Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3304-1 Final 1 1 2024-09-18T12:52:47Z current 2024-09-18T12:52:47Z 2024-09-18T12:52:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002) The following non-security bugs were fixed: - powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error). - scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-3304,SUSE-SUSE-MicroOS-5.1-2024-3304,SUSE-SUSE-MicroOS-5.2-2024-3304 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243304-1/ Link for SUSE-SU-2024:3304-1 https://lists.suse.com/pipermail/sle-updates/2024-September/036951.html E-Mail link for SUSE-SU-2024:3304-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1228002 SUSE Bug 1228002 https://www.suse.com/security/cve/CVE-2022-48791/ SUSE CVE CVE-2022-48791 page SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 cluster-md-kmp-rt-5.3.18-150300.184.1 cluster-md-kmp-rt_debug-5.3.18-150300.184.1 dlm-kmp-rt-5.3.18-150300.184.1 dlm-kmp-rt_debug-5.3.18-150300.184.1 gfs2-kmp-rt-5.3.18-150300.184.1 gfs2-kmp-rt_debug-5.3.18-150300.184.1 kernel-devel-rt-5.3.18-150300.184.1 kernel-rt-5.3.18-150300.184.1 kernel-rt-devel-5.3.18-150300.184.1 kernel-rt-extra-5.3.18-150300.184.1 kernel-rt-livepatch-devel-5.3.18-150300.184.1 kernel-rt-optional-5.3.18-150300.184.1 kernel-rt_debug-5.3.18-150300.184.1 kernel-rt_debug-devel-5.3.18-150300.184.1 kernel-rt_debug-extra-5.3.18-150300.184.1 kernel-rt_debug-livepatch-devel-5.3.18-150300.184.1 kernel-rt_debug-optional-5.3.18-150300.184.1 kernel-source-rt-5.3.18-150300.184.1 kernel-syms-rt-5.3.18-150300.184.1 kselftests-kmp-rt-5.3.18-150300.184.1 kselftests-kmp-rt_debug-5.3.18-150300.184.1 ocfs2-kmp-rt-5.3.18-150300.184.1 ocfs2-kmp-rt_debug-5.3.18-150300.184.1 reiserfs-kmp-rt-5.3.18-150300.184.1 reiserfs-kmp-rt_debug-5.3.18-150300.184.1 kernel-rt-5.3.18-150300.184.1 as a component of SUSE Linux Enterprise Micro 5.1 kernel-source-rt-5.3.18-150300.184.1 as a component of SUSE Linux Enterprise Micro 5.1 kernel-rt-5.3.18-150300.184.1 as a component of SUSE Linux Enterprise Micro 5.2 kernel-source-rt-5.3.18-150300.184.1 as a component of SUSE Linux Enterprise Micro 5.2 In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to timeout. When the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the sas_task is freed in pm8001_exec_internal_tmf_task(). However, if the I/O completion occurs later, the I/O completion still thinks that the sas_task is available. Fix this by clearing the ccb->task if the TMF times out - the I/O completion handler does nothing if this pointer is cleared. CVE-2022-48791 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.184.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.184.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.184.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.184.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243304-1/ https://www.suse.com/security/cve/CVE-2022-48791.html CVE-2022-48791 https://bugzilla.suse.com/1228002 SUSE Bug 1228002 https://bugzilla.suse.com/1228012 SUSE Bug 1228012