Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3591-1 Final 1 1 2024-10-10T15:34:34Z current 2024-10-10T15:34:34Z 2024-10-10T15:34:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47387: cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (bsc#1225316). - CVE-2022-48788: nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1227952). - CVE-2022-48789: nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1228000). - CVE-2022-48790: nvme: fix a possible use-after-free in controller reset during load (bsc#1227941). - CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002) - CVE-2022-48799: perf: Fix list corruption in perf_cgroup_switch() (bsc#1227953). - CVE-2022-48844: Bluetooth: hci_core: Fix leaking sent_cmd skb (bsc#1228068). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48943: KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1229645). - CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398). - CVE-2023-52915: media: dvb-usb-v2: af9035: fix missing unlock (bsc#1230270). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-41073: nvme: avoid double free special payload (bsc#1228635). - CVE-2024-41079: nvmet: always initialize cqe.result (bsc#1228615). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739) - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44948: x86/mtrr: Check if fixed MTRRs exist before saving them (bsc#1230174). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). - CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176). - CVE-2024-44969: s390/sclp: Prevent release of buffer in I/O (bsc#1230200). - CVE-2024-44982: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (bsc#1230204). - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46675: usb: dwc3: core: Prevent USB core invalid event buffer address access (bsc#1230533). - CVE-2024-46676: nfc: pn533: Add poll mod list filling check (bsc#1230535). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) - CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582). - CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46722: drm/amdgpu: fix mc_data out-of-bounds read warning (bsc#1230712). - CVE-2024-46723: drm/amdgpu: fix ucode out-of-bounds read warning (bsc#1230702). - CVE-2024-46731: drm/amd/pm: fix the Out-of-bounds read warning (bsc#1230709). - CVE-2024-46738: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (bsc#1230731). - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46744: Squashfs: sanity check symbolic link size (bsc#1230747). - CVE-2024-46745: Input: uinput - reject requests with unreasonable number of slots (bsc#1230748). - CVE-2024-46750: PCI: Add missing bridge lock to pci_bus_lock() (bsc#1230783). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46759: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (bsc#1230814). - CVE-2024-46761: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (bsc#1230761). - CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). - CVE-2024-46853: spi: nxp-fspi: fix the KASAN report out-of-bounds bug (bsc#1231083). - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). - CVE-2024-46859: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (bsc#1231089). The following non-security bugs were fixed: - ACPI / EC: Clean up EC GPE mask flag (git-fixes). - ACPI: EC: Avoid printing confusing messages in acpi_ec_setup() (git-fixes). - ACPI: EC: Fix an EC event IRQ storming issue (git-fixes). - ACPI: EC: tweak naming in preparation for GpioInt support (git-fixes). - ACPI: SPCR: Consider baud rate 0 as preconfigured state (git-fixes). - ACPI: SPCR: Workaround for APM X-Gene 8250 UART 32-alignment errata (git-fixes). - ACPI: SPCR: work around clock issue on xgene UART (git-fixes). - ACPI: blacklist: fix clang warning for unused DMI table (git-fixes). - ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35 (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Fix bsc#1054914 reference. - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - Revert 'ACPI / EC: Remove old CLEAR_ON_RESUME quirk' (git-fixes). - af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). - af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). - autofs4: use wait_event_killable (bsc#1207341). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231184). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230151). - kabi fix for proc/mounts: add cursor (bsc#1207341). - kabi/severities: Ignore ppc instruction emulation (bsc#1230826 ltc#205848) These are lowlevel functions not used outside of exception handling and kernel debugging facilities. - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - media: vivid: avoid integer overflow (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - powerpc sstep: Add support for cnttzw, cnttzd instructions (bsc#1230826 ltc#205848). - powerpc sstep: Add support for extswsli instruction (bsc#1230826 ltc#205848). - powerpc sstep: Add support for modsd, modud instructions (bsc#1230826 ltc#205848). - powerpc sstep: Add support for modsw, moduw instructions (bsc#1230826 ltc#205848). - powerpc/32: Move the inline keyword at the beginning of function declaration (bsc#1230826 ltc#205848). - powerpc/64: Fix update forms of loads and stores to write 64-bit EA (bsc#1230826 ltc#205848). - powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1230826 ltc#205848). - powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes). - powerpc/imc-pmu: Revert nest_init_lock to being a mutex (bsc#1065729). - powerpc/iommu: Annotate nested lock for lockdep (bsc#1065729). - powerpc/kprobes: Blacklist emulate_update_regs() from kprobes (bsc#1230826 ltc#205848). - powerpc/kprobes: Update optprobes to use emulate_update_regs() (bsc#1230826 ltc#205848). - powerpc/lib/sstep: Add XER bits introduced in POWER ISA v3.0 (bsc#1230826 ltc#205848). - powerpc/lib/sstep: Add bpermd instruction emulation (bsc#1230826 ltc#205848). - powerpc/lib/sstep: Add cmpb instruction emulation (bsc#1230826 ltc#205848). - powerpc/lib/sstep: Add isel instruction emulation (bsc#1230826 ltc#205848). - powerpc/lib/sstep: Add popcnt instruction emulation (bsc#1230826 ltc#205848). - powerpc/lib/sstep: Add prty instruction emulation (bsc#1230826 ltc#205848). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1230826 ltc#205848). - powerpc/lib/sstep: Fix count leading zeros instructions (bsc#1230826 ltc#205848). - powerpc/lib/sstep: Fix fixed-point arithmetic instructions that set CA32 (bsc#1230826 ltc#205848). - powerpc/lib/sstep: Fix fixed-point shift instructions that set CA32 (bsc#1230826 ltc#205848). - powerpc/lib/sstep: fix 'ptesync' build error (bsc#1230826 ltc#205848). - powerpc/lib: Fix 'integer constant is too large' build failure (bsc#1230826 ltc#205848). - powerpc/lib: fix redundant inclusion of quad.o (bsc#1230826 ltc#205848). - powerpc/ppc-opcode: Add divde and divdeu opcodes (bsc#1230826 ltc#205848). - powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1065729). - powerpc/sstep: Add support for divde[.] and divdeu[.] instructions (bsc#1230826 ltc#205848). - powerpc/sstep: Avoid used uninitialized error (bsc#1230826 ltc#205848). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1230826 ltc#205848). - powerpc/sstep: Fix darn emulation (bsc#1230826 ltc#205848). