Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3563-1 Final 1 1 2024-10-09T09:04:25Z current 2024-10-09T09:04:25Z 2024-10-09T09:04:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). The following non-security bugs were fixed: - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - kabi: add __nf_queue_get_refs() for kabi compliance. - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-3563,SUSE-SLE-Micro-5.3-2024-3563,SUSE-SLE-Micro-5.4-2024-3563 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243563-1/ Link for SUSE-SU-2024:3563-1 https://lists.suse.com/pipermail/sle-security-updates/2024-October/019579.html E-Mail link for SUSE-SU-2024:3563-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1216223 SUSE Bug 1216223 https://bugzilla.suse.com/1223600 SUSE Bug 1223600 https://bugzilla.suse.com/1223958 SUSE Bug 1223958 https://bugzilla.suse.com/1225272 SUSE Bug 1225272 https://bugzilla.suse.com/1227487 SUSE Bug 1227487 https://bugzilla.suse.com/1229407 SUSE Bug 1229407 https://bugzilla.suse.com/1229633 SUSE Bug 1229633 https://bugzilla.suse.com/1229662 SUSE Bug 1229662 https://bugzilla.suse.com/1229947 SUSE Bug 1229947 https://bugzilla.suse.com/1230015 SUSE Bug 1230015 https://bugzilla.suse.com/1230398 SUSE Bug 1230398 https://bugzilla.suse.com/1230434 SUSE Bug 1230434 https://bugzilla.suse.com/1230507 SUSE Bug 1230507 https://bugzilla.suse.com/1230767 SUSE Bug 1230767 https://bugzilla.suse.com/1231016 SUSE Bug 1231016 https://www.suse.com/security/cve/CVE-2022-48911/ SUSE CVE CVE-2022-48911 page https://www.suse.com/security/cve/CVE-2022-48923/ SUSE CVE CVE-2022-48923 page https://www.suse.com/security/cve/CVE-2022-48944/ SUSE CVE CVE-2022-48944 page https://www.suse.com/security/cve/CVE-2022-48945/ SUSE CVE CVE-2022-48945 page https://www.suse.com/security/cve/CVE-2024-42301/ SUSE CVE CVE-2024-42301 page https://www.suse.com/security/cve/CVE-2024-44946/ SUSE CVE CVE-2024-44946 page https://www.suse.com/security/cve/CVE-2024-45021/ SUSE CVE CVE-2024-45021 page https://www.suse.com/security/cve/CVE-2024-46674/ SUSE CVE CVE-2024-46674 page https://www.suse.com/security/cve/CVE-2024-46774/ SUSE CVE CVE-2024-46774 page SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 cluster-md-kmp-rt-5.14.21-150400.15.97.1 dlm-kmp-rt-5.14.21-150400.15.97.1 gfs2-kmp-rt-5.14.21-150400.15.97.1 kernel-devel-rt-5.14.21-150400.15.97.1 kernel-rt-5.14.21-150400.15.97.1 kernel-rt-devel-5.14.21-150400.15.97.1 kernel-rt-extra-5.14.21-150400.15.97.1 kernel-rt-livepatch-5.14.21-150400.15.97.1 kernel-rt-livepatch-devel-5.14.21-150400.15.97.1 kernel-rt-optional-5.14.21-150400.15.97.1 kernel-rt_debug-5.14.21-150400.15.97.1 kernel-rt_debug-devel-5.14.21-150400.15.97.1 kernel-rt_debug-livepatch-devel-5.14.21-150400.15.97.1 kernel-source-rt-5.14.21-150400.15.97.1 kernel-syms-rt-5.14.21-150400.15.97.1 kselftests-kmp-rt-5.14.21-150400.15.97.1 ocfs2-kmp-rt-5.14.21-150400.15.97.1 reiserfs-kmp-rt-5.14.21-150400.15.97.1 kernel-rt-5.14.21-150400.15.97.1 as a component of SUSE Linux Enterprise Micro 5.3 kernel-source-rt-5.14.21-150400.15.97.1 as a component of SUSE Linux Enterprise Micro 5.3 kernel-rt-5.14.21-150400.15.97.1 as a component of SUSE Linux Enterprise Micro 5.4 kernel-source-rt-5.14.21-150400.15.97.1 as a component of SUSE Linux Enterprise Micro 5.4 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet and need to indicate an error. The packet will be dropped by the caller. v2: split skb prefetch hunk into separate change CVE-2022-48911 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.97.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243563-1/ https://www.suse.com/security/cve/CVE-2022-48911.html CVE-2022-48911 https://bugzilla.suse.com/1229633 SUSE Bug 1229633 https://bugzilla.suse.com/1229640 SUSE Bug 1229640 In the Linux kernel, the following vulnerability has been resolved: btrfs: prevent copying too big compressed lzo segment Compressed length can be corrupted to be a lot larger than memory we have allocated for buffer. This will cause memcpy in copy_compressed_segment to write outside of allocated memory. This mostly results in stuck read syscall but sometimes when using btrfs send can get #GP kernel: general protection fault, probably for non-canonical address 0x841551d5c1000: 0000 [#1] PREEMPT SMP NOPTI kernel: CPU: 17 PID: 264 Comm: kworker/u256:7 