_compat() function. To address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY after making sure the TF flag is cleared. The problem can be reproduced with the following sequence: $ cat sysenter_step.c int main() { asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); } $ gcc -o sysenter_step sysenter_step.c $ ./sysenter_step Segmentation fault (core dumped) The program is expected to crash, and the #DB handler will issue a warning. Kernel log: WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160 ... RIP: 0010:exc_debug_kernel+0xd2/0x160 ... Call Trace: <#DB> ? show_regs+0x68/0x80 ? __warn+0x8c/0x140 ? exc_debug_kernel+0xd2/0x160 ? report_bug+0x175/0x1a0 ? handle_bug+0x44/0x90 ? exc_invalid_op+0x1c/0x70 ? asm_exc_invalid_op+0x1f/0x30 ? exc_debug_kernel+0xd2/0x160 exc_debug+0x43/0x50 asm_exc_debug+0x1e/0x40 RIP: 0010:clear_bhb_loop+0x0/0xb0 ... </#DB> <TASK> ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d </TASK> [ bp: Massage commit message. ] CVE-2024-42240 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42240.html CVE-2024-42240 https://bugzilla.suse.com/1228966 SUSE Bug 1228966 In the Linux kernel, the following vulnerability has been resolved: mm/shmem: disable PMD-sized page cache if needed For shmem files, it's possible that PMD-sized page cache can't be supported by xarray. For example, 512MB page cache on ARM64 when the base page size is 64KB can't be supported by xarray. It leads to errors as the following messages indicate when this sort of xarray entry is split. WARNING: CPU: 34 PID: 7578 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 \ nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject \ nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse xfs \ libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net \ net_failover virtio_console virtio_blk failover dimlib virtio_mmio CPU: 34 PID: 7578 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x720 sp : ffff8000882af5f0 x29: ffff8000882af5f0 x28: ffff8000882af650 x27: ffff8000882af768 x26: 0000000000000cc0 x25: 000000000000000d x24: ffff00010625b858 x23: ffff8000882af650 x22: ffffffdfc0900000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0900000 x18: 0000000000000000 x17: 0000000000000000 x16: 0000018000000000 x15: 52f8004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 52f8000000000000 x10: 52f8e1c0ffff6000 x9 : ffffbeb9619a681c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff00010b02ddb0 x5 : ffffbeb96395e378 x4 : 0000000000000000 x3 : 0000000000000cc0 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 shmem_undo_range+0x2bc/0x6a8 shmem_fallocate+0x134/0x430 vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by disabling PMD-sized page cache when HPAGE_PMD_ORDER is larger than MAX_PAGECACHE_ORDER. As Matthew Wilcox pointed, the page cache in a shmem file isn't represented by a multi-index entry and doesn't have this limitation when the xarry entry is split until commit 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache"). CVE-2024-42241 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42241.html CVE-2024-42241 https://bugzilla.suse.com/1228986 SUSE Bug 1228986 In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011. Specifically, both port read URBs are now submitted on resume for open ports, but the context pointer of the second URB is left set to the core rather than mos7840 port structure. Fix this by implementing dedicated suspend and resume functions for mos7840. Tested with Delock 87414 USB 2.0 to 4x serial adapter. [ johan: analyse crash and rewrite commit message; set busy flag on resume; drop bulk-in check; drop unnecessary usb_kill_urb() ] CVE-2024-42244 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42244.html CVE-2024-42244 https://bugzilla.suse.com/1228967 SUSE Bug 1228967 In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.max_loop if all tasks examined to that point were pinned. The goal of the patch was to make it more likely to be able to detach a task buried in a long list of pinned tasks. However, this has the unfortunate side effect of creating an O(n) iteration in detach_tasks(), as we now must fully iterate every task on a cpu if all or most are pinned. Since this load balance code is done with rq lock held, and often in softirq context, it is very easy to trigger hard lockups. We observed such hard lockups with a user who affined O(10k) threads to a single cpu. When I discussed this with Vincent he initially suggested that we keep the limit on the number of tasks to detach, but increase the number of tasks we can search. However, after some back and forth on the mailing list, he recommended we instead revert the original patch, as it seems likely no one was actually getting hit by the original issue. CVE-2024-42245 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42245.html CVE-2024-42245 https://bugzilla.suse.com/1228978 SUSE Bug 1228978 In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket When using a BPF program on kernel_connect(), the call can return -EPERM. This causes xs_tcp_setup_socket() to loop forever, filling up the syslog and causing the kernel to potentially freeze up. Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN. ECONNREFUSED as error seems reasonable. For programs setting a different error can be out of reach (see handling in 4fbac77d2d09) in particular on kernels which do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean"), thus given that it is better to simply remap for consistent behavior. UDP does handle EPERM in xs_udp_send_request(). CVE-2024-42246 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42246.html CVE-2024-42246 https://bugzilla.suse.com/1228989 SUSE Bug 1228989 In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned 64-bit memory accesses On the parisc platform, the kernel issues kernel warnings because swap_endian() tries to load a 128-bit IPv6 address from an unaligned memory location: Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df) Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc) Avoid such unaligned memory accesses by instead using the get_unaligned_be64() helper macro. [Jason: replace src[8] in original patch with src+8] CVE-2024-42247 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42247.html CVE-2024-42247 https://bugzilla.suse.com/1228988 SUSE Bug 1228988 In the Linux kernel, the following vulnerability has been resolved: cachefiles: add missing lock protection when polling Add missing lock protection in poll routine when iterating xarray, otherwise: Even with RCU read lock held, only the slot of the radix tree is ensured to be pinned there, while the data structure (e.g. struct cachefiles_req) stored in the slot has no such guarantee. The poll routine will iterate the radix tree and dereference cachefiles_req accordingly. Thus RCU read lock is not adequate in this case and spinlock is needed here. CVE-2024-42250 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42250.html CVE-2024-42250 https://bugzilla.suse.com/1228977 SUSE Bug 1228977 In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call site pca953x_gpio_set_multiple() ensures the lock is held before calling pca953x_write_regs(). The problem occurred when a request raced against irq_bus_sync_unlock() approximately once per thousand reboots on an i.MX8MP based system. * Normal case 0-0022: write register AI|3a {03,02,00,00,01} Input latch P0 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0 0-0022: write register AI|08 {ff,00,00,00,00} Output P3 0-0022: write register AI|12 {fc,00,00,00,00} Config P3 * Race case 0-0022: write register AI|08 {ff,00,00,00,00} Output P3 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register *** 0-0022: write register AI|12 {fc,00,00,00,00} Config P3 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0 CVE-2024-42253 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42253.html CVE-2024-42253 https://bugzilla.suse.com/1229005 SUSE Bug 1229005 In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cause page fault access. Fix the calculation of the starting and ending addresses, the total size is now deduced from the difference between the end and start addresses. Additionally, the calculations have been rewritten in a clearer and more understandable form. [Joonas: Add Requires: tag] Requires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset") (cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417) CVE-2024-42259 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42259.html CVE-2024-42259 https://bugzilla.suse.com/1229156 SUSE Bug 1229156 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlink_remote_reload_actions_performed() which results in triggering lock assert like the following: WARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50 … CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116 Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015 Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core] RIP: 0010:devl_assert_locked+0x3e/0x50 … Call Trace: <TASK> ? __warn+0xa4/0x210 ? devl_assert_locked+0x3e/0x50 ? report_bug+0x160/0x280 ? handle_bug+0x3f/0x80 ? exc_invalid_op+0x17/0x40 ? asm_exc_invalid_op+0x1a/0x20 ? devl_assert_locked+0x3e/0x50 devlink_notify+0x88/0x2b0 ? mlx5_attach_device+0x20c/0x230 [mlx5_core] ? __pfx_devlink_notify+0x10/0x10 ? process_one_work+0x4b6/0xbb0 process_one_work+0x4b6/0xbb0 […] CVE-2024-42268 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42268.html CVE-2024-42268 https://bugzilla.suse.com/1229391 SUSE Bug 1229391 In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). ip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id], but the function is exposed to user space before the entry is allocated via register_pernet_subsys(). Let's call register_pernet_subsys() before xt_register_template(). CVE-2024-42269 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42269.html CVE-2024-42269 https://bugzilla.suse.com/1229402 SUSE Bug 1229402 In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. [0] The problem is that iptable_nat_table_init() is exposed to user space before the kernel fully initialises netns. In the small race window, a user could call iptable_nat_table_init() that accesses net_generic(net, iptable_nat_net_id), which is available only after registering iptable_nat_net_ops. Let's call register_pernet_subsys() before xt_register_template(). [0]: bpfilter: Loaded bpfilter_umh pid 11702 Started bpfilter BUG: kernel NULL pointer dereference, address: 0000000000000013 PF: supervisor write access in kernel mode PF: error_code(0x0002) - not-present page PGD 0 P4D 0 PREEMPT SMP NOPTI CPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1 Hardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017 RIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat Code: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c RSP: 0018:ffffbef902843cd0 EFLAGS: 00010246 RAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80 RDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0 RBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240 R10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000 R13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004 FS: 00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259) ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259) ? xt_find_table_lock (net/netfilter/x_tables.c:1259) ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420) ? page_fault_oops (arch/x86/mm/fault.c:727) ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518) ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570) ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat xt_find_table_lock (net/netfilter/x_tables.c:1259) xt_request_find_table_lock (net/netfilter/x_tables.c:1287) get_info (net/ipv4/netfilter/ip_tables.c:965) ? security_capable (security/security.c:809 (discriminator 13)) ? ns_capable (kernel/capability.c:376 kernel/capability.c:397) ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656) ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter nf_getsockopt (net/netfilter/nf_sockopt.c:116) ip_getsockopt (net/ipv4/ip_sockglue.c:1827) __sys_getsockopt (net/socket.c:2327) __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339) do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121) RIP: 0033:0x7f62844685ee Code: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09 RSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0 R10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2 R13: 00007f6284 ---truncated--- CVE-2024-42270 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42270.html CVE-2024-42270 https://bugzilla.suse.com/1229404 SUSE Bug 1229404 In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path (or it is already removed / never existed). This needs to be done with atomic compare and swap, otherwise there is a small window where iucv_sock_close() will try to work with a path that has already been severed and freed by iucv_callback_connrej() called by iucv_tasklet_fn(). Example: [452744.123844] Call Trace: [452744.123845] ([<0000001e87f03880>] 0x1e87f03880) [452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x138 [452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv] [452744.124336] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv] [452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv] [452744.124345] [<00000000d574794e>] __sock_release+0x5e/0xe8 [452744.124815] [<00000000d5747a0c>] sock_close+0x34/0x48 [452744.124820] [<00000000d5421642>] __fput+0xba/0x268 [452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0 [452744.124832] [<00000000d5145710>] do_notify_resume+0x88/0x90 [452744.124841] [<00000000d5978096>] system_call+0xe2/0x2c8 [452744.125319] Last Breaking-Event-Address: [452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138 [452744.125324] [452744.125325] Kernel panic - not syncing: Fatal exception in interrupt Note that bh_lock_sock() is not serializing the tasklet context against process context, because the check for sock_owned_by_user() and corresponding handling is missing. Ideas for a future clean-up patch: A) Correct usage of bh_lock_sock() in tasklet context, as described in Re-enqueue, if needed. This may require adding return values to the tasklet functions and thus changes to all users of iucv. B) Change iucv tasklet into worker and use only lock_sock() in af_iucv. CVE-2024-42271 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42271.html CVE-2024-42271 https://bugzilla.suse.com/1229400 SUSE Bug 1229400 https://bugzilla.suse.com/1229401 SUSE Bug 1229401 In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove its overhead. With RME Fireface 800, this lead to a regression since Kernels 5.14.0, causing an AB/BA deadlock competition for the substream lock with eventual system freeze under ALSA operation: thread 0: * (lock A) acquire substream lock by snd_pcm_stream_lock_irq() in snd_pcm_status64() * (lock B) wait for tasklet to finish by calling tasklet_unlock_spin_wait() in tasklet_disable_in_atomic() in ohci_flush_iso_completions() of ohci.c thread 1: * (lock B) enter tasklet * (lock A) attempt to acquire substream lock, waiting for it to be released: snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed() in update_pcm_pointers() in process_ctx_payloads() in process_rx_packets() of amdtp-stream.c ? tasklet_unlock_spin_wait </NMI> <TASK> ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? native_queued_spin_lock_slowpath </NMI> <IRQ> _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci Restore the process context work queue to prevent deadlock AB/BA deadlock competition for ALSA substream lock of snd_pcm_stream_lock_irq() in snd_pcm_status64() and snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed(). revert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") Replace inline description to prevent future deadlock. CVE-2024-42274 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42274.html CVE-2024-42274 https://bugzilla.suse.com/1229417 SUSE Bug 1229417 In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvme_map_data() is called when request has physical segments, hence the nvme_unmap_data() should have same condition to avoid dereference. CVE-2024-42276 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42276.html CVE-2024-42276 https://bugzilla.suse.com/1229410 SUSE Bug 1229410 In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en() dom->sdev is equal to NULL, which leads to null dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-42277 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42277.html CVE-2024-42277 https://bugzilla.suse.com/1229409 SUSE Bug 1229409 In the Linux kernel, the following vulnerability has been resolved: ASoC: TAS2781: Fix tasdev_load_calibrated_data() This function has a reversed if statement so it's either a no-op or it leads to a NULL dereference. CVE-2024-42278 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42278.html CVE-2024-42278 https://bugzilla.suse.com/1229403 SUSE Bug 1229403 In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer While transmitting with rx_len == 0, the RX FIFO is not going to be emptied in the interrupt handler. A subsequent transfer could then read crap from the previous transfer out of the RX FIFO into the start RX buffer. The core provides a register that will empty the RX and TX FIFOs, so do that before each transfer. CVE-2024-42279 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42279.html CVE-2024-42279 https://bugzilla.suse.com/1229390 SUSE Bug 1229390 In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix a use after free in hfcmulti_tx() Don't dereference *sp after calling dev_kfree_skb(*sp). CVE-2024-42280 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42280.html CVE-2024-42280 https://bugzilla.suse.com/1229388 SUSE Bug 1229388 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2]. CVE-2024-42281 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42281.html CVE-2024-42281 https://bugzilla.suse.com/1229386 SUSE Bug 1229386 In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthop_grp contains two reserved fields that are not initialized by nla_put_nh_group(), and carry garbage. This can be observed e.g. with strace (edited for clarity): # ip nexthop add id 1 dev lo # ip nexthop add id 101 group 1 # strace -e recvmsg ip nexthop get id 101 ... recvmsg(... [{nla_len=12, nla_type=NHA_GROUP}, [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52 The fields are reserved and therefore not currently used. But as they are, they leak kernel memory, and the fact they are not just zero complicates repurposing of the fields for new ends. Initialize the full structure. CVE-2024-42283 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42283.html CVE-2024-42283 https://bugzilla.suse.com/1229383 SUSE Bug 1229383 In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address. CVE-2024-42284 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42284.html CVE-2024-42284 https://bugzilla.suse.com/1229382 SUSE Bug 1229382 In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct rdma_id_private after all pending work has finished. CVE-2024-42285 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42285.html CVE-2024-42285 https://bugzilla.suse.com/1229381 SUSE Bug 1229381 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvme_local_port correctly The driver load failed with error message, qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef and with a kernel crash, BUG: unable to handle kernel NULL pointer dereference at 0000000000000070 Workqueue: events_unbound qla_register_fcport_fn [qla2xxx] RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc] RSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000 RDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000 RBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030 R10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4 R13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8 FS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0 Call Trace: qla_nvme_register_remote+0xeb/0x1f0 [qla2xxx] ? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx] qla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx] qla_register_fcport_fn+0x54/0xc0 [qla2xxx] Exit the qla_nvme_register_remote() function when qla_nvme_register_hba() fails and correctly validate nvme_local_port. CVE-2024-42286 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42286.html CVE-2024-42286 https://bugzilla.suse.com/1229395 SUSE Bug 1229395 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT_RT SMP NOPTI RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0 RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034 R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000 FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x16f/0x4a0 ? do_user_addr_fault+0x174/0x7f0 ? exc_page_fault+0x69/0x1a0 ? asm_exc_page_fault+0x22/0x30 ? dma_direct_unmap_sg+0x51/0x1e0 ? preempt_count_sub+0x96/0xe0 qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx] qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx] __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx] The command completion was done early while aborting the commands in driver unload path but outside lock to avoid the WARN_ON condition of performing dma_free_attr within the lock. However this caused race condition while command completion via multiple paths causing system crash. Hence complete the command early in unload path but within the lock to avoid race condition. CVE-2024-42287 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42287.html CVE-2024-42287 https://bugzilla.suse.com/1229392 SUSE Bug 1229392 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB CVE-2024-42288 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42288.html CVE-2024-42288 https://bugzilla.suse.com/1229398 SUSE Bug 1229398 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but I/Os could not complete while vport delete is in process of deleting. BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI Workqueue: qla2xxx_wq qla_do_work [qla2xxx] RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0 RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8 R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0 Call Trace: <TASK> qla2xxx_qpair_sp_free_dma+0x417/0x4e0 ? qla2xxx_qpair_sp_compl+0x10d/0x1a0 ? qla2x00_status_entry+0x768/0x2830 ? newidle_balance+0x2f0/0x430 ? dequeue_entity+0x100/0x3c0 ? qla24xx_process_response_queue+0x6a1/0x19e0 ? __schedule+0x2d5/0x1140 ? qla_do_work+0x47/0x60 ? process_one_work+0x267/0x440 ? process_one_work+0x440/0x440 ? worker_thread+0x2d/0x3d0 ? process_one_work+0x440/0x440 ? kthread+0x156/0x180 ? set_kthread_struct+0x50/0x50 ? ret_from_fork+0x22/0x30 </TASK> Send out async logout explicitly for all the ports during vport delete. CVE-2024-42289 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42289.html CVE-2024-42289 https://bugzilla.suse.com/1229399 SUSE Bug 1229399 In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clk_prepare(). However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes sleeping functions, which triggers the 'scheduling while atomic' bug in the context switch path during device probing: BUG: scheduling while atomic: kworker/u13:1/48/0x00000002 Call trace: __schedule_bug+0x54/0x6c __schedule+0x7f0/0xa94 schedule+0x5c/0xc4 schedule_preempt_disabled+0x24/0x40 __mutex_lock.constprop.0+0x2c0/0x540 __mutex_lock_slowpath+0x14/0x20 mutex_lock+0x48/0x54 clk_prepare_lock+0x44/0xa0 clk_prepare+0x20/0x44 imx_irqsteer_resume+0x28/0xe0 pm_generic_runtime_resume+0x2c/0x44 __genpd_runtime_resume+0x30/0x80 genpd_runtime_resume+0xc8/0x2c0 __rpm_callback+0x48/0x1d8 rpm_callback+0x6c/0x78 rpm_resume+0x490/0x6b4 __pm_runtime_resume+0x50/0x94 irq_chip_pm_get+0x2c/0xa0 __irq_do_set_handler+0x178/0x24c irq_set_chained_handler_and_data+0x60/0xa4 mxc_gpio_probe+0x160/0x4b0 Cure this by implementing the irq_bus_lock/sync_unlock() interrupt chip callbacks and handle power management in them as they are invoked from non-atomic context. [ tglx: Rewrote change log, added Fixes tag ] CVE-2024-42290 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42290.html CVE-2024-42290 https://bugzilla.suse.com/1229379 SUSE Bug 1229379 In the Linux kernel, the following vulnerability has been resolved: ice: Add a per-VF limit on number of FDIR filters While the iavf driver adds a s/w limit (128) on the number of FDIR filters that the VF can request, a malicious VF driver can request more than that and exhaust the resources for other VFs. Add a similar limit in ice. CVE-2024-42291 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42291.html CVE-2024-42291 https://bugzilla.suse.com/1229374 SUSE Bug 1229374 In the Linux kernel, the following vulnerability has been resolved: kobject_uevent: Fix OOB access within zap_modalias_env() zap_modalias_env() wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed by correcting size to memmove. CVE-2024-42292 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42292.html CVE-2024-42292 https://bugzilla.suse.com/1229373 SUSE Bug 1229373 In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle inconsistent state in nilfs_btnode_create_block() Syzbot reported that a buffer state inconsistency was detected in nilfs_btnode_create_block(), triggering a kernel bug. It is not appropriate to treat this inconsistency as a bug; it can occur if the argument block address (the buffer index of the newly created block) is a virtual block number and has been reallocated due to corruption of the bitmap used to manage its allocation state. So, modify nilfs_btnode_create_block() and its callers to treat it as a possible filesystem error, rather than triggering a kernel bug. CVE-2024-42295 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42295.html CVE-2024-42295 https://bugzilla.suse.com/1229370 SUSE Bug 1229370 In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. CVE-2024-42298 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42298.html CVE-2024-42298 https://bugzilla.suse.com/1229369 SUSE Bug 1229369 In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I encountered during the actual issue: [ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport] [ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm: QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2 [ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp [ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024 [ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace: [ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0 [ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20 [ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c [ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc [ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38 [ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport] CVE-2024-42301 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42301.html CVE-2024-42301 https://bugzilla.suse.com/1229407 SUSE Bug 1229407 In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Keith reports a use-after-free when a DPC event occurs concurrently to hot-removal of the same portion of the hierarchy: The dpc_handler() awaits readiness of the secondary bus below the Downstream Port where the DPC event occurred. To do so, it polls the config space of the first child device on the secondary bus. If that child device is concurrently removed, accesses to its struct pci_dev cause the kernel to oops. That's because pci_bridge_wait_for_secondary_bus() neglects to hold a reference on the child device. Before v6.3, the function was only called on resume from system sleep or on runtime resume. Holding a reference wasn't necessary back then because the pciehp IRQ thread could never run concurrently. (On resume from system sleep, IRQs are not enabled until after the resume_noirq phase. And runtime resume is always awaited before a PCI device is removed.) However starting with v6.3, pci_bridge_wait_for_secondary_bus() is also called on a DPC event. Commit 53b54ad074de ("PCI/DPC: Await readiness of secondary bus after reset"), which introduced that, failed to appreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a reference on the child device because dpc_handler() and pciehp may indeed run concurrently. The commit was backported to v5.10+ stable kernels, so that's the oldest one affected. Add the missing reference acquisition. Abridged stack trace: BUG: unable to handle page fault for address: 00000000091400c0 CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0 RIP: pci_bus_read_config_dword+0x17/0x50 pci_dev_wait() pci_bridge_wait_for_secondary_bus() dpc_reset_link() pcie_do_recovery() dpc_handler() CVE-2024-42302 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42302.html CVE-2024-42302 https://bugzilla.suse.com/1229366 SUSE Bug 1229366 In the Linux kernel, the following vulnerability has been resolved: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() devm_regmap_init_mmio() can fail, add a check and bail out in case of error. CVE-2024-42303 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42303.html CVE-2024-42303 https://bugzilla.suse.com/1229365 SUSE Bug 1229365 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-42308 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42308.html CVE-2024-42308 https://bugzilla.suse.com/1229411 SUSE Bug 1229411 In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes In psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. CVE-2024-42309 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42309.html CVE-2024-42309 https://bugzilla.suse.com/1229359 SUSE Bug 1229359 In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. CVE-2024-42310 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42310.html CVE-2024-42310 https://bugzilla.suse.com/1229358 SUSE Bug 1229358 In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0 to 64 ===================================================== BUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 d_revalidate fs/namei.c:862 [inline] lookup_fast+0x89e/0x8e0 fs/namei.c:1649 walk_component fs/namei.c:2001 [inline] link_path_walk+0x817/0x1480 fs/namei.c:2332 path_lookupat+0xd9/0x6f0 fs/namei.c:2485 filename_lookup+0x22e/0x740 fs/namei.c:2515 user_path_at_empty+0x8b/0x390 fs/namei.c:2924 user_path_at include/linux/namei.h:57 [inline] do_mount fs/namespace.c:3689 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x66b/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b BUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline] BUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366 hfs_ext_read_extent fs/hfs/extent.c:196 [inline] hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366 block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271 hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39 filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426 do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553 do_read_cache_page mm/filemap.c:3595 [inline] read_cache_page+0xfb/0x2f0 mm/filemap.c:3604 read_mapping_page include/linux/pagemap.h:755 [inline] hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78 hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204 hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406 mount_bdev+0x628/0x920 fs/super.c:1359 hfs_mount+0xcd/0xe0 fs/hfs/super.c:456 legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610 vfs_get_tree+0xdc/0x5d0 fs/super.c:1489 do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145 path_mount+0xf98/0x26a0 fs/namespace.c:3475 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674 __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] alloc_slab_page mm/slub.c:2190 [inline] allocate_slab mm/slub.c:2354 [inline] new_slab+0x2d7/0x1400 mm/slub.c:2407 ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540 __slab_alloc mm/slub.c:3625 [inline] __slab_alloc_node mm/slub.c:3678 [inline] slab_alloc_node mm/slub.c:3850 [inline] kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879 alloc_inode_sb include/linux/fs.h:3018 [inline] hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165 alloc_inode+0x83/0x440 fs/inode.c:260 new_inode_pseudo fs/inode.c:1005 [inline] new_inode+0x38/0x4f0 fs/inode.c:1031 hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186 hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228 vfs_mkdir+0x49a/0x700 fs/namei.c:4126 do_mkdirat+0x529/0x810 fs/namei.c:4149 __do_sys_mkdirat fs/namei.c:4164 [inline] __se_sys_mkdirat fs/namei.c:4162 [inline] __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b It missed to initialize .tz_secondswest, .cached_start and .cached_blocks fields in struct hfs_inode_info after hfs_alloc_inode(), fix it. CVE-2024-42311 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42311.html CVE-2024-42311 https://bugzilla.suse.com/1229413 SUSE Bug 1229413 In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed. CVE-2024-42312 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42312.html CVE-2024-42312 https://bugzilla.suse.com/1229357 SUSE Bug 1229357 In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdec_close There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free for inst. Fix it by cancelling the work in vdec_close. CVE-2024-42313 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42313.html CVE-2024-42313 https://bugzilla.suse.com/1229356 SUSE Bug 1229356 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when adding pages to compressed bio At add_ra_bio_pages() we are accessing the extent map to calculate 'add_size' after we dropped our reference on the extent map, resulting in a use-after-free. Fix this by computing 'add_size' before dropping our extent map reference. CVE-2024-42314 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42314.html CVE-2024-42314 https://bugzilla.suse.com/1229355 SUSE Bug 1229355 In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on __exfat_get_dentry_set When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array is allocated in __exfat_get_entry_set. The problem is that the bh-array is allocated with GFP_KERNEL. It does not make sense. In the following cases, a deadlock for sbi->s_lock between the two processes may occur. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_readdir exfat_get_uniname_from_ext_entry exfat_get_dentry_set __exfat_get_dentry_set kmalloc_array ... lock(fs_reclaim) ... evict exfat_evict_inode lock(&sbi->s_lock) To fix this, let's allocate bh-array with GFP_NOFS. CVE-2024-42315 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42315.html CVE-2024-42315 https://bugzilla.suse.com/1229354 SUSE Bug 1229354 In the Linux kernel, the following vulnerability has been resolved: mm/mglru: fix div-by-zero in vmpressure_calc_level() evict_folios() uses a second pass to reclaim folios that have gone through page writeback and become clean before it finishes the first pass, since folio_rotate_reclaimable() cannot handle those folios due to the isolation. The second pass tries to avoid potential double counting by deducting scan_control->nr_scanned. However, this can result in underflow of nr_scanned, under a condition where shrink_folio_list() does not increment nr_scanned, i.e., when folio_trylock() fails. The underflow can cause the divisor, i.e., scale=scanned+reclaimed in vmpressure_calc_level(), to become zero, resulting in the following crash: [exception RIP: vmpressure_work_fn+101] process_one_work at ffffffffa3313f2b Since scan_control->nr_scanned has no established semantics, the potential double counting has minimal risks. Therefore, fix the problem by not deducting scan_control->nr_scanned in evict_folios(). CVE-2024-42316 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42316.html CVE-2024-42316 https://bugzilla.suse.com/1229353 SUSE Bug 1229353 In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the cred_transfer LSM hook is used instead. Landlock only implements the cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes all information on Landlock restrictions to be lost. This basically means that a process with the ability to use the fork() and keyctl() syscalls can get rid of all Landlock restrictions on itself. Fix it by adding a cred_transfer hook that does the same thing as the existing cred_prepare hook. (Implemented by having hook_cred_prepare() call hook_cred_transfer() so that the two functions are less likely to accidentally diverge in the future.) CVE-2024-42318 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42318.html CVE-2024-42318 https://bugzilla.suse.com/1229351 SUSE Bug 1229351 In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() When mtk-cmdq unbinds, a WARN_ON message with condition pm_runtime_get_sync() < 0 occurs. According to the call tracei below: cmdq_mbox_shutdown mbox_free_channel mbox_controller_unregister __devm_mbox_controller_unregister ... The root cause can be deduced to be calling pm_runtime_get_sync() after calling pm_runtime_disable() as observed below: 1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe() to bind the cmdq device to the mbox_controller, so devm_mbox_controller_unregister() will automatically unregister the device bound to the mailbox controller when the device-managed resource is removed. That means devm_mbox_controller_unregister() and cmdq_mbox_shoutdown() will be called after cmdq_remove(). 2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after devm_mbox_controller_register(), so that devm_pm_runtime_disable() will be called after cmdq_remove(), but before devm_mbox_controller_unregister(). To fix this problem, cmdq_probe() needs to move devm_mbox_controller_register() after devm_pm_runtime_enable() to make devm_pm_runtime_disable() be called after devm_mbox_controller_unregister(). CVE-2024-42319 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42319.html CVE-2024-42319 https://bugzilla.suse.com/1229350 SUSE Bug 1229350 In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error checks in dasd_copy_pair_store() dasd_add_busid() can return an error via ERR_PTR() if an allocation fails. However, two callsites in dasd_copy_pair_store() do not check the result, potentially resulting in a NULL pointer dereference. Fix this by checking the result with IS_ERR() and returning the error up the stack. CVE-2024-42320 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42320.html CVE-2024-42320 https://bugzilla.suse.com/1229349 SUSE Bug 1229349 In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression CVE-2024-42322 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-42322.html CVE-2024-42322 https://bugzilla.suse.com/1229347 SUSE Bug 1229347 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages On big endian architectures, it is possible to run into a memory out of bounds pointer dereference when FCP targets are zoned. In lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl->sge_len) is referencing a little endian formatted sgl->sge_len value. So, the memcpy can cause big endian systems to crash. Redefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are referring to a little endian formatted data structure. And, update the routine with proper le32_to_cpu macro usages. CVE-2024-43816 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43816.html CVE-2024-43816 https://bugzilla.suse.com/1229318 SUSE Bug 1229318 In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again 1. After the skb_segment function the buffer may become non-linear (nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere the __skb_linearize function will not be executed, then the buffer will remain non-linear. Then the condition (offset >= skb_headlen(skb)) becomes true, which causes WARN_ON_ONCE in skb_checksum_help. 2. The struct sk_buff and struct virtio_net_hdr members must be mathematically related. (gso_size) must be greater than (needed) otherwise WARN_ON_ONCE. (remainder) must be greater than (needed) otherwise WARN_ON_ONCE. (remainder) may be 0 if division is without remainder. offset+2 (4191) > skb_headlen() (1116) WARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303 Modules linked