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1230826 ltc#205848). - powerpc/sstep: Fix issues with mcrf (bsc#1230826 ltc#205848). - powerpc/sstep: Fix issues with set_cr0() (bsc#1230826 ltc#205848). - powerpc/sstep: Fix kernel crash if VSX is not present (bsc#1230826 ltc#205848). - powerpc/sstep: Introduce GETTYPE macro (bsc#1230826 ltc#205848). - powerpc/sstep: mullw should calculate a 64 bit signed result (bsc#1230826 ltc#205848). - powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729). - powerpc: Add emulation for the addpcis instruction (bsc#1230826 ltc#205848). - powerpc: Change analyse_instr so it does not modify *regs (bsc#1230826 ltc#205848). - powerpc: Do not check MSR FP/VMX/VSX enable bits in analyse_instr() (bsc#1230826 ltc#205848). - powerpc: Do not update CR0 in emulation of popcnt, prty, bpermd instructions (bsc#1230826 ltc#205848). - powerpc: Emulate FP/vector/VSX loads/stores correctly when regs not live (bsc#1230826 ltc#205848). - powerpc: Emulate load/store floating double pair instructions (bsc#1230826 ltc#205848). - powerpc: Emulate load/store floating point as integer word instructions (bsc#1230826 ltc#205848). - powerpc: Emulate the dcbz instruction (bsc#1230826 ltc#205848). - powerpc: Emulate vector element load/store instructions (bsc#1230826 ltc#205848). - powerpc: Fix emulation of the isel instruction (bsc#1230826 ltc#205848). - powerpc: Fix handling of alignment interrupt on dcbz instruction (bsc#1230826 ltc#205848). - powerpc: Fix kernel crash in emulation of vector loads and stores (bsc#1230826 ltc#205848). - powerpc: Handle most loads and stores in instruction emulation code (bsc#1230826 ltc#205848). - powerpc: Handle opposite-endian processes in emulation code (bsc#1230826 ltc#205848). - powerpc: Make load/store emulation use larger memory accesses (bsc#1230826 ltc#205848). - powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error). - powerpc: Separate out load/store emulation into its own function (bsc#1230826 ltc#205848). - powerpc: Set regs->dar if memory access fails in emulate_step() (bsc#1230826 ltc#205848). - powerpc: Use instruction emulation infrastructure to handle alignment faults (bsc#1230826 ltc#205848). - powerpc: Wrap register number correctly for string load/store instructions (bsc#1230826 ltc#205848). - powerpc: sstep: Add support for darn instruction (bsc#1230826 ltc#205848). - powerpc: sstep: Add support for maddhd, maddhdu, maddld instructions (bsc#1230826 ltc#205848). - proc/mounts: add cursor (bsc#1207341). - profiling: fix shift too large makes kernel panic (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - usbnet: modern method to get random MAC (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-HPC-On-Demand-2024-3591,Image SLES12-SP5-Azure-Standard-On-Demand-2024-3591,SUSE-2024-3591,SUSE-SLE-SERVER-12-SP5-2024-3591 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ Link for SUSE-SU-2024:3591-1 https://lists.suse.com/pipermail/sle-security-updates/2024-October/019587.html E-Mail link for SUSE-SU-2024:3591-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1054914 SUSE Bug 1054914 https://bugzilla.suse.com/1065729 SUSE Bug 1065729 https://bugzilla.suse.com/1207341 SUSE Bug 1207341 https://bugzilla.suse.com/1225316 SUSE Bug 1225316 https://bugzilla.suse.com/1226846 SUSE Bug 1226846 https://bugzilla.suse.com/1226860 SUSE Bug 1226860 https://bugzilla.suse.com/1226878 SUSE Bug 1226878 https://bugzilla.suse.com/1227487 SUSE Bug 1227487 https://bugzilla.suse.com/1227941 SUSE Bug 1227941 https://bugzilla.suse.com/1227952 SUSE Bug 1227952 https://bugzilla.suse.com/1227953 SUSE Bug 1227953 https://bugzilla.suse.com/1228000 SUSE Bug 1228000 https://bugzilla.suse.com/1228002 SUSE Bug 1228002 https://bugzilla.suse.com/1228068 SUSE Bug 1228068 https://bugzilla.suse.com/1228507 SUSE Bug 1228507 https://bugzilla.suse.com/1228615 SUSE Bug 1228615 https://bugzilla.suse.com/1228620 SUSE Bug 1228620 https://bugzilla.suse.com/1228635 SUSE Bug 1228635 https://bugzilla.suse.com/1229334 SUSE Bug 1229334 https://bugzilla.suse.com/1229362 SUSE Bug 1229362 https://bugzilla.suse.com/1229363 SUSE Bug 1229363 https://bugzilla.suse.com/1229456 SUSE Bug 1229456 https://bugzilla.suse.com/1229457 SUSE Bug 1229457 https://bugzilla.suse.com/1229633 SUSE Bug 1229633 https://bugzilla.suse.com/1229645 SUSE Bug 1229645 https://bugzilla.suse.com/1229739 SUSE Bug 1229739 https://bugzilla.suse.com/1229753 SUSE Bug 1229753 https://bugzilla.suse.com/1229764 SUSE Bug 1229764 https://bugzilla.suse.com/1229790 SUSE Bug 1229790 https://bugzilla.suse.com/1229830 SUSE Bug 1229830 https://bugzilla.suse.com/1230015 SUSE Bug 1230015 https://bugzilla.suse.com/1230151 SUSE Bug 1230151 https://bugzilla.suse.com/1230171 SUSE Bug 1230171 https://bugzilla.suse.com/1230174 SUSE Bug 1230174 https://bugzilla.suse.com/1230176 SUSE Bug 1230176 https://bugzilla.suse.com/1230178 SUSE Bug 1230178 https://bugzilla.suse.com/1230180 SUSE Bug 1230180 https://bugzilla.suse.com/1230185 SUSE Bug 1230185 https://bugzilla.suse.com/1230200 SUSE Bug 1230200 https://bugzilla.suse.com/1230204 SUSE Bug 1230204 https://bugzilla.suse.com/1230233 SUSE Bug 1230233 https://bugzilla.suse.com/1230248 SUSE Bug 1230248 https://bugzilla.suse.com/1230270 SUSE Bug 1230270 https://bugzilla.suse.com/1230398 SUSE Bug 1230398 https://bugzilla.suse.com/1230506 SUSE Bug 1230506 https://bugzilla.suse.com/1230515 SUSE Bug 1230515 https://bugzilla.suse.com/1230517 SUSE Bug 1230517 https://bugzilla.suse.com/1230533 SUSE Bug 1230533 https://bugzilla.suse.com/1230535 SUSE Bug 1230535 https://bugzilla.suse.com/1230549 SUSE Bug 1230549 https://bugzilla.suse.com/1230556 SUSE Bug 1230556 https://bugzilla.suse.com/1230582 SUSE Bug 1230582 https://bugzilla.suse.com/1230589 SUSE Bug 1230589 https://bugzilla.suse.com/1230700 SUSE Bug 1230700 https://bugzilla.suse.com/1230702 SUSE Bug 1230702 https://bugzilla.suse.com/1230709 SUSE Bug 1230709 https://bugzilla.suse.com/1230710 SUSE Bug 1230710 https://bugzilla.suse.com/1230712 SUSE Bug 1230712 https://bugzilla.suse.com/1230730 SUSE Bug 1230730 https://bugzilla.suse.com/1230731 SUSE Bug 1230731 https://bugzilla.suse.com/1230732 SUSE Bug 1230732 https://bugzilla.suse.com/1230747 SUSE Bug 1230747 https://bugzilla.suse.com/1230748 SUSE Bug 1230748 https://bugzilla.suse.com/1230756 SUSE Bug 1230756 https://bugzilla.suse.com/1230761 SUSE Bug 1230761 https://bugzilla.suse.com/1230763 SUSE Bug 1230763 https://bugzilla.suse.com/1230767 SUSE Bug 1230767 https://bugzilla.suse.com/1230771 SUSE Bug 1230771 https://bugzilla.suse.com/1230783 SUSE Bug 1230783 https://bugzilla.suse.com/1230796 SUSE Bug 1230796 https://bugzilla.suse.com/1230810 SUSE Bug 1230810 https://bugzilla.suse.com/1230814 SUSE Bug 1230814 https://bugzilla.suse.com/1230815 SUSE Bug 1230815 https://bugzilla.suse.com/1230826 SUSE Bug 1230826 https://bugzilla.suse.com/1231083 SUSE Bug 1231083 https://bugzilla.suse.com/1231084 SUSE Bug 1231084 https://bugzilla.suse.com/1231089 SUSE Bug 1231089 https://bugzilla.suse.com/1231120 SUSE Bug 1231120 https://bugzilla.suse.com/1231146 SUSE Bug 1231146 https://bugzilla.suse.com/1231184 SUSE Bug 1231184 https://www.suse.com/security/cve/CVE-2021-47387/ SUSE CVE CVE-2021-47387 page https://www.suse.com/security/cve/CVE-2022-48788/ SUSE CVE CVE-2022-48788 page https://www.suse.com/security/cve/CVE-2022-48789/ SUSE CVE CVE-2022-48789 page https://www.suse.com/security/cve/CVE-2022-48790/ SUSE CVE CVE-2022-48790 page https://www.suse.com/security/cve/CVE-2022-48791/ SUSE CVE CVE-2022-48791 page https://www.suse.com/security/cve/CVE-2022-48799/ SUSE CVE CVE-2022-48799 page https://www.suse.com/security/cve/CVE-2022-48844/ SUSE CVE CVE-2022-48844 page https://www.suse.com/security/cve/CVE-2022-48911/ SUSE CVE CVE-2022-48911 page https://www.suse.com/security/cve/CVE-2022-48943/ SUSE CVE CVE-2022-48943 page https://www.suse.com/security/cve/CVE-2022-48945/ SUSE CVE CVE-2022-48945 page https://www.suse.com/security/cve/CVE-2023-52915/ SUSE CVE CVE-2023-52915 page https://www.suse.com/security/cve/CVE-2024-38381/ SUSE CVE CVE-2024-38381 page https://www.suse.com/security/cve/CVE-2024-38596/ SUSE CVE CVE-2024-38596 page https://www.suse.com/security/cve/CVE-2024-38632/ SUSE CVE CVE-2024-38632 page https://www.suse.com/security/cve/CVE-2024-41073/ SUSE CVE CVE-2024-41073 page https://www.suse.com/security/cve/CVE-2024-41079/ SUSE CVE CVE-2024-41079 page https://www.suse.com/security/cve/CVE-2024-41082/ SUSE CVE CVE-2024-41082 page https://www.suse.com/security/cve/CVE-2024-42154/ SUSE CVE CVE-2024-42154 page https://www.suse.com/security/cve/CVE-2024-42265/ SUSE CVE CVE-2024-42265 page https://www.suse.com/security/cve/CVE-2024-42305/ SUSE CVE CVE-2024-42305 page https://www.suse.com/security/cve/CVE-2024-42306/ SUSE CVE CVE-2024-42306 page https://www.suse.com/security/cve/CVE-2024-43884/ SUSE CVE CVE-2024-43884 page https://www.suse.com/security/cve/CVE-2024-43890/ SUSE CVE CVE-2024-43890 page https://www.suse.com/security/cve/CVE-2024-43898/ SUSE CVE CVE-2024-43898 page https://www.suse.com/security/cve/CVE-2024-43912/ SUSE CVE CVE-2024-43912 page https://www.suse.com/security/cve/CVE-2024-43914/ SUSE CVE CVE-2024-43914 page https://www.suse.com/security/cve/CVE-2024-44946/ SUSE CVE CVE-2024-44946 page https://www.suse.com/security/cve/CVE-2024-44947/ SUSE CVE CVE-2024-44947 page https://www.suse.com/security/cve/CVE-2024-44948/ SUSE CVE CVE-2024-44948 page https://www.suse.com/security/cve/CVE-2024-44950/ SUSE CVE CVE-2024-44950 page https://www.suse.com/security/cve/CVE-2024-44952/ SUSE CVE CVE-2024-44952 page https://www.suse.com/security/cve/CVE-2024-44954/ SUSE CVE CVE-2024-44954 page https://www.suse.com/security/cve/CVE-2024-44969/ SUSE CVE CVE-2024-44969 page https://www.suse.com/security/cve/CVE-2024-44982/ SUSE CVE CVE-2024-44982 page https://www.suse.com/security/cve/CVE-2024-44987/ SUSE CVE CVE-2024-44987 page https://www.suse.com/security/cve/CVE-2024-44998/ SUSE CVE CVE-2024-44998 page https://www.suse.com/security/cve/CVE-2024-44999/ SUSE CVE CVE-2024-44999 page https://www.suse.com/security/cve/CVE-2024-45008/ SUSE CVE CVE-2024-45008 page https://www.suse.com/security/cve/CVE-2024-46673/ SUSE CVE CVE-2024-46673 page https://www.suse.com/security/cve/CVE-2024-46675/ SUSE CVE CVE-2024-46675 page https://www.suse.com/security/cve/CVE-2024-46676/ SUSE CVE CVE-2024-46676 page https://www.suse.com/security/cve/CVE-2024-46677/ SUSE CVE CVE-2024-46677 page https://www.suse.com/security/cve/CVE-2024-46679/ SUSE CVE CVE-2024-46679 page https://www.suse.com/security/cve/CVE-2024-46685/ SUSE CVE CVE-2024-46685 page https://www.suse.com/security/cve/CVE-2024-46686/ SUSE CVE CVE-2024-46686 page https://www.suse.com/security/cve/CVE-2024-46702/ SUSE CVE CVE-2024-46702 page https://www.suse.com/security/cve/CVE-2024-46707/ SUSE CVE CVE-2024-46707 page https://www.suse.com/security/cve/CVE-2024-46715/ SUSE CVE CVE-2024-46715 page https://www.suse.com/security/cve/CVE-2024-46721/ SUSE CVE CVE-2024-46721 page https://www.suse.com/security/cve/CVE-2024-46722/ SUSE CVE CVE-2024-46722 page https://www.suse.com/security/cve/CVE-2024-46723/ SUSE CVE CVE-2024-46723 page https://www.suse.com/security/cve/CVE-2024-46731/ SUSE CVE CVE-2024-46731 page https://www.suse.com/security/cve/CVE-2024-46737/ SUSE CVE CVE-2024-46737 page https://www.suse.com/security/cve/CVE-2024-46738/ SUSE CVE CVE-2024-46738 page https://www.suse.com/security/cve/CVE-2024-46739/ SUSE CVE CVE-2024-46739 page https://www.suse.com/security/cve/CVE-2024-46743/ SUSE CVE CVE-2024-46743 page https://www.suse.com/security/cve/CVE-2024-46744/ SUSE CVE CVE-2024-46744 page https://www.suse.com/security/cve/CVE-2024-46745/ SUSE CVE CVE-2024-46745 page https://www.suse.com/security/cve/CVE-2024-46750/ SUSE CVE CVE-2024-46750 page https://www.suse.com/security/cve/CVE-2024-46753/ SUSE CVE CVE-2024-46753 page https://www.suse.com/security/cve/CVE-2024-46759/ SUSE CVE CVE-2024-46759 page https://www.suse.com/security/cve/CVE-2024-46761/ SUSE CVE CVE-2024-46761 page https://www.suse.com/security/cve/CVE-2024-46770/ SUSE CVE CVE-2024-46770 page https://www.suse.com/security/cve/CVE-2024-46774/ SUSE CVE CVE-2024-46774 page https://www.suse.com/security/cve/CVE-2024-46783/ SUSE CVE CVE-2024-46783 page https://www.suse.com/security/cve/CVE-2024-46784/ SUSE CVE CVE-2024-46784 page https://www.suse.com/security/cve/CVE-2024-46787/ SUSE CVE CVE-2024-46787 page https://www.suse.com/security/cve/CVE-2024-46822/ SUSE CVE CVE-2024-46822 page https://www.suse.com/security/cve/CVE-2024-46853/ SUSE CVE CVE-2024-46853 page https://www.suse.com/security/cve/CVE-2024-46854/ SUSE CVE CVE-2024-46854 page https://www.suse.com/security/cve/CVE-2024-46859/ SUSE CVE CVE-2024-46859 page Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-azure-4.12.14-16.200.1 cluster-md-kmp-azure-4.12.14-16.200.1 dlm-kmp-azure-4.12.14-16.200.1 gfs2-kmp-azure-4.12.14-16.200.1 kernel-azure-base-4.12.14-16.200.1 kernel-azure-devel-4.12.14-16.200.1 kernel-azure-extra-4.12.14-16.200.1 kernel-azure-kgraft-devel-4.12.14-16.200.1 kernel-devel-azure-4.12.14-16.200.1 kernel-source-azure-4.12.14-16.200.1 kernel-syms-azure-4.12.14-16.200.1 kselftests-kmp-azure-4.12.14-16.200.1 ocfs2-kmp-azure-4.12.14-16.200.1 kernel-azure-4.12.14-16.200.1 as a component of Image SLES12-SP5-Azure-HPC-On-Demand kernel-azure-4.12.14-16.200.1 as a component of Image SLES12-SP5-Azure-Standard-On-Demand kernel-azure-4.12.14-16.200.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-azure-base-4.12.14-16.200.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-azure-devel-4.12.14-16.200.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-devel-azure-4.12.14-16.200.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-source-azure-4.12.14-16.200.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-syms-azure-4.12.14-16.200.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-azure-4.12.14-16.200.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-azure-base-4.12.14-16.200.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-azure-devel-4.12.14-16.200.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-devel-azure-4.12.14-16.200.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-source-azure-4.12.14-16.200.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-syms-azure-4.12.14-16.200.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 In the Linux kernel, the following vulnerability has been resolved: cpufreq: schedutil: Use kobject release() method to free sugov_tunables The struct sugov_tunables is protected by the kobject, so we can't free it directly. Otherwise we would get a call trace like this: ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x30 WARNING: CPU: 3 PID: 720 at lib/debugobjects.c:505 debug_print_object+0xb8/0x100 Modules linked in: CPU: 3 PID: 720 Comm: a.sh Tainted: G W 5.14.0-rc1-next-20210715-yocto-standard+ #507 Hardware name: Marvell OcteonTX CN96XX board (DT) pstate: 40400009 (nZcv daif +PAN -UAO -TCO BTYPE=--) pc : debug_print_object+0xb8/0x100 lr : debug_print_object+0xb8/0x100 sp : ffff80001ecaf910 x29: ffff80001ecaf910 x28: ffff00011b10b8d0 x27: ffff800011043d80 x26: ffff00011a8f0000 x25: ffff800013cb3ff0 x24: 0000000000000000 x23: ffff80001142aa68 x22: ffff800011043d80 x21: ffff00010de46f20 x20: ffff800013c0c520 x19: ffff800011d8f5b0 x18: 0000000000000010 x17: 6e6968207473696c x16: 5f72656d6974203a x15: 6570797420746365 x14: 6a626f2029302065 x13: 303378302f307830 x12: 2b6e665f72656d69 x11: ffff8000124b1560 x10: ffff800012331520 x9 : ffff8000100ca6b0 x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 0000000000000001 x5 : ffff800011d8c000 x4 : ffff800011d8c740 x3 : 0000000000000000 x2 : ffff0001108301c0 x1 : ab3c90eedf9c0f00 x0 : 0000000000000000 Call trace: debug_print_object+0xb8/0x100 __debug_check_no_obj_freed+0x1c0/0x230 debug_check_no_obj_freed+0x20/0x88 slab_free_freelist_hook+0x154/0x1c8 kfree+0x114/0x5d0 sugov_exit+0xbc/0xc0 cpufreq_exit_governor+0x44/0x90 cpufreq_set_policy+0x268/0x4a8 store_scaling_governor+0xe0/0x128 store+0xc0/0xf0 sysfs_kf_write+0x54/0x80 kernfs_fop_write_iter+0x128/0x1c0 new_sync_write+0xf0/0x190 vfs_write+0x2d4/0x478 ksys_write+0x74/0x100 __arm64_sys_write+0x24/0x30 invoke_syscall.constprop.0+0x54/0xe0 do_el0_svc+0x64/0x158 el0_svc+0x2c/0xb0 el0t_64_sync_handler+0xb0/0xb8 el0t_64_sync+0x198/0x19c irq event stamp: 5518 hardirqs last enabled at (5517): [<ffff8000100cbd7c>] console_unlock+0x554/0x6c8 hardirqs last disabled at (5518): [<ffff800010fc0638>] el1_dbg+0x28/0xa0 softirqs last enabled at (5504): [<ffff8000100106e0>] __do_softirq+0x4d0/0x6c0 softirqs last disabled at (5483): [<ffff800010049548>] irq_exit+0x1b0/0x1b8 So split the original sugov_tunables_free() into two functions, sugov_clear_global_tunables() is just used to clear the global_tunables and the new sugov_tunables_free() is used as kobj_type::release to release the sugov_tunables safely. CVE-2021-47387 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2021-47387.html