Tainted: P OE 5.17.0-rc2-1 #12 kernel: Workqueue: btrfs-endio btrfs_work_helper [btrfs] kernel: RIP: 0010:lzo_decompress_bio (./include/linux/fortify-string.h:225 fs/btrfs/lzo.c:322 fs/btrfs/lzo.c:394) btrfs Code starting with the faulting instruction =========================================== 0:* 48 8b 06 mov (%rsi),%rax <-- trapping instruction 3: 48 8d 79 08 lea 0x8(%rcx),%rdi 7: 48 83 e7 f8 and $0xfffffffffffffff8,%rdi b: 48 89 01 mov %rax,(%rcx) e: 44 89 f0 mov %r14d,%eax 11: 48 8b 54 06 f8 mov -0x8(%rsi,%rax,1),%rdx kernel: RSP: 0018:ffffb110812efd50 EFLAGS: 00010212 kernel: RAX: 0000000000001000 RBX: 000000009ca264c8 RCX: ffff98996e6d8ff8 kernel: RDX: 0000000000000064 RSI: 000841551d5c1000 RDI: ffffffff9500435d kernel: RBP: ffff989a3be856c0 R08: 0000000000000000 R09: 0000000000000000 kernel: R10: 0000000000000000 R11: 0000000000001000 R12: ffff98996e6d8000 kernel: R13: 0000000000000008 R14: 0000000000001000 R15: 000841551d5c1000 kernel: FS: 0000000000000000(0000) GS:ffff98a09d640000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 00001e9f984d9ea8 CR3: 000000014971a000 CR4: 00000000003506e0 kernel: Call Trace: kernel: <TASK> kernel: end_compressed_bio_read (fs/btrfs/compression.c:104 fs/btrfs/compression.c:1363 fs/btrfs/compression.c:323) btrfs kernel: end_workqueue_fn (fs/btrfs/disk-io.c:1923) btrfs kernel: btrfs_work_helper (fs/btrfs/async-thread.c:326) btrfs kernel: process_one_work (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:212 ./include/trace/events/workqueue.h:108 kernel/workqueue.c:2312) kernel: worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2455) kernel: ? process_one_work (kernel/workqueue.c:2397) kernel: kthread (kernel/kthread.c:377) kernel: ? kthread_complete_and_exit (kernel/kthread.c:332) kernel: ret_from_fork (arch/x86/entry/entry_64.S:301) kernel: </TASK> CVE-2022-48923 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.97.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243563-1/ https://www.suse.com/security/cve/CVE-2022-48923.html CVE-2022-48923 https://bugzilla.suse.com/1229662 SUSE Bug 1229662 https://bugzilla.suse.com/1229663 SUSE Bug 1229663 In the Linux kernel, the following vulnerability has been resolved: sched: Fix yet more sched_fork() races Where commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group") fixed a fork race vs cgroup, it opened up a race vs syscalls by not placing the task on the runqueue before it gets exposed through the pidhash. Commit 13765de8148f ("sched/fair: Fix fault in reweight_entity") is trying to fix a single instance of this, instead fix the whole class of issues, effectively reverting this commit. CVE-2022-48944 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.97.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243563-1/ https://www.suse.com/security/cve/CVE-2022-48944.html CVE-2022-48944 https://bugzilla.suse.com/1229947 SUSE Bug 1229947 In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0 Oops: 0002 [#1] PREEMPT SMP CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:memcpy_erms+0x6/0x10 [...] Call Trace: <TASK> ? tpg_fill_plane_buffer+0x856/0x15b0 vivid_fillbuff+0x8ac/0x1110 vivid_thread_vid_cap_tick+0x361/0xc90 vivid_thread_vid_cap+0x21a/0x3a0 kthread+0x143/0x180 ret_from_fork+0x1f/0x30 </TASK> This is because we forget to check boundary after adjust compose->height int V4L2_SEL_TGT_CROP case. Add v4l2_rect_map_inside() to fix this problem for this case. CVE-2022-48945 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.97.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243563-1/ https://www.suse.com/security/cve/CVE-2022-48945.html CVE-2022-48945 https://bugzilla.suse.com/1230398 SUSE Bug 1230398 https://bugzilla.suse.com/1235889 SUSE Bug 1235889 In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I encountered during the actual issue: [ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport] [ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm: QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2 [ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp [ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024 [ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace: [ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0 [ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20 [ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c [ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc [ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38 [ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport] CVE-2024-42301 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.97.