in: CPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 RIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303 Code: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef RSP: 0018:ffffc90003a9f338 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209 RDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001 RBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c R13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d FS: 0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777 ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584 ip_finish_output_gso net/ipv4/ip_output.c:286 [inline] __ip_finish_output net/ipv4/ip_output.c:308 [inline] __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295 ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433 dst_output include/net/dst.h:451 [inline] ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129 iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82 ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline] sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3545 [inline] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561 __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346 dev_queue_xmit include/linux/netdevice.h:3134 [inline] packet_xmit+0x257/0x380 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3087 [inline] packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745 __sys_sendto+0x255/0x340 net/socket.c:2190 __do_sys_sendto net/socket.c:2202 [inline] __se_sys_sendto net/socket.c:2198 [inline] __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b Found by Linux Verification Center (linuxtesting.org) with Syzkaller CVE-2024-43817 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43817.html CVE-2024-43817 https://bugzilla.suse.com/1229312 SUSE Bug 1229312 In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: Adjust error handling in case of absent codec device acpi_get_first_physical_node() can return NULL in several cases (no such device, ACPI table error, reference count drop to 0, etc). Existing check just emit error message, but doesn't perform return. Then this NULL pointer is passed to devm_acpi_dev_add_driver_gpios() where it is dereferenced. Adjust this error handling by adding error code return. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-43818 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43818.html CVE-2024-43818 https://bugzilla.suse.com/1229296 SUSE Bug 1229296 In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM. This is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and would thus result in a null pointer dereference further in. Memory management needs to be performed in userspace and using the ioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP. Also improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_MEMORY_REGION2. [frankja@linux.ibm.com: commit message spelling fix, subject prefix fix] CVE-2024-43819 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43819.html CVE-2024-43819 https://bugzilla.suse.com/1229290 SUSE Bug 1229290 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix a possible null pointer dereference In function lpfc_xcvr_data_show, the memory allocation with kmalloc might fail, thereby making rdp_context a null pointer. In the following context and functions that use this pointer, there are dereferencing operations, leading to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, use scnprintf to notify the user and return len. CVE-2024-43821 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43821.html CVE-2024-43821 https://bugzilla.suse.com/1229315 SUSE Bug 1229315 In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() If IORESOURCE_MEM is not provided in Device Tree due to any error, resource_list_first_type() will return NULL and pci_parse_request_of_pci_ranges() will just emit a warning. This will cause a NULL pointer dereference. Fix this bug by adding NULL return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-43823 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43823.html CVE-2024-43823 https://bugzilla.suse.com/1229303 SUSE Bug 1229303 In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() Instead of getting the epc_features from pci_epc_get_features() API, use the cached pci_epf_test::epc_features value to avoid the NULL check. Since the NULL check is already performed in pci_epf_test_bind(), having one more check in pci_epf_test_core_init() is redundant and it is not possible to hit the NULL pointer dereference. Also with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier" flag"), 'epc_features' got dereferenced without the NULL check, leading to the following false positive Smatch warning: drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed 'epc_features' could be null (see line 747) Thus, remove the redundant NULL check and also use the epc_features:: {msix_capable/msi_capable} flags directly to avoid local variables. [kwilczynski: commit log] CVE-2024-43824 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43824.html CVE-2024-43824 https://bugzilla.suse.com/1229320 SUSE Bug 1229320 In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iio_gts_build_avail_time_table The sorting in iio_gts_build_avail_time_table is not working as intended. It could result in an out-of-bounds access when the time is zero. Here are more details: 1. When the gts->itime_table[i].time_us is zero, e.g., the time sequence is `3, 0, 1`, the inner for-loop will not terminate and do out-of-bound writes. This is because once `times[j] > new`, the value `new` will be added in the current position and the `times[j]` will be moved to `j+1` position, which makes the if-condition always hold. Meanwhile, idx will be added one, making the loop keep running without termination and out-of-bound write. 2. If none of the gts->itime_table[i].time_us is zero, the elements will just be copied without being sorted as described in the comment "Sort times from all tables to one and remove duplicates". For more details, please refer to https://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com. CVE-2024-43825 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43825.html CVE-2024-43825 https://bugzilla.suse.com/1229298 SUSE Bug 1229298 In the Linux kernel, the following vulnerability has been resolved: nfs: pass explicit offset/count to trace events nfs_folio_length is unsafe to use without having the folio locked and a check for a NULL ->f_mapping that protects against truncations and can lead to kernel crashes. E.g. when running xfstests generic/065 with all nfs trace points enabled. Follow the model of the XFS trace points and pass in an explіcit offset and length. This has the additional benefit that these values can be more accurate as some of the users touch partial folio ranges. CVE-2024-43826 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43826.html CVE-2024-43826 https://bugzilla.suse.com/1229294 SUSE Bug 1229294 In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drm_cvt_mode Add check for the return value of drm_cvt_mode() and return the error if it fails in order to avoid NULL pointer dereference. CVE-2024-43829 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43829.html CVE-2024-43829 https://bugzilla.suse.com/1229341 SUSE Bug 1229341 In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by the activate() callback and freed by the deactivate() callback. Calling device_remove_groups() after calling deactivate() leaves a window where the sysfs attributes show/store functions could be called after deactivation and then operate on the just freed trigger-data. Move the device_remove_groups() call to before deactivate() to close this race window. This also makes the deactivation path properly do things in reverse order of the activation path which calls the activate() callback before calling device_add_groups(). CVE-2024-43830 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43830.html CVE-2024-43830 https://bugzilla.suse.com/1229305 SUSE Bug 1229305 In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use. CVE-2024-43831 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43831.html CVE-2024-43831 https://bugzilla.suse.com/1229309 SUSE Bug 1229309 In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix NULL pointer dereference in adding ancillary links In v4l2_async_create_ancillary_links(), ancillary links are created for lens and flash sub-devices. These are sub-device to sub-device links and if the async notifier is related to a V4L2 device, the source sub-device of the ancillary link is NULL, leading to a NULL pointer dereference. Check the notifier's sd field is non-NULL in v4l2_async_create_ancillary_links(). [Sakari Ailus: Reword the subject and commit messages slightly.] CVE-2024-43833 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43833.html CVE-2024-43833 https://bugzilla.suse.com/1229299 SUSE Bug 1229299 In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of page_pool_destroy() If the driver uses a page pool, it creates a page pool with page_pool_create(). The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference count reaches 0. page_pool_destroy() is used to destroy page pool, it decreases a reference count. When a page pool is destroyed, ->disconnect() is called, which is mem_allocator_disconnect(). This function internally acquires mutex_lock(). If the driver uses XDP, it registers a memory model with xdp_rxq_info_reg_mem_model(). The xdp_rxq_info_reg_mem_model() internally increases a page pool reference count if a memory model is a page pool. Now the reference count is 2. To destroy a page pool, the driver should call both page_pool_destroy() and xdp_unreg_mem_model(). The xdp_unreg_mem_model() internally calls page_pool_destroy(). Only page_pool_destroy() decreases a reference count. If a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we will face an invalid wait context warning. Because xdp_unreg_mem_model() calls page_pool_destroy() with rcu_read_lock(). The page_pool_destroy() internally acquires mutex_lock(). Splat looks like: ============================= [ BUG: Invalid wait context ] 6.10.0-rc6+ #4 Tainted: G W ----------------------------- ethtool/1806 is trying to lock: ffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150 other info that might help us debug this: context-{5:5} 3 locks held by ethtool/1806: stack backtrace: CPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021 Call Trace: <TASK> dump_stack_lvl+0x7e/0xc0 __lock_acquire+0x1681/0x4de0 ? _printk+0x64/0xe0 ? __pfx_mark_lock.part.0+0x10/0x10 ? __pfx___lock_acquire+0x10/0x10 lock_acquire+0x1b3/0x580 ? mem_allocator_disconnect+0x73/0x150 ? __wake_up_klogd.part.0+0x16/0xc0 ? __pfx_lock_acquire+0x10/0x10 ? dump_stack_lvl+0x91/0xc0 __mutex_lock+0x15c/0x1690 ? mem_allocator_disconnect+0x73/0x150 ? __pfx_prb_read_valid+0x10/0x10 ? mem_allocator_disconnect+0x73/0x150 ? __pfx_llist_add_batch+0x10/0x10 ? console_unlock+0x193/0x1b0 ? lockdep_hardirqs_on+0xbe/0x140 ? __pfx___mutex_lock+0x10/0x10 ? tick_nohz_tick_stopped+0x16/0x90 ? __irq_work_queue_local+0x1e5/0x330 ? irq_work_queue+0x39/0x50 ? __wake_up_klogd.part.0+0x79/0xc0 ? mem_allocator_disconnect+0x73/0x150 mem_allocator_disconnect+0x73/0x150 ? __pfx_mem_allocator_disconnect+0x10/0x10 ? mark_held_locks+0xa5/0xf0 ? rcu_is_watching+0x11/0xb0 page_pool_release+0x36e/0x6d0 page_pool_destroy+0xd7/0x440 xdp_unreg_mem_model+0x1a7/0x2a0 ? __pfx_xdp_unreg_mem_model+0x10/0x10 ? kfree+0x125/0x370 ? bnxt_free_ring.isra.0+0x2eb/0x500 ? bnxt_free_mem+0x5ac/0x2500 xdp_rxq_info_unreg+0x4a/0xd0 bnxt_free_mem+0x1356/0x2500 bnxt_close_nic+0xf0/0x3b0 ? __pfx_bnxt_close_nic+0x10/0x10 ? ethnl_parse_bit+0x2c6/0x6d0 ? __pfx___nla_validate_parse+0x10/0x10 ? __pfx_ethnl_parse_bit+0x10/0x10 bnxt_set_features+0x2a8/0x3e0 __netdev_update_features+0x4dc/0x1370 ? ethnl_parse_bitset+0x4ff/0x750 ? __pfx_ethnl_parse_bitset+0x10/0x10 ? __pfx___netdev_update_features+0x10/0x10 ? mark_held_locks+0xa5/0xf0 ? _raw_spin_unlock_irqrestore+0x42/0x70 ? __pm_runtime_resume+0x7d/0x110 ethnl_set_features+0x32d/0xa20 To fix this problem, it uses rhashtable_lookup_fast() instead of rhashtable_lookup() with rcu_read_lock(). Using xa without rcu_read_lock() here is safe. xa is freed by __xdp_mem_allocator_rcu_free() and this is called by call_rcu() of mem_xa_remove(). The mem_xa_remove() is called by page_pool_destroy() if a reference count reaches 0. The xa is already protected by the reference count mechanism well in the control plane. So removing rcu_read_lock() for page_pool_destroy() is safe. CVE-2024-43834 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43834.html CVE-2024-43834 https://bugzilla.suse.com/1229314 SUSE Bug 1229314 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT When loading a EXT program without specifying `attr->attach_prog_fd`, the `prog->aux->dst_prog` will be null. At this time, calling resolve_prog_type() anywhere will result in a null pointer dereference. Example stack trace: [ 8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 [ 8.108262] Mem abort info: [ 8.108384] ESR = 0x0000000096000004 [ 8.108547] EC = 0x25: DABT (current EL), IL = 32 bits [ 8.108722] SET = 0, FnV = 0 [ 8.108827] EA = 0, S1PTW = 0 [ 8.108939] FSC = 0x04: level 0 translation fault [ 8.109102] Data abort info: [ 8.109203] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 