CVE-2021-47387 https://bugzilla.suse.com/1225316 SUSE Bug 1225316 In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in order to fully prevent a race where this check is not reliable the error recovery work must flush async_event_work before continuing to destroy the admin queue after setting the ctrl state to RESETTING such that there is no race .submit_async_event and the error recovery handler itself changing the ctrl state. CVE-2022-48788 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2022-48788.html CVE-2022-48788 https://bugzilla.suse.com/1227952 SUSE Bug 1227952 In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport error_recovery work While nvme_tcp_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in order to fully prevent a race where this check is not reliable the error recovery work must flush async_event_work before continuing to destroy the admin queue after setting the ctrl state to RESETTING such that there is no race .submit_async_event and the error recovery handler itself changing the ctrl state. CVE-2022-48789 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2022-48789.html CVE-2022-48789 https://bugzilla.suse.com/1228000 SUSE Bug 1228000 In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queue_rq, in .submit_async_event drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condition that was observed with nvme-tcp. The race condition may happen in the following scenario: 1. driver executes its reset_ctrl_work 2. -> nvme_stop_ctrl - flushes ctrl async_event_work 3. ctrl sends AEN which is received by the host, which in turn schedules AEN handling 4. teardown admin queue (which releases the queue socket) 5. AEN processed, submits another AER, calling the driver to submit 6. driver attempts to send the cmd ==> use-after-free In order to fix that, add ctrl state check to validate the ctrl is actually able to accept the AER submission. This addresses the above race in controller resets because the driver during teardown should: 1. change ctrl state to RESETTING 2. flush async_event_work (as well as other async work elements) So after 1,2, any other AER command will find the ctrl state to be RESETTING and bail out without submitting the AER. CVE-2022-48790 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2022-48790.html CVE-2022-48790 https://bugzilla.suse.com/1227941 SUSE Bug 1227941 In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to timeout. When the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the sas_task is freed in pm8001_exec_internal_tmf_task(). However, if the I/O completion occurs later, the I/O completion still thinks that the sas_task is available. Fix this by clearing the ccb->task if the TMF times out - the I/O completion handler does nothing if this pointer is cleared. CVE-2022-48791 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2022-48791.html CVE-2022-48791 https://bugzilla.suse.com/1228002 SUSE Bug 1228002 https://bugzilla.suse.com/1228012 SUSE Bug 1228012 In the Linux kernel, the following vulnerability has been resolved: perf: Fix list corruption in perf_cgroup_switch() There's list corruption on cgrp_cpuctx_list. This happens on the following path: perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list) cpu_ctx_sched_in ctx_sched_in ctx_pinned_sched_in merge_sched_in perf_cgroup_event_disable: remove the event from the list Use list_for_each_entry_safe() to allow removing an entry during iteration. CVE-2022-48799 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2022-48799.html CVE-2022-48799 https://bugzilla.suse.com/1227953 SUSE Bug 1227953 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix leaking sent_cmd skb sent_cmd memory is not freed before freeing hci_dev causing it to leak it contents. CVE-2022-48844 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2022-48844.html CVE-2022-48844 https://bugzilla.suse.com/1228068 SUSE Bug 1228068 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet and need to indicate an error. The packet will be dropped by the caller. v2: split skb prefetch hunk into separate change CVE-2022-48911 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2022-48911.html CVE-2022-48911 https://bugzilla.suse.com/1229633 SUSE Bug 1229633 https://bugzilla.suse.com/1229640 SUSE Bug 1229640 In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvm_arch_can_dequeue_async_page_present() to determine whether to deliver a READY event to the Guest. This function test token value of struct kvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a READY event is finished by Guest. If value is zero meaning that a READY event is done, so the KVM can deliver another. But the kvm_arch_setup_async_pf() may produce a valid token with zero value, which is confused with previous mention and may lead the loss of this READY event. This bug may cause task blocked forever in Guest: INFO: task stress:7532 blocked for more than 1254 seconds. Not tainted 5.10.0 #16 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:stress state:D stack: 0 pid: 7532 ppid: 1409 flags:0x00000080 Call Trace: __schedule+0x1e7/0x650 schedule+0x46/0xb0 kvm_async_pf_task_wait_schedule+0xad/0xe0 ? exit_to_user_mode_prepare+0x60/0x70 __kvm_handle_async_pf+0x4f/0xb0 ? asm_exc_page_fault+0x8/0x30 exc_page_fault+0x6f/0x110 ? asm_exc_page_fault+0x8/0x30 asm_exc_page_fault+0x1e/0x30 RIP: 0033:0x402d00 RSP: 002b:00007ffd31912500 EFLAGS: 00010206 RAX: 0000000000071000 RBX: ffffffffffffffff RCX: 00000000021a32b0 RDX: 000000000007d011 RSI: 000000000007d000 RDI: 00000000021262b0 RBP: 00000000021262b0 R08: 0000000000000003 R09: 0000000000000086 R10: 00000000000000eb R11: 00007fefbdf2baa0 R12: 0000000000000000 R13: 0000000000000002 R14: 000000000007d000 R15: 0000000000001000 CVE-2022-48943 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2022-48943.html CVE-2022-48943 https://bugzilla.suse.com/1229645 SUSE Bug 1229645 In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0 Oops: 0002 [#1] PREEMPT SMP CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:memcpy_erms+0x6/0x10 [...] Call Trace: <TASK> ? tpg_fill_plane_buffer+0x856/0x15b0 vivid_fillbuff+0x8ac/0x1110 vivid_thread_vid_cap_tick+0x361/0xc90 vivid_thread_vid_cap+0x21a/0x3a0 kthread+0x143/0x180 ret_from_fork+0x1f/0x30 </TASK> This is because we forget to check boundary after adjust compose->height int V4L2_SEL_TGT_CROP case. Add v4l2_rect_map_inside() to fix this problem for this case. CVE-2022-48945 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2022-48945.html CVE-2022-48945 https://bugzilla.suse.com/1230398 SUSE Bug 1230398 https://bugzilla.suse.com/1235889 SUSE Bug 1235889 In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9035_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") CVE-2023-52915 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2023-52915.html CVE-2023-52915 https://bugzilla.suse.com/1230270 SUSE Bug 1230270 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded. CVE-2024-38381 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-38381.html CVE-2024-38381 https://bugzilla.suse.com/1226878 SUSE Bug 1226878 In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONCE. However, on the reader side, unix_stream_sendmsg() does not read it atomically. Consequently, this issue is causing the following KCSAN splat to occur: BUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg write (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28: unix_release_sock (net/unix/af_unix.c:640) unix_release (net/unix/af_unix.c:1050) sock_close (net/socket.c:659 net/socket.c:1421) __fput (fs/file_table.c:422) __fput_sync (fs/file_table.c:508) __se_sys_close (fs/open.c:1559 fs/open.c:1541) __x64_sys_close (fs/open.c:1541) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) read to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14: unix_stream_sendmsg (net/unix/af_unix.c:2273) __sock_sendmsg (net/socket.c:730 net/socket.c:745) ____sys_sendmsg (net/socket.c:2584) __sys_sendmmsg (net/socket.c:2638 net/socket.c:2724) __x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) value