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243563-1/ https://www.suse.com/security/cve/CVE-2024-42301.html CVE-2024-42301 https://bugzilla.suse.com/1229407 SUSE Bug 1229407 In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. syzkaller reported UAF in kcm_release(). [0] The scenario is 1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb. 2. Thread A resumes building skb from kcm->seq_skb but is blocked by sk_stream_wait_memory() 3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb and puts the skb to the write queue 4. Thread A faces an error and finally frees skb that is already in the write queue 5. kcm_release() does double-free the skb in the write queue When a thread is building a MSG_MORE skb, another thread must not touch it. Let's add a per-sk mutex and serialise kcm_sendmsg(). [0]: BUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline] BUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline] BUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] BUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline] BUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 Read of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167 CPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call trace: dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0x178/0x518 mm/kasan/report.c:488 kasan_report+0xd8/0x138 mm/kasan/report.c:601 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 __skb_unlink include/linux/skbuff.h:2366 [inline] __skb_dequeue include/linux/skbuff.h:2385 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] __skb_queue_purge include/linux/skbuff.h:3181 [inline] kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 __sock_release net/socket.c:659 [inline] sock_close+0xa4/0x1e8 net/socket.c:1421 __fput+0x30c/0x738 fs/file_table.c:376 ____fput+0x20/0x30 fs/file_table.c:404 task_work_run+0x230/0x2e0 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x618/0x1f64 kernel/exit.c:871 do_group_exit+0x194/0x22c kernel/exit.c:1020 get_signal+0x1500/0x15ec kernel/signal.c:2893 do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Allocated by task 6166: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903 __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641 alloc_skb include/linux/skbuff.h:1296 [inline] kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x220/0x2c0 net/socket.c:768 splice_to_socket+0x7cc/0xd58 fs/splice.c:889 do_splice_from fs/splice.c:941 [inline] direct_splice_actor+0xec/0x1d8 fs/splice.c:1164 splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108 do_splice_direct_actor ---truncated--- CVE-2024-44946 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.97.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243563-1/ https://www.suse.com/security/cve/CVE-2024-44946.html CVE-2024-44946 https://bugzilla.suse.com/1230015 SUSE Bug 1230015 https://bugzilla.suse.com/1230016 SUSE Bug 1230016 In the Linux kernel, the following vulnerability has been resolved: memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane). CVE-2024-45021 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.97.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243563-1/ https://www.suse.com/security/cve/CVE-2024-45021.html CVE-2024-45021 https://bugzilla.suse.com/1230434 SUSE Bug 1230434 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources. CVE-2024-46674 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.97.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243563-1/ https://www.suse.com/security/cve/CVE-2024-46674.html CVE-2024-46674 https://bugzilla.suse.com/1230507 SUSE Bug 1230507 https://bugzilla.suse.com/1230599 SUSE Bug 1230599 In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp these values for speculative execution. CVE-2024-46774 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.97.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.97.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243563-1/ https://www.suse.com/security/cve/CVE-2024-46774.html CVE-2024-46774 https://bugzilla.suse.com/1230767 SUSE Bug 1230767