8.109399] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 8.109614] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000 [ 8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000 [ 8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 8.112783] Modules linked in: [ 8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1 [ 8.113230] Hardware name: linux,dummy-virt (DT) [ 8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 8.113429] pc : may_access_direct_pkt_data+0x24/0xa0 [ 8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8 [ 8.113798] sp : ffff80008283b9f0 [ 8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001 [ 8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000 [ 8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000 [ 8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff [ 8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720 [ 8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720 [ 8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4 [ 8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f [ 8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c [ 8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000 [ 8.114126] Call trace: [ 8.114159] may_access_direct_pkt_data+0x24/0xa0 [ 8.114202] bpf_check+0x3bc/0x28c0 [ 8.114214] bpf_prog_load+0x658/0xa58 [ 8.114227] __sys_bpf+0xc50/0x2250 [ 8.114240] __arm64_sys_bpf+0x28/0x40 [ 8.114254] invoke_syscall.constprop.0+0x54/0xf0 [ 8.114273] do_el0_svc+0x4c/0xd8 [ 8.114289] el0_svc+0x3c/0x140 [ 8.114305] el0t_64_sync_handler+0x134/0x150 [ 8.114331] el0t_64_sync+0x168/0x170 [ 8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403) [ 8.118672] ---[ end trace 0000000000000000 ]--- One way to fix it is by forcing `attach_prog_fd` non-empty when bpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type` API broken which use verifier log to probe prog type and will log nothing if we reject invalid EXT prog before bpf_check(). Another way is by adding null check in resolve_prog_type(). The issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wanted to correct type resolution for BPF_PROG_TYPE_TRACING programs. Before that, the type resolution of BPF_PROG_TYPE_EXT prog actually follows the logic below: prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type; It implies that when EXT program is not yet attached to `dst_prog`, the prog type should be EXT itself. This code worked fine in the past. So just keep using it. Fix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog` is not present in resolve_prog_type(). CVE-2024-43837 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43837.html CVE-2024-43837 https://bugzilla.suse.com/1229297 SUSE Bug 1229297 In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used there. For '%d' specifiers, assume that they require: * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8 * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX is 16 And replace sprintf with snprintf. Detected using the static analysis tool - Svace. CVE-2024-43839 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43839.html CVE-2024-43839 https://bugzilla.suse.com/1229301 SUSE Bug 1229301 In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG When BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls __bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them the struct bpf_tramp_image *im pointer as an argument in R0. The trampoline generation code uses emit_addr_mov_i64() to emit instructions for moving the bpf_tramp_image address into R0, but emit_addr_mov_i64() assumes the address to be in the vmalloc() space and uses only 48 bits. Because bpf_tramp_image is allocated using kzalloc(), its address can use more than 48-bits, in this case the trampoline will pass an invalid address to __bpf_tramp_enter/exit() causing a kernel crash. Fix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64() as it can work with addresses that are greater than 48-bits. CVE-2024-43840 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43840.html CVE-2024-43840 https://bugzilla.suse.com/1229344 SUSE Bug 1229344 In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found). The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. Eventually cfg80211 won't be able to find the cfg80211_bss and generate the warning. Fixed it by checking the SSID (from user space) in the connection code. CVE-2024-43841 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43841.html CVE-2024-43841 https://bugzilla.suse.com/1229304 SUSE Bug 1229304 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() In rtw89_sta_info_get_iter() 'status->he_gi' is compared to array size. But then 'rate->he_gi' is used as array index instead of 'status->he_gi'. This can lead to go beyond array boundaries in case of 'rate->he_gi' is not equal to 'status->he_gi' and is bigger than array size. Looks like "copy-paste" mistake. Fix this mistake by replacing 'rate->he_gi' with 'status->he_gi'. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-43842 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43842.html CVE-2024-43842 https://bugzilla.suse.com/1229317 SUSE Bug 1229317 In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases: Without and with hints, where hints are a pre-computed recommendation on how to aggregate the provided objects. Nesting is not possible in the first case due to a check that prevents it, but in the second case there is no check because the assumption is that nesting cannot happen when creating objects based on hints. The violation of this assumption leads to various warnings and eventually to a general protection fault [1]. Before fixing the root cause, error out when nesting happens and warn. [1] general protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80 [...] Call Trace: <TASK> mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270 mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> CVE-2024-43846 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43846.html CVE-2024-43846 https://bugzilla.suse.com/1229360 SUSE Bug 1229360 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid memory access while processing fragmented packets The monitor ring and the reo reinject ring share the same ring mask index. When the driver receives an interrupt for the reo reinject ring, the monitor ring is also processed, leading to invalid memory access. Since monitor support is not yet enabled in ath12k, the ring mask for the monitor ring should be removed. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1 CVE-2024-43847 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43847.html CVE-2024-43847 https://bugzilla.suse.com/1229291 SUSE Bug 1229291 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: protect locator_addr with the main mutex If the service locator server is restarted fast enough, the PDR can rewrite locator_addr fields concurrently. Protect them by placing modification of those fields under the main pdr->lock. CVE-2024-43849 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43849.html CVE-2024-43849 https://bugzilla.suse.com/1229307 SUSE Bug 1229307 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove The following warning is seen during bwmon_remove due to refcount imbalance, fix this by releasing the OPPs after use. Logs: WARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158 Hardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT) ... Call trace: _opp_table_kref_release+0x150/0x158 dev_pm_opp_remove_table+0x100/0x1b4 devm_pm_opp_of_table_release+0x10/0x1c devm_action_release+0x14/0x20 devres_release_all+0xa4/0x104 device_unbind_cleanup+0x18/0x60 device_release_driver_internal+0x1ec/0x228 driver_detach+0x50/0x98 bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 bwmon_driver_exit+0x18/0x524 [icc_bwmon] __arm64_sys_delete_module+0x184/0x264 invoke_syscall+0x48/0x118 el0_svc_common.constprop.0+0xc8/0xe8 do_el0_svc+0x20/0x2c el0_svc+0x34/0xdc el0t_64_sync_handler+0x13c/0x158 el0t_64_sync+0x190/0x194 --[ end trace 0000000000000000 ]--- CVE-2024-43850 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43850.html CVE-2024-43850 https://bugzilla.suse.com/1229316 SUSE Bug 1229316 In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: rename cpu_number1 to dummy_cpu_number The per cpu variable cpu_number1 is passed to xlnx_event_handler as argument "dev_id", but it is not used in this function. So drop the initialization of this variable and rename it to dummy_cpu_number. This patch is to fix the following call trace when the kernel option CONFIG_DEBUG_ATOMIC_SLEEP is enabled: BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0 preempt_count: 1, expected: 0 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.0 #53 Hardware name: Xilinx Versal vmk180 Eval board rev1.1 (QSPI) (DT) Call trace: dump_backtrace+0xd0/0xe0 show_stack+0x18/0x40 dump_stack_lvl+0x7c/0xa0 dump_stack+0x18/0x34 __might_resched+0x10c/0x140 __might_sleep+0x4c/0xa0 __kmem_cache_alloc_node+0xf4/0x168 kmalloc_trace+0x28/0x38 __request_percpu_irq+0x74/0x138 xlnx_event_manager_probe+0xf8/0x298 platform_probe+0x68/0xd8 CVE-2024-43851 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43851.html CVE-2024-43851 https://bugzilla.suse.com/1229313 SUSE Bug 1229313 In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be reproduced by the following methods: 1.add an mdelay(1000) before acquiring the cgroup_lock In the cgroup_path_ns function. 2.$cat /proc/<pid>/cpuset repeatly. 3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/ $umount /sys/fs/cgroup/cpuset/ repeatly. The race that cause this bug can be shown as below: (umount) | (cat /proc/<pid>/cpuset) css_release | proc_cpuset_show css_release_work_fn | css = task_get_css(tsk, cpuset_cgrp_id); css_free_rwork_fn | cgroup_path_ns(css->cgroup, ...); cgroup_destroy_root | mutex_lock(&cgroup_mutex); rebind_subsystems | cgroup_free_root | | // cgrp was freed, UAF | cgroup_path_ns_locked(cgrp,..); When the cpuset is initialized, the root node top_cpuset.css.cgrp will point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will allocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated &cgroup_root.cgrp. When the umount operation is executed, top_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp. The problem is that when rebinding to cgrp_dfl_root, there are cases where the cgroup_root allocated by setting up the root for cgroup v1 is cached. This could lead to a Use-After-Free (UAF) if it is subsequently freed. The descendant cgroups of cgroup v1 can only be freed after the css is released. However, the css of the root will never be released, yet the cgroup_root should be freed when it is unmounted. This means that obtaining a reference to the css of the root does not guarantee that css.cgrp->root will not be freed. Fix this problem by using rcu_read_lock in proc_cpuset_show(). As cgroup_root is kfree_rcu after commit d23b5c577715 ("cgroup: Make operations on the cgroup root_list RCU safe"), css->cgroup won't be freed during the critical section. To call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to replace task_get_css with task_css. [1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd CVE-2024-43853 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43853.html CVE-2024-43853 https://bugzilla.suse.com/1229292 SUSE Bug 1229292 In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this is limited to the app tag that isn't used by kernel generated metadata, but for non-PI metadata the entire buffer leaks kernel memory. Fix this by adding the __GFP_ZERO flag to allocations for writes. CVE-2024-43854 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43854.html CVE-2024-43854 https://bugzilla.suse.com/1229345 SUSE Bug 1229345 In the Linux kernel, the following vulnerability has been resolved: md: fix deadlock between mddev_suspend and flush bio Deadlock occurs when mddev is being suspended while some flush bio is in progress. It is a complex issue. T1. the first flush is at the ending stage, it clears 'mddev->flush_bio' and tries to submit data, but is blocked because mddev is suspended by T4. T2. the second flush sets 'mddev->flush_bio', and attempts to queue md_submit_flush_data(), which is already running (T1) and won't execute again if on the same CPU as T1. T3. the third flush inc active_io and tries to flush, but is blocked because 'mddev->flush_bio' is not NULL (set by T2). T4. mddev_suspend() is called and waits for active_io dec to 0 which is inc by T3. T1 T2 T3 T4 (flush 1) (flush 2) (third 3) (suspend) md_submit_flush_data mddev->flush_bio = NULL; . . md_flush_request . mddev->flush_bio = bio . queue submit_flushes . . . . md_handle_request . . active_io + 1 . . md_flush_request . . wait !mddev->flush_bio . . . . mddev_suspend . . wait !active_io . . . submit_flushes . queue_work md_submit_flush_data . //md_submit_flush_data is already running (T1) . md_handle_request wait resume The root issue is non-atomic inc/dec of active_io during flush process. active_io is dec before md_submit_flush_data is queued, and inc soon after md_submit_flush_data() run. md_flush_request active_io + 1 submit_flushes active_io - 1 md_submit_flush_data md_handle_request active_io + 1 make_request active_io - 1 If active_io is dec after md_handle_request() instead of within submit_flushes(), make_request() can be called directly intead of md_handle_request() in