changed: 0x01 -> 0x03 The line numbers are related to commit dd5a440a31fa ("Linux 6.9-rc7"). Commit e1d09c2c2f57 ("af_unix: Fix data races around sk->sk_shutdown.") addressed a comparable issue in the past regarding sk->sk_shutdown. However, it overlooked resolving this particular data path. This patch only offending unix_stream_sendmsg() function, since the other reads seem to be protected by unix_state_lock() as discussed in CVE-2024-38596 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-38596.html CVE-2024-38596 https://bugzilla.suse.com/1226846 SUSE Bug 1226846 In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix potential memory leak in vfio_intx_enable() If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak. CVE-2024-38632 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-38632.html CVE-2024-38632 https://bugzilla.suse.com/1226860 SUSE Bug 1226860 In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQF_SPECIAL_LOAD when the request is cleaned. CVE-2024-41073 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-41073.html CVE-2024-41073 https://bugzilla.suse.com/1228635 SUSE Bug 1228635 In the Linux kernel, the following vulnerability has been resolved: nvmet: always initialize cqe.result The spec doesn't mandate that the first two double words (aka results) for the command queue entry need to be set to 0 when they are not used (not specified). Though, the target implemention returns 0 for TCP and FC but not for RDMA. Let's make RDMA behave the same and thus explicitly initializing the result field. This prevents leaking any data from the stack. CVE-2024-41079 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-41079.html CVE-2024-41079 https://bugzilla.suse.com/1228615 SUSE Bug 1228615 In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: use reserved tag for reg read/write command In some scenarios, if too many commands are issued by nvme command in the same time by user tasks, this may exhaust all tags of admin_q. If a reset (nvme reset or IO timeout) occurs before these commands finish, reconnect routine may fail to update nvme regs due to insufficient tags, which will cause kernel hang forever. In order to workaround this issue, maybe we can let reg_read32()/reg_read64()/reg_write32() use reserved tags. This maybe safe for nvmf: 1. For the disable ctrl path, we will not issue connect command 2. For the enable ctrl / fw activate path, since connect and reg_xx() are called serially. So the reserved tags may still be enough while reg_xx() use reserved tags. CVE-2024-41082 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-41082.html CVE-2024-41082 https://bugzilla.suse.com/1228620 SUSE Bug 1228620 In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated). CVE-2024-42154 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-42154.html CVE-2024-42154 https://bugzilla.suse.com/1228507 SUSE Bug 1228507 In the Linux kernel, the following vulnerability has been resolved: protect the fetch of ->fd[fd] in do_dup2() from mispredictions both callers have verified that fd is not greater than ->max_fds; however, misprediction might end up with tofree = fdt->fd[fd]; being speculatively executed. That's wrong for the same reasons why it's wrong in close_fd()/file_close_fd_locked(); the same solution applies - array_index_nospec(fd, fdt->max_fds) could differ from fd only in case of speculative execution on mispredicted path. CVE-2024-42265 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-42265.html CVE-2024-42265 https://bugzilla.suse.com/1229334 SUSE Bug 1229334 In the Linux kernel, the following vulnerability has been resolved: ext4: check dot and dotdot of dx_root before making dir indexed Syzbot reports a issue as follows: ============================================ BUG: unable to handle page fault for address: ffffed11022e24fe PGD 23ffee067 P4D 23ffee067 PUD 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0 Call Trace: <TASK> make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341 ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451 ext4_rename fs/ext4/namei.c:3936 [inline] ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214 [...] ============================================ The immediate cause of this problem is that there is only one valid dentry for the block to be split during do_split, so split==0 results in out of bounds accesses to the map triggering the issue. do_split unsigned split dx_make_map count = 1 split = count/2 = 0; continued = hash2 == map[split - 1].hash; ---> map[4294967295] The maximum length of a filename is 255 and the minimum block size is 1024, so it is always guaranteed that the number of entries is greater than or equal to 2 when do_split() is called. But syzbot's crafted image has no dot and dotdot in dir, and the dentry distribution in dirblock is as follows: bus dentry1 hole dentry2 free |xx--|xx-------------|...............|xx-------------|...............| 0 12 (8+248)=256 268 256 524 (8+256)=264 788 236 1024 So when renaming dentry1 increases its name_len length by 1, neither hole nor free is sufficient to hold the new dentry, and make_indexed_dir() is called. In make_indexed_dir() it is assumed that the first two entries of the dirblock must be dot and dotdot, so bus and dentry1 are left in dx_root because they are treated as dot and dotdot, and only dentry2 is moved to the new leaf block. That's why count is equal to 1. Therefore add the ext4_check_dx_root() helper function to add more sanity checks to dot and dotdot before starting the conversion to avoid the above issue. CVE-2024-42305 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-42305.html CVE-2024-42305 https://bugzilla.suse.com/1229363 SUSE Bug 1229363 In the Linux kernel, the following vulnerability has been resolved: udf: Avoid using corrupted block bitmap buffer When the filesystem block bitmap is corrupted, we detect the corruption while loading the bitmap and fail the allocation with error. However the next allocation from the same bitmap will notice the bitmap buffer is already loaded and tries to allocate from the bitmap with mixed results (depending on the exact nature of the bitmap corruption). Fix the problem by using BH_verified bit to indicate whether the bitmap is valid or not. CVE-2024-42306 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-42306.html CVE-2024-42306 https://bugzilla.suse.com/1229362 SUSE Bug 1229362 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the function. CVE-2024-43884 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-43884.html CVE-2024-43884 https://bugzilla.suse.com/1229739 SUSE Bug 1229739 In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracing_map even though the maximum number of elements (`max_elts`) has been reached. Continuing to insert elements after the overflow could result in the tracing_map containing "tracing_map->max_size" elements, leaving no empty entries. If any attempt is made to insert an element into a full tracing_map using `__tracing_map_insert()`, it will cause an infinite loop with preemption disabled, leading to a CPU hang problem. Fix this by preventing any further increments to "tracing_map->next_elt" once it reaches "tracing_map->max_elt". CVE-2024-43890 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-43890.html CVE-2024-43890 https://bugzilla.suse.com/1229764 SUSE Bug 1229764 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-43898 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-43898.html CVE-2024-43898 https://bugzilla.suse.com/1229753 SUSE Bug 1229753 In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: disallow setting special AP channel widths Setting the AP channel width is meant for use with the normal 20/40/... MHz channel width progression, and switching around in S1G or narrow channels isn't supported. Disallow that. CVE-2024-43912 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-43912.html CVE-2024-43912 https://bugzilla.suse.com/1229830 SUSE Bug 1229830 In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUG_ON() while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUG_ON() can be triggerred by the test: kernel BUG at drivers/md/raid5.c:6278! invalid opcode: 0000 [#1] PREEMPT SMP PTI irq event stamp: 158985 CPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94 RIP: 0010:reshape_request+0x3f1/0xe60 Call Trace: <TASK> raid5_sync_request+0x43d/0x550 md_do_sync+0xb7a/0x2110 md_thread+0x294/0x2b0 kthread+0x147/0x1c0 ret_from_fork+0x59/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> Root cause is that --revert-reshape update the raid_disks from 5 to 4, while reshape position is still set, and after reassembling the array, reshape position will be read from super block, then during reshape the checking of 'writepos' that is caculated by old reshape position will fail. Fix this panic the easy way first, by converting the BUG_ON() to WARN_ON(), and stop the reshape if checkings fail. Noted that mdadm must fix --revert-shape as well, and probably md/raid should enhance metadata validation as well, however this means reassemble will fail and there must be user tools to fix the wrong metadata. CVE-2024-43914 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-43914.html CVE-2024-43914 https://bugzilla.suse.com/1229790 SUSE Bug 1229790 In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. syzkaller reported UAF in kcm_release(). [0] The scenario is 1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb. 2. Thread A resumes building skb from kcm->seq_skb but is blocked by sk_stream_wait_memory() 3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb and puts the skb to the write queue 4. Thread A faces an error and finally frees skb that is already in the write queue 5. kcm_release() does double-free the skb in the write queue When a thread is building a MSG_MORE skb, another thread must not touch it. Let's add a per-sk mutex and serialise kcm_sendmsg(). [0]: BUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline] BUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline] BUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] BUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline] BUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 Read of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167 CPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call trace: dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0x178/0x518 mm/kasan/report.c:488 kasan_report+0xd8/0x138 mm/kasan/report.c:601 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 __skb_unlink include/linux/skbuff.h:2366 [inline] __skb_dequeue include/linux/skbuff.h:2385 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] __skb_queue_purge include/linux/skbuff.h:3181 [inline] kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 __sock_release net/socket.c:659 [inline] sock_close+0xa4/0x1e8 net/socket.c:1421 __fput+0x30c/0x738 fs/file_table.c:376 ____fput+0x20/0x30 fs/file_table.c:404 task_work_run+0x230/0x2e0 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x618/0x1f64 kernel/exit.c:871 do_group_exit+0x194/0x22c kernel/exit.c:1020 get_signal+0x1500/0x15ec kernel/signal.c:2893 do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Allocated by task 6166: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903 __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641 alloc_skb include/linux/skbuff.h:1296 [inline] kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x220/0x2c0 net/socket.c:768 splice_to_socket+0x7cc/0xd58 fs/splice.c:889 do_splice_from fs/splice.c:941 [inline] direct_splice_actor+0xec/0x1d8 fs/splice.c:1164 splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108 do_splice_direct_actor ---truncated--- CVE-2024-44946 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-44946.html CVE-2024-44946 https://bugzilla.suse.com/1230015 SUSE Bug 1230015 https://bugzilla.suse.com/1230016 SUSE Bug 1230016 In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). CVE-2024-44947 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-44947.html CVE-2024-44947 https://bugzilla.suse.com/1229456 SUSE Bug 1229456 https://bugzilla.suse.com/1230098 SUSE Bug 1230098 In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the MTRR capability MSR. So far all x86 CPUs which support MTRR have this separate bit set, so it went unnoticed that mtrr_save_state() does not check the capability bit before accessing the fixed MTRR MSRs. Though on a CPU that does not support the fixed MTRR capability this results in a #GP. The #GP itself is harmless because the RDMSR fault is handled gracefully, but results in a WARN_ON(). Add the missing capability check to prevent this. CVE-2024-44948 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-44948.html CVE-2024-44948 https://bugzilla.suse.com/1230174 SUSE Bug 1230174 In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix invalid FIFO access with special register set When enabling access to the special register set, Receiver time-out and RHR interrupts can happen. In this case, the IRQ handler will try to read from the FIFO thru the RHR register at address 0x00, but address 0x00 is mapped to DLL register, resulting in erroneous FIFO reading. Call graph example: sc16is7xx_startup(): entry sc16is7xx_ms_proc(): entry sc16is7xx_set_termios(): entry sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set sc16is7xx_port_irq() entry --> IIR is 0x0C sc16is7xx_handle_rx() entry sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is mapped to DLL (LCR=LCR_CONF_MODE_A) sc16is7xx_set_baud(): exit --> Restore access to general register set Fix the problem by claiming the efr_lock mutex when accessing the Special register set. CVE-2024-44950 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-44950.html CVE-2024-44950 https://bugzilla.suse.com/1230180 SUSE Bug 1230180 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-44952 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-44952.html CVE-2024-44952 https://bugzilla.suse.com/1230178 SUSE Bug 1230178 In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warning triggered by syzkaller below (so put as reported-by here). This patch protects the midibuf call of the former code path with a spinlock for avoiding the possible races. CVE-2024-44954 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-44954.html CVE-2024-44954 https://bugzilla.suse.com/1230176 SUSE Bug 1230176 In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, there is a chance that the SCLP facility might store data into buffers referenced by the original operation at a later time. Handle this situation by not releasing the referenced data buffers if the halt attempt fails. For current use cases, this might result in a leak of few pages of memory in case of a rare hardware/firmware malfunction. CVE-2024-44969 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-44969.html CVE-2024-44969 https://bugzilla.suse.com/1230200 SUSE Bug 1230200 In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails If the dpu_format_populate_layout() fails, then FB is prepared, but not cleaned up. This ends up leaking the pin_count on the GEM object and causes a splat during DRM file closure: msm_obj->pin_count WARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc [...] Call trace: update_lru_locked+0xc4/0xcc put_pages+0xac/0x100 msm_gem_free_object+0x138/0x180 drm_gem_object_free+0x1c/0x30 drm_gem_object_handle_put_unlocked+0x108/0x10c drm_gem_object_release_handle+0x58/0x70 idr_for_each+0x68/0xec drm_gem_release+0x28/0x40 drm_file_free+0x174/0x234 drm_release+0xb0/0x160 __fput+0xc0/0x2c8 __fput_sync+0x50/0x5c __arm64_sys_close+0x38/0x7c invoke_syscall+0x48/0x118 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x4c/0x120 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194 irq event stamp: 129818 hardirqs last enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124 hardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c softirqs last enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8 softirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20 Patchwork: https://patchwork.freedesktop.org/patch/600714/ CVE-2024-44982 