md_submit_flush_data(), and active_io will only inc and dec once in the whole flush process. Deadlock will be fixed. Additionally, the only difference between fixing the issue and before is that there is no return error handling of make_request(). But after previous patch cleaned md_write_start(), make_requst() only return error in raid5_make_request() by dm-raid, see commit 41425f96d7aa ("dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape)". Since dm always splits data and flush operation into two separate io, io size of flush submitted by dm always is 0, make_request() will not be called in md_submit_flush_data(). To prevent future modifications from introducing issues, add WARN_ON to ensure make_request() no error is returned in this context. CVE-2024-43855 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43855.html CVE-2024-43855 https://bugzilla.suse.com/1229342 SUSE Bug 1229342 In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and add it to the devres list. If this happens, there will be two entries in the devres list with the same vaddr and devres_destroy() can free the wrong entry, triggering the WARN_ON() in dmam_match. Fix by destroying the devres entry before freeing the DMA allocation. kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03 CVE-2024-43856 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43856.html CVE-2024-43856 https://bugzilla.suse.com/1229346 SUSE Bug 1229346 In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree CVE-2024-43858 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43858.html CVE-2024-43858 https://bugzilla.suse.com/1229414 SUSE Bug 1229414 In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Skip over memory region when node value is NULL In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts number of phandles. But phandles may be empty. So of_parse_phandle() in the parsing loop (0 < a < nph) may return NULL which is later dereferenced. Adjust this issue by adding NULL-return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. [Fixed title to fit within the prescribed 70-75 charcters] CVE-2024-43860 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43860.html CVE-2024-43860 https://bugzilla.suse.com/1229319 SUSE Bug 1229319 In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive. CVE-2024-43861 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43861.html CVE-2024-43861 https://bugzilla.suse.com/1229500 SUSE Bug 1229500 https://bugzilla.suse.com/1229553 SUSE Bug 1229553 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads. The fence destroy callback both deletes the fence and removes it from the list of pending fences, for which it holds a lock. dma buf polling cb unrefs a fence after it's been signaled: so the poll calls the wait, which signals the fences, which are being destroyed. The destruction tries to acquire the lock on the pending fences list which it can never get because it's held by the wait from which it was called. Old bug, but not a lot of userspace apps were using dma-buf polling interfaces. Fix those, in particular this fixes KDE stalls/deadlock. CVE-2024-43863 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43863.html CVE-2024-43863 https://bugzilla.suse.com/1229497 SUSE Bug 1229497 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix CT entry update leaks of modify header context The cited commit allocates a new modify header to replace the old one when updating CT entry. But if failed to allocate a new one, eg. exceed the max number firmware can support, modify header will be an error pointer that will trigger a panic when deallocating it. And the old modify header point is copied to old attr. When the old attr is freed, the old modify header is lost. Fix it by restoring the old attr to attr when failed to allocate a new modify header context. So when the CT entry is freed, the right modify header context will be freed. And the panic of accessing error pointer is also fixed. CVE-2024-43864 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43864.html CVE-2024-43864 https://bugzilla.suse.com/1229496 SUSE Bug 1229496 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always drain health in shutdown callback There is no point in recovery during device shutdown. if health work started need to wait for it to avoid races and NULL pointer access. Hence, drain health WQ on shutdown callback. CVE-2024-43866 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43866.html CVE-2024-43866 https://bugzilla.suse.com/1229495 SUSE Bug 1229495 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix refcount underflow Calling nouveau_bo_ref() on a nouveau_bo without initializing it (and hence the backing ttm_bo) leads to a refcount underflow. Instead of calling nouveau_bo_ref() in the unwind path of drm_gem_object_init(), clean things up manually. (cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5) CVE-2024-43867 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43867.html CVE-2024-43867 https://bugzilla.suse.com/1229493 SUSE Bug 1229493 In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu(). CVE-2024-43871 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43871.html CVE-2024-43871 https://bugzilla.suse.com/1229490 SUSE Bug 1229490 In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently. This may cause the CPU core staying in interrupt context too long and lead to soft lockup under heavy load. Handle CEQEs in BH workqueue and set an upper limit for the number of CEQE handled by a single call of work handler. CVE-2024-43872 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43872.html CVE-2024-43872 https://bugzilla.suse.com/1229489 SUSE Bug 1229489 In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features CVE-2024-43873 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43873.html CVE-2024-43873 https://bugzilla.suse.com/1229488 SUSE Bug 1229488 In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked Fix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE. Return from __sev_snp_shutdown_locked() if the psp_device or the sev_device structs are not initialized. Without the fix, the driver will produce the following splat: ccp 0000:55:00.5: enabling device (0000 -> 0002) ccp 0000:55:00.5: sev enabled ccp 0000:55:00.5: psp enabled BUG: kernel NULL pointer dereference, address: 00000000000000f0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI CPU: 262 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc1+ #29 RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150 Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 <4c> 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83 RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808 RBP: ffffb2ea4014b7e8 R08: 0000000000000106 R09: 000000000003d9c0 R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8 R13: 0000000000000000 R14: ffffb2ea4014b808 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9e58b1e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x6f/0xb0 ? __die+0xcc/0xf0 ? page_fault_oops+0x330/0x3a0 ? save_trace+0x2a5/0x360 ? do_user_addr_fault+0x583/0x630 ? exc_page_fault+0x81/0x120 ? asm_exc_page_fault+0x2b/0x30 ? __sev_snp_shutdown_locked+0x2e/0x150 __sev_firmware_shutdown+0x349/0x5b0 ? pm_runtime_barrier+0x66/0xe0 sev_dev_destroy+0x34/0xb0 psp_dev_destroy+0x27/0x60 sp_destroy+0x39/0x90 sp_pci_remove+0x22/0x60 pci_device_remove+0x4e/0x110 really_probe+0x271/0x4e0 __driver_probe_device+0x8f/0x160 driver_probe_device+0x24/0x120 __driver_attach+0xc7/0x280 ? driver_attach+0x30/0x30 bus_for_each_dev+0x10d/0x130 driver_attach+0x22/0x30 bus_add_driver+0x171/0x2b0 ? unaccepted_memory_init_kdump+0x20/0x20 driver_register+0x67/0x100 __pci_register_driver+0x83/0x90 sp_pci_init+0x22/0x30 sp_mod_init+0x13/0x30 do_one_initcall+0xb8/0x290 ? sched_clock_noinstr+0xd/0x10 ? local_clock_noinstr+0x3e/0x100 ? stack_depot_save_flags+0x21e/0x6a0 ? local_clock+0x1c/0x60 ? stack_depot_save_flags+0x21e/0x6a0 ? sched_clock_noinstr+0xd/0x10 ? local_clock_noinstr+0x3e/0x100 ? __lock_acquire+0xd90/0xe30 ? sched_clock_noinstr+0xd/0x10 ? local_clock_noinstr+0x3e/0x100 ? __create_object+0x66/0x100 ? local_clock+0x1c/0x60 ? __create_object+0x66/0x100 ? parameq+0x1b/0x90 ? parse_one+0x6d/0x1d0 ? parse_args+0xd7/0x1f0 ? do_initcall_level+0x180/0x180 do_initcall_level+0xb0/0x180 do_initcalls+0x60/0xa0 ? kernel_init+0x1f/0x1d0 do_basic_setup+0x41/0x50 kernel_init_freeable+0x1ac/0x230 ? rest_init+0x1f0/0x1f0 kernel_init+0x1f/0x1d0 ? rest_init+0x1f0/0x1f0 ret_from_fork+0x3d/0x50 ? rest_init+0x1f0/0x1f0 ret_from_fork_asm+0x11/0x20 </TASK> Modules linked in: CR2: 00000000000000f0 ---[ end trace 0000000000000000 ]--- RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150 Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 <4c> 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83 RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000 RDX: 0000000 ---truncated--- CVE-2024-43874 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43874.html CVE-2024-43874 https://bugzilla.suse.com/1229487 SUSE Bug 1229487 In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Clean up error handling in vpci_scan_bus() Smatch complains about inconsistent NULL checking in vpci_scan_bus(): drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021) Instead of printing an error message and then crashing we should return an error code and clean up. Also the NULL check is reversed so it prints an error for success instead of failure. CVE-2024-43875 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43875.html CVE-2024-43875 https://bugzilla.suse.com/1229486 SUSE Bug 1229486 In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Avoid large backtrace, it is sufficient to warn the user that there has been a link problem. Either the link has failed and the system is in need of maintenance, or the link continues to work and user has been informed. The message from the warning can be looked up in the sources. This makes an actual link issue less verbose. First of all, this controller has a limitation in that the controller driver has to assist the hardware with transition to L1 link state by writing L1IATN to PMCTRL register, the L1 and L0 link state switching is not fully automatic on this controller. In case of an ASMedia ASM1062 PCIe SATA controller which does not support ASPM, on entry to suspend or during platform pm_test, the SATA controller enters D3hot state and the link enters L1 state. If the SATA controller wakes up before rcar_pcie_wakeup() was called and returns to D0, the link returns to L0 before the controller driver even started its transition to L1 link state. At this point, the SATA controller did send an PM_ENTER_L1 DLLP to the PCIe controller and the PCIe controller received it, and the PCIe controller did set PMSR PMEL1RX bit. Once rcar_pcie_wakeup() is called, if the link is already back in L0 state and PMEL1RX bit is set, the controller driver has no way to determine if it should perform the link transition to L1 state, or treat the link as if it is in L0 state. Currently the driver attempts to perform the transition to L1 link state unconditionally, which in this specific case fails with a PMSR L1FAEG poll timeout, however the link still works as it is already back in L0 state. Reduce this warning verbosity. In case the link is really broken, the rcar_pcie_config_access() would fail, otherwise it will succeed and any system with this controller and ASM1062 can suspend without generating a backtrace. CVE-2024-43876 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43876.html CVE-2024-43876 https://bugzilla.suse.com/1229485 SUSE Bug 1229485 In the Linux kernel, the following vulnerability has been resolved: media: pci: ivtv: Add check for DMA map result In case DMA fails, 'dma->SG_length' is 0. This value is later used to access 'dma->SGarray[dma->SG_length - 1]', which will cause out of bounds access. Add check to return early on invalid value. Adjust warnings accordingly. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-43877 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43877.html CVE-2024-43877 https://bugzilla.suse.com/1229484 SUSE Bug 1229484 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to below warning: kernel: invalid HE MCS: bw:6, ru:6 kernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211] Fix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth. CVE-2024-43879 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43879.html CVE-2024-43879 https://bugzilla.suse.com/1229482 SUSE Bug 1229482 In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_erp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM (A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can contain more ACLs (i.e., tc filters), but the number of masks in each region (i.e., tc chain) is limited. In order to mitigate the effects of the above limitation, the device allows filters to share a single mask if their masks only differ in up to 8 consecutive bits. For example, dst_ip/25 can be represented using dst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the number of masks being used (and therefore does not support mask aggregation), but can contain a limited number of filters. The driver uses the "objagg" library to perform the mask aggregation by passing it objects that consist of the filter's mask and whether the filter is to be inserted into the A-TCAM or the C-TCAM since filters in different TCAMs cannot share a mask. The set of created objects is dependent on the insertion order of the filters and is not necessarily optimal. Therefore, the driver will periodically ask the library to compute a more optimal set ("hints") by looking at all the existing objects. When the library asks the driver whether two objects can be aggregated the driver only compares the provided masks and ignores the A-TCAM / C-TCAM indication. This is the right thing to do since the goal is to move as many filters as possible to the A-TCAM. The driver also forbids two identical masks from being aggregated since this can only happen if one was intentionally put in the C-TCAM to avoid a conflict in the A-TCAM. The above can result in the following set of hints: H1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta H3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta After getting the hints from the library the driver will start migrating filters from one region to another while consulting the computed hints and instructing the device to perform a lookup in both regions during the transition. Assuming a filter with mask X is being migrated into the A-TCAM in the new region, the hints lookup will return H1. Since H2 is the parent of H1, the library will try to find the object associated with it and create it if necessary in which case another hints lookup (recursive) will be performed. This hints lookup for {mask Y, A-TCAM} will either return H2 or H3 since the driver passes the library an object comparison function that ignores the A-TCAM / C-TCAM indication. This can eventually lead to nested objects which are not supported by the library [1]. Fix by removing the object comparison function from both the driver and the library as the driver was the only user. That way the lookup will only return exact matches. I do not have a reliable reproducer that can reproduce the issue in a timely manner, but before the fix the issue would reproduce in several minutes and with the fix it does not reproduce in over an hour. Note that the current usefulness of the hints is limited because they include the C-TCAM indication and represent aggregation that cannot actually happen. This will be addressed in net-next. [1] WARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0 Modules linked in: CPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42 Hardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:objagg_obj_parent_assign+0xb5/0xd0 [...] Call Trace: <TASK> __objagg_obj_get+0x2bb/0x580 objagg_obj_get+0xe/0x80 mlxsw_sp_acl_erp_mask_get+0xb5/0xf0 mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270 mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510 process_one_work+0x151/0x370 CVE-2024-43880 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43880.html CVE-2024-43880 https://bugzilla.suse.com/1229481 SUSE Bug 1229481 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: change DMA direction while mapping reinjected packets For fragmented packets, ath12k reassembles each fragment as a normal packet and then reinjects it into HW ring. In this case, the DMA direction should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise, an invalid payload may be reinjected into the HW and subsequently delivered to the host. Given that arbitrary memory can be allocated to the skb buffer, knowledge about the data contained in the reinjected buffer is lacking. Consequently, there's a risk of private information being leaked. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1 CVE-2024-43881 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43881.html CVE-2024-43881 https://bugzilla.suse.com/1229480 SUSE Bug 1229480 In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much later in the execve() code path, the file metadata (specifically mode, uid, and gid) is used to determine if/how to set the uid and gid. However, those values may have changed since the permissions check, meaning the execution may gain unintended privileges. For example, if a file could change permissions from executable and not set-id: ---------x 1 root root 16048 Aug 7 13:16 target to set-id and non-executable: ---S------ 1 root root 16048 Aug 7 13:16 target it is possible to gain root privileges when execution should have been disallowed. While this race condition is rare in real-world scenarios, it has been observed (and proven exploitable) when package managers are updating the setuid bits of installed programs. Such files start with being world-executable but then are adjusted to be group-exec with a set-uid bit. For example, "chmod o-x,u+s target" makes "target" executable only by uid "root" and gid "cdrom", while also becoming setuid-root: -rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 target becomes: -rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target But racing the chmod means users without group "cdrom" membership can get the permission to execute "target" just before the chmod, and when the chmod finishes, the exec reaches brpm_fill_uid(), and performs the setuid to root, violating the expressed authorization of "only cdrom group members can setuid to root". Re-check that we still have execute permissions in case the metadata has changed. It would be better to keep a copy from the perm-check time, but until we can do that refactoring, the least-bad option is to do a full inode_permission() call (under inode lock). It is understood that this is safe against dead-locks, but hardly optimal. CVE-2024-43882 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43882.html CVE-2024-43882 https://bugzilla.suse.com/1229503 SUSE Bug 1229503 https://bugzilla.suse.com/1229504 SUSE Bug 1229504 In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speaking closes ZDI-CAN-22273, though there may be similar races in the driver. CVE-2024-43883 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43883.html CVE-2024-43883 https://bugzilla.suse.com/1229707 SUSE Bug 1229707 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the function. CVE-2024-43884 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43884.html CVE-2024-43884 https://bugzilla.suse.com/1229739 SUSE Bug 1229739 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-43885 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43885.html CVE-2024-43885 https://bugzilla.suse.com/1229747 SUSE Bug 1229747 In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padata_mt_helper() We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time. [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1 [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021 [ 10.017908] Workqueue: events_unbound padata_mt_helper [ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0 : [ 10.017963] Call Trace: [ 10.017968] <TASK> [ 10.018004] ? padata_mt_helper+0x39/0xb0 [ 10.018084] process_one_work+0x174/0x330 [ 10.018093] worker_thread+0x266/0x3a0 [ 10.018111] kthread+0xcf/0x100 [ 10.018124] ret_from_fork+0x31/0x50 [ 10.018138] ret_from_fork_asm+0x1a/0x30 [ 10.018147] </TASK> Looking at the padata_mt_helper() function, the only way a divide-by-0 panic can happen is when ps->chunk_size is 0. The way that chunk_size is initialized in padata_do_multithreaded(), chunk_size can be 0 when the min_chunk in the passed-in padata_mt_job structure is 0. Fix this divide-by-0 panic by making sure that chunk_size will be at least 1 no matter what the input parameters are. CVE-2024-43889 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43889.html CVE-2024-43889 https://bugzilla.suse.com/1229743 SUSE Bug 1229743 In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creation failures. It introduced IDR to maintain the memcg ID space. The IDR depends on external synchronization mechanisms for modifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace() happen within css callback and thus are protected through cgroup_mutex from concurrent modifications. However idr_remove() for mem_cgroup_idr was not protected against concurrency and can be run concurrently for different memcgs when they hit their refcnt to zero. Fix that. We have been seeing list_lru based kernel crashes at a low frequency in our fleet for a long time. These crashes were in different part of list_lru code including list_lru_add(), list_lru_del() and reparenting code. Upon further inspection, it looked like for a given object (dentry and inode), the super_block's list_lru didn't have list_lru_one for the memcg of that object. The initial suspicions were either the object is not allocated through kmem_cache_alloc_lru() or somehow memcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but returned success. No evidence were found for these cases. Looking more deeply, we started seeing situations where valid memcg's id is not present in mem_cgroup_idr and in some cases multiple valid memcgs have same id and mem_cgroup_idr is pointing to one of them. So, the most reasonable explanation is that these situations can happen due to race between multiple idr_remove() calls or race between idr_alloc()/idr_replace() and idr_remove(). These races are causing multiple memcgs to acquire the same ID and then offlining of one of them would cleanup list_lrus on the system for all of them. Later access from other memcgs to the list_lru cause crashes due to missing list_lru_one. CVE-2024-43892 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43892.html CVE-2024-43892 https://bugzilla.suse.com/1229761 SUSE Bug 1229761 In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor(). The check for uartclk being zero in uart_set_info() needs to be done before other settings are made as subsequent calls to ioctl TIOCSSERIAL for the same port would be impacted if the uartclk check was done where uartclk gets set. Oops: divide error: 0000 PREEMPT SMP KASAN PTI RIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580) Call Trace: <TASK> serial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576 drivers/tty/serial/8250/8250_port.c:2589) serial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502 drivers/tty/serial/8250/8250_port.c:2741) serial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862) uart_change_line_settings (./include/linux/spinlock.h:376 ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222) uart_port_startup (drivers/tty/serial/serial_core.c:342) uart_startup (drivers/tty/serial/serial_core.c:368) uart_set_info (drivers/tty/serial/serial_core.c:1034) uart_set_info_user (drivers/tty/serial/serial_core.c:1059) tty_set_serial (drivers/tty/tty_io.c:2637) tty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791) __x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907 fs/ioctl.c:893 fs/ioctl.c:893) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Rule: add CVE-2024-43893 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43893.html CVE-2024-43893 https://bugzilla.suse.com/1229759 SUSE Bug 1229759 In the Linux kernel, the following vulnerability has been resolved: drm/client: fix null pointer dereference in drm_client_modeset_probe In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. CVE-2024-43894 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43894.html CVE-2024-43894 https://bugzilla.suse.com/1229746 SUSE Bug 1229746 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link [why] Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2 Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022 RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper] Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224 RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? plist_add+0xbe/0x100 ? exc_page_fault+0x7c/0x180 ? asm_exc_page_fault+0x26/0x30 ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] drm_atomic_check_only+0x5c5/0xa40 drm_mode_atomic_ioctl+0x76e/0xbc0 [how] dsc recompute should be skipped if no mode change detected on the new request. If detected, keep checking whether the stream is already on current state or not. (cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef) CVE-2024-43895 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43895.html CVE-2024-43895 https://bugzilla.suse.com/1229755 SUSE Bug 1229755 In the Linux kernel, the following vulnerability has been resolved: net: drop bad gso csum_start and offset in virtio_net_hdr Tighten csum_start and csum_offset checks in virtio_net_hdr_to_skb for GSO packets. The function already checks that a checksum requested with VIRTIO_NET_HDR_F_NEEDS_CSUM is in skb linear. But for GSO packets this might not hold for segs after segmentation. Syzkaller demonstrated to reach this warning in skb_checksum_help offset = skb_checksum_start_offset(skb); ret = -EINVAL; if (WARN_ON_ONCE(offset >= skb_headlen(skb))) By injecting a TSO packet: WARNING: CPU: 1 PID: 3539 at net/core/dev.c:3284 skb_checksum_help+0x3d0/0x5b0 ip_do_fragment+0x209/0x1b20 net/ipv4/ip_output.c:774 ip_finish_output_gso net/ipv4/ip_output.c:279 [inline] __ip_finish_output+0x2bd/0x4b0 net/ipv4/ip_output.c:301 iptunnel_xmit+0x50c/0x930 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x2296/0x2c70 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x759/0xa60 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4850 [inline] netdev_start_xmit include/linux/netdevice.h:4864 [inline] xmit_one net/core/dev.c:3595 [inline] dev_hard_start_xmit+0x261/0x8c0 net/core/dev.c:3611 __dev_queue_xmit+0x1b97/0x3c90 net/core/dev.c:4261 packet_snd net/packet/af_packet.c:3073 [inline] The geometry of the bad input packet at tcp_gso_segment: [ 52.003050][ T8403] skb len=12202 headroom=244 headlen=12093 tailroom=0 [ 52.003050][ T8403] mac=(168,24) mac_len=24 net=(192,52) trans=244 [ 52.003050][ T8403] shinfo(txflags=0 nr_frags=1 gso(size=1552 type=3 segs=0)) [ 52.003050][ T8403] csum(0x60000c7 start=199 offset=1536 ip_summed=3 complete_sw=0 valid=0 level=0) Mitigate with stricter input validation. csum_offset: for GSO packets, deduce the correct value from gso_type. This is already done for USO. Extend it to TSO. Let UFO be: udp[46]_ufo_fragment ignores these fields and always computes the checksum in software. csum_start: finding the real offset requires parsing to the transport header. Do not add a parser, use existing segmentation parsing. Thanks to SKB_GSO_DODGY, that also catches bad packets that are hw offloaded. Again test both TSO and USO. Do not test UFO for the above reason, and do not test UDP tunnel offload. GSO packet are almost always CHECKSUM_PARTIAL. USO packets may be CHECKSUM_NONE since commit 10154dbded6d6 ("udp: Allow GSO transmit from devices with no checksum offload"), but then still these fields are initialized correctly in udp4_hwcsum/udp6_hwcsum_outgoing. So no need to test for ip_summed == CHECKSUM_PARTIAL first. This revises an existing fix mentioned in the Fixes tag, which broke small packets with GSO offload, as detected by kselftests. CVE-2024-43897 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43897.html CVE-2024-43897 https://bugzilla.suse.com/1229752 SUSE Bug 1229752 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer deref in dcn20_resource.c Fixes a hang thats triggered when MPV is run on a DCN401 dGPU: mpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all and then enabling fullscreen playback (double click on the video) The following calltrace will be seen: [ 181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 181.843997] #PF: supervisor instruction fetch in kernel mode [ 181.844003] #PF: error_code(0x0010) - not-present page [ 181.844009] PGD 0 P4D 0 [ 181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI [ 181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu [ 181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018 [ 181.844044] RIP: 0010:0x0 [ 181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246 [ 181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004 [ 181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400 [ 181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c [ 181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8 [ 181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005 [ 181.844121] FS: 00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000 [ 181.844128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0 [ 181.844141] Call Trace: [ 181.844146] <TASK> [ 181.844153] ? show_regs+0x6d/0x80 [ 181.844167] ? __die+0x24/0x80 [ 181.844179] ? page_fault_oops+0x99/0x1b0 [ 181.844192] ? do_user_addr_fault+0x31d/0x6b0 [ 181.844204] ? exc_page_fault+0x83/0x1b0 [ 181.844216] ? asm_exc_page_fault+0x27/0x30 [ 181.844237] dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu] [ 181.845115] amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu] [ 181.845985] amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu] [ 181.846848] fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu] [ 181.847734] fill_dc_plane_attributes+0x162/0x350 [amdgpu] [ 181.848748] dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu] [ 181.849791] ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu] [ 181.850840] amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu] CVE-2024-43899 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43899.html CVE-2024-43899 https://bugzilla.suse.com/1229754 SUSE Bug 1229754 In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struct tuner in tuner_probe(), and then the module initialization failed, the struct tuner was released. A worker which created during module initialization accesses this struct tuner later, it caused use-after-free. The process is as follows: task-6504 worker_thread tuner_probe <= alloc dvb_frontend [2] ... request_firmware_nowait <= create a worker ... tuner_remove <= free dvb_frontend ... request_firmware_work_func <= the firmware is ready load_firmware_cb <= but now the dvb_frontend has been freed To fix the issue, check the dvd_frontend in load_firmware_cb(), if it is null, report a warning and just return. [1]: ================================================================== BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0 Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504 Call trace: load_firmware_cb+0x1310/0x17a0 request_firmware_work_func+0x128/0x220 process_one_work+0x770/0x1824 worker_thread+0x488/0xea0 kthread+0x300/0x430 ret_from_fork+0x10/0x20 Allocated by task 6504: kzalloc tuner_probe+0xb0/0x1430 i2c_device_probe+0x92c/0xaf0 really_probe+0x678/0xcd0 driver_probe_device+0x280/0x370 __device_attach_driver+0x220/0x330 bus_for_each_drv+0x134/0x1c0 __device_attach+0x1f4/0x410 device_initial_probe+0x20/0x30 bus_probe_device+0x184/0x200 device_add+0x924/0x12c0 device_register+0x24/0x30 i2c_new_device+0x4e0/0xc44 v4l2_i2c_new_subdev_board+0xbc/0x290 v4l2_i2c_new_subdev+0xc8/0x104 em28xx_v4l2_init+0x1dd0/0x3770 Freed by task 6504: kfree+0x238/0x4e4 tuner_remove+0x144/0x1c0 i2c_device_remove+0xc8/0x290 __device_release_driver+0x314/0x5fc device_release_driver+0x30/0x44 bus_remove_device+0x244/0x490 device_del+0x350/0x900 device_unregister+0x28/0xd0 i2c_unregister_device+0x174/0x1d0 v4l2_device_unregister+0x224/0x380 em28xx_v4l2_init+0x1d90/0x3770 The buggy address belongs to the object at ffff8000d7ca2000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 776 bytes inside of 2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800) The buggy address belongs to the page: page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0 flags: 0x7ff800000000100(slab) raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== [2] Actually, it is allocated for struct tuner, and dvb_frontend is inside. CVE-2024-43900 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43900.html CVE-2024-43900 https://bugzilla.suse.com/1229756 SUSE Bug 1229756 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checker before passing variables Checks null pointer before passing variables to functions. This fixes 3 NULL_RETURNS issues reported by Coverity. CVE-2024-43902 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43902.html CVE-2024-43902 https://bugzilla.suse.com/1229767 SUSE Bug 1229767 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-43903 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43903.html CVE-2024-43903 https://bugzilla.suse.com/1229781 SUSE Bug 1229781 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Check return value and conduct null pointer handling to avoid null pointer dereference. CVE-2024-43905 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43905.html CVE-2024-43905 https://bugzilla.suse.com/1229784 SUSE Bug 1229784 In the Linux kernel, the following vulnerability has been resolved: drm/admgpu: fix dereferencing null pointer context When user space sets an invalid ta type, the pointer context will be empty. So it need to check the pointer context before using it CVE-2024-43906 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43906.html CVE-2024-43906 https://bugzilla.suse.com/1229785 SUSE Bug 1229785 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Check the pointer value to fix potential null pointer dereference CVE-2024-43907 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43907.html CVE-2024-43907 https://bugzilla.suse.com/1229787 SUSE Bug 1229787 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer dereference to ras_manager Check ras_manager before using it CVE-2024-43908 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43908.html CVE-2024-43908 https://bugzilla.suse.com/1229788 SUSE Bug 1229788 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference for smu7 optimize the code to avoid pass a null pointer (hwmgr->backend) to function smu7_update_edc_leakage_table. CVE-2024-43909 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43909.html CVE-2024-43909 https://bugzilla.suse.com/1229789 SUSE Bug 1229789 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, link_data/link_conf are dynamically allocated. They don't point to vif->bss_conf. So, there will be no chanreq assigned to vif->bss_conf and then the chan will be NULL. Tweak the code to check ht_supported/vht_supported/has_he/has_eht on sta deflink. Crash log (with rtw89 version under MLO development): [ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 9890.526102] #PF: supervisor read access in kernel mode [ 9890.526105] #PF: error_code(0x0000) - not-present page [ 9890.526109] PGD 0 P4D 0 [ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI [ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G OE 6.9.0 #1 [ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018 [ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core] [ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211 [ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3 All code ======== 0: f7 e8 imul %eax 2: d5 (bad) 3: 93 xchg %eax,%ebx 4: 3e ea ds (bad) 6: 48 83 c4 28 add $0x28,%rsp a: 89 d8 mov %ebx,%eax c: 5b pop %rbx d: 41 5c pop %r12 f: 41 5d pop %r13 11: 41 5e pop %r14 13: 41 5f pop %r15 15: 5d pop %rbp 16: c3 retq 17: cc int3 18: cc int3 19: cc int3 1a: cc int3 1b: 49 8b 84 24 e0 f1 ff mov -0xe20(%r12),%rax 22: ff 23: 48 8b 80 90 1b 00 00 mov 0x1b90(%rax),%rax 2a:* 83 38 03 cmpl $0x3,(%rax) <-- trapping instruction 2d: 0f 84 37 fe ff ff je 0xfffffffffffffe6a 33: bb ea ff ff ff mov $0xffffffea,%ebx 38: eb cc jmp 0x6 3a: 49 rex.WB 3b: 8b .byte 0x8b 3c: 84 24 10 test %ah,(%rax,%rdx,1) 3f: f3 repz Code starting with the faulting instruction =========================================== 0: 83 38 03 cmpl $0x3,(%rax) 3: 0f 84 37 fe ff ff je 0xfffffffffffffe40 9: bb ea ff ff ff mov $0xffffffea,%ebx e: eb cc jmp 0xffffffffffffffdc 10: 49 rex.WB 11: 8b .byte 0x8b 12: 84 24 10 test %ah,(%rax,%rdx,1) 15: f3 repz [ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246 [ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8 [ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685 [ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873 [ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70 [ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000 [ 9890.526313] FS: 0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000 [ 9890.526316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0 [ 9890.526321] Call Trace: [ 9890.526324] <TASK> [ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479) [ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434) [ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713) [ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator ---truncated--- CVE-2024-43911 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43911.html CVE-2024-43911 https://bugzilla.suse.com/1229827 SUSE Bug 1229827 In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: disallow setting special AP channel widths Setting the AP channel width is meant for use with the normal 20/40/... MHz channel width progression, and switching around in S1G or narrow channels isn't supported. Disallow that. CVE-2024-43912 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-43912.html CVE-2024-43912 https://bugzilla.suse.com/1229830 SUSE Bug 1229830 In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in gpio_device_get_desc(). This change ensures that the offset is sanitized by using array_index_nospec() to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. CVE-2024-44931 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-44931.html CVE-2024-44931 https://bugzilla.suse.com/1229837 SUSE Bug 1229837 In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop directly when negative shift is found. CVE-2024-44938 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-44938.html CVE-2024-44938 https://bugzilla.suse.com/1229792 SUSE Bug 1229792 https://bugzilla.suse.com/1229793 SUSE Bug 1229793 In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713 ... [Analyze] In dtInsertEntry(), when the pointer h has the same value as p, after writing name in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the previously true judgment "p->header.flag & BT-LEAF" to change to no after writing the name operation, this leads to entering an incorrect branch and accessing the uninitialized object ih when judging this condition for the second time. [Fix] After got the page, check freelist first, if freelist == 0 then exit dtInsert() and return -EINVAL. CVE-2024-44939 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.8.3 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.8.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-livepatch-devel-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.8.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.8.3 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.8.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1/ https://www.suse.com/security/cve/CVE-2024-44939.html CVE-2024-44939 https://bugzilla.suse.com/1229820 SUSE Bug 1229820