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-44982.html CVE-2024-44982 https://bugzilla.suse.com/1230204 SUSE Bug 1230204 In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_lock(). A similar issue has been fixed in commit a688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()") Another potential issue in ip6_finish_output2() is handled in a separate patch. [1] BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 Read of size 8 at addr ffff88806dde4858 by task syz.1.380/6530 CPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588 rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 sock_write_iter+0x2dd/0x400 net/socket.c:1160 do_iter_readv_writev+0x60a/0x890 vfs_writev+0x37c/0xbb0 fs/read_write.c:971 do_writev+0x1b1/0x350 fs/read_write.c:1018 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f936bf79e79 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79 RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004 RBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8 </TASK> Allocated by task 6530: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3988 [inline] slab_alloc_node mm/slub.c:4037 [inline] kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044 dst_alloc+0x12b/0x190 net/core/dst.c:89 ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670 make_blackhole net/xfrm/xfrm_policy.c:3120 [inline] xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313 ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257 rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597 ___sys_sendmsg net/socket.c:2651 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 45: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2252 [inline] slab_free mm/slub.c:4473 [inline] kmem_cache_free+0x145/0x350 mm/slub.c:4548 dst_destroy+0x2ac/0x460 net/core/dst.c:124 rcu_do_batch kernel/rcu/tree.c:2569 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree. ---truncated--- CVE-2024-44987 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-44987.html CVE-2024-44987 https://bugzilla.suse.com/1230185 SUSE Bug 1230185 In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeue_rx() We can't dereference "skb" after calling vcc->push() because the skb is released. CVE-2024-44998 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-44998.html CVE-2024-44998 https://bugzilla.suse.com/1230171 SUSE Bug 1230171 In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtp_dev_xmit() syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] We must make sure the IPv4 or Ipv6 header is pulled in skb->head before accessing fields in them. Use pskb_inet_may_pull() to fix this issue. [1] BUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline] BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 ipv6_pdp_find drivers/net/gtp.c:220 [inline] gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 __netdev_start_xmit include/linux/netdevice.h:4913 [inline] netdev_start_xmit include/linux/netdevice.h:4922 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596 __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423 dev_queue_xmit include/linux/netdevice.h:3105 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3145 [inline] packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2204 __do_sys_sendto net/socket.c:2216 [inline] __se_sys_sendto net/socket.c:2212 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:3994 [inline] slab_alloc_node mm/slub.c:4037 [inline] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674 alloc_skb include/linux/skbuff.h:1320 [inline] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815 packet_alloc_skb net/packet/af_packet.c:2994 [inline] packet_snd net/packet/af_packet.c:3088 [inline] packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2204 __do_sys_sendto net/socket.c:2216 [inline] __se_sys_sendto net/socket.c:2212 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 CVE-2024-44999 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-44999.html CVE-2024-44999 https://bugzilla.suse.com/1230233 SUSE Bug 1230233 In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this patch chose 1024. CVE-2024-45008 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-45008.html CVE-2024-45008 https://bugzilla.suse.com/1230248 SUSE Bug 1230248 In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure aac_probe_one() calls hardware-specific init functions through the aac_driver_ident::init pointer, all of which eventually call down to aac_init_adapter(). If aac_init_adapter() fails after allocating memory for aac_dev::queues, it frees the memory but does not clear that member. After the hardware-specific init function returns an error, aac_probe_one() goes down an error path that frees the memory pointed to by aac_dev::queues, resulting.in a double-free. CVE-2024-46673 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46673.html CVE-2024-46673 https://bugzilla.suse.com/1230506 SUSE Bug 1230506 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and other memory issues in Exynos platforms. The problem arises from the following sequence. 1. In dwc3_gadget_suspend, there is a chance of a timeout when moving the USB core to the halt state after clearing the run/stop bit by software. 2. In dwc3_core_exit, the event buffer is cleared regardless of the USB core's status, which may lead to an SMMU faults and other memory issues. if the USB core tries to access the event buffer address. To prevent this hardware quirk on Exynos platforms, this commit ensures that the event buffer address is not cleared by software when the USB core is active during runtime suspend by checking its status before clearing the buffer address. CVE-2024-46675 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46675.html CVE-2024-46675 https://bugzilla.suse.com/1230533 SUSE Bug 1230533 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev->poll_mod_count will remain 0 which lead to division by zero. Normally no im protocol has value 1 in the mask, so this combination is not expected by driver. But these protocol values actually come from userspace via Netlink interface (NFC_CMD_START_POLL operation). So a broken or malicious program may pass a message containing a "bad" combination of protocol parameter values so that dev->poll_mod_count is not incremented inside pn533_poll_create_mod_list(), thus leading to division by zero. Call trace looks like: nfc_genl_start_poll() nfc_start_poll() ->start_poll() pn533_start_poll() Add poll mod list filling check. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-46676 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46676.html CVE-2024-46676 https://bugzilla.suse.com/1230535 SUSE Bug 1230535 In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it by returning an error pointer with the error code carried from sockfd_lookup(). (I found this bug during code inspection.) CVE-2024-46677 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46677.html CVE-2024-46677 https://bugzilla.suse.com/1230549 SUSE Bug 1230549 In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4 #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300 #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3 #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1 #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb crash> struct net_device.state ffff9a9d21336000 state = 5, state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100). The device is not present, note lack of __LINK_STATE_PRESENT (0b10). This is the same sort of panic as observed in commit 4224cfd7fb65 ("net-sysfs: add check for netdevice being present to speed_show"). There are many other callers of __ethtool_get_link_ksettings() which don't have a device presence check. Move this check into ethtool to protect all callers. CVE-2024-46679 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46679.html CVE-2024-46679 https://bugzilla.suse.com/1230556 SUSE Bug 1230556 In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. CVE-2024-46685 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46685.html CVE-2024-46685 https://bugzilla.suse.com/1230515 SUSE Bug 1230515 In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold. CVE-2024-46686 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46686.html CVE-2024-46686 https://bugzilla.suse.com/1230517 SUSE Bug 1230517 In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another host connected with enabled paths we hang in tearing them down. This is due to fact that the Thunderbolt networking driver also tries to cleanup the paths and ends up blocking in tb_disconnect_xdomain_paths() waiting for the domain lock. However, at this point we already cleaned the paths in tb_stop() so there is really no need for tb_disconnect_xdomain_paths() to do that anymore. Furthermore it already checks if the XDomain is unplugged and bails out early so take advantage of that and mark the XDomain as unplugged when we remove the parent router. CVE-2024-46702 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46702.html CVE-2024-46702 https://bugzilla.suse.com/1230589 SUSE Bug 1230589 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICC_*SGI*_EL1 registers is trapped to EL2. We therefore try to emulate the SGI access, only to hit a NULL pointer as no private interrupt is allocated (no GIC, remember?). The obvious fix is to give the guest what it deserves, in the shape of a UNDEF exception. CVE-2024-46707 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46707.html CVE-2024-46707 https://bugzilla.suse.com/1230582 SUSE Bug 1230582 In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysfs entries produce a kernel oops such as: [ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute [...] [ 2203.783416] Call trace: [ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48 [ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120 [ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4 [ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0 [ 2203.802236] vfs_read from ksys_read+0xa4/0xd4 [ 2203.805385] ksys_read from ret_fast_syscall+0x0/0x54 [ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0) [ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000 [ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000 [ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0 [ 2203.830363] Code: bad PC value [ 2203.832695] ---[ end trace 0000000000000000 ]--- CVE-2024-46715 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46715.html CVE-2024-46715 https://bugzilla.suse.com/1230700 SUSE Bug 1230700 In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000 ---truncated--- CVE-2024-46721 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46721.html CVE-2024-46721 https://bugzilla.suse.com/1230710 SUSE Bug 1230710 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning Clear warning that read mc_data[i-1] may out-of-bounds. CVE-2024-46722 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46722.html CVE-2024-46722 https://bugzilla.suse.com/1230712 SUSE Bug 1230712 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning Clear warning that read ucode[] may out-of-bounds. CVE-2024-46723 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46723.html CVE-2024-46723 https://bugzilla.suse.com/1230702 SUSE Bug 1230702 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. CVE-2024-46731 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46731.html CVE-2024-46731 https://bugzilla.suse.com/1230709 SUSE Bug 1230709 In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference. nvmet: failed to install queue 0 cntlid 1 ret 6 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Fix the bug by setting queue->nr_cmds to zero in case nvmet_tcp_alloc_cmd() fails. CVE-2024-46737 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46737.html CVE-2024-46737 https://bugzilla.suse.com/1230730 SUSE Bug 1230730 In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is performed using the resource handle by comparing context and resource fields. It is possible though to create two resources with different types but same handle (same context and resource fields). When trying to remove one of the resources, vmci_resource_remove() may not remove the intended one, but the object will still be freed as in the case of the datagram type in vmci_datagram_destroy_handle(). vmci_resource_table will still hold a pointer to this freed resource leading to a use-after-free vulnerability. BUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline] BUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 Read of size 4 at addr ffff88801c16d800 by task syz-executor197/1592 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106 print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239 __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425 kasan_report+0x38/0x51 mm/kasan/report.c:442 vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline] vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182 ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444 kref_put include/linux/kref.h:65 [inline] vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline] vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195 vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143 __fput+0x261/0xa34 fs/file_table.c:282 task_work_run+0xf0/0x194 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187 exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220 __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline] syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313 do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x6e/0x0 This change ensures the type is also checked when removing the resource from vmci_resource_table in vmci_resource_remove(). CVE-2024-46738 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46738.html CVE-2024-46738 https://bugzilla.suse.com/1230731 SUSE Bug 1230731 In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind callback is meant for primary channels only. Fix NULL pointer dereference by retrieving the device_obj from the parent for the primary channel. CVE-2024-46739 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46739.html CVE-2024-46739 https://bugzilla.suse.com/1230732 SUSE Bug 1230732 In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ================================================================== BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0 Read of size 4 at addr ffffff81beca5608 by task bash/764 CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1 Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Call trace: dump_backtrace+0xdc/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0x6c/0x84 print_report+0x150/0x448 kasan_report+0x98/0x140 __asan_load4+0x78/0xa0 of_irq_parse_raw+0x2b8/0x8d0 of_irq_parse_one+0x24c/0x270 parse_interrupts+0xc0/0x120 of_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 device_add+0xb38/0xc30 of_device_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... The buggy address belongs to the object at ffffff81beca5600 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 8 bytes inside of 128-byte region [ffffff81beca5600, ffffff81beca5680) The buggy address belongs to the physical page: page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4 head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x8000000000010200(slab|head|zone=2) raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ================================================================== OF: -> got it ! Prevent the out-of-bounds read by copying the device address into a buffer of sufficient size. CVE-2024-46743 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46743.html CVE-2024-46743 https://bugzilla.suse.com/1230756 SUSE Bug 1230756 In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1. squashfs_read_inode() is called to read the symbolic link from disk. This assigns the corrupted value 3875536935 to inode->i_size. 2. Later squashfs_symlink_read_folio() is called, which assigns this corrupted value to the length variable, which being a signed int, overflows producing a negative number. 3. The following loop that fills in the page contents checks that the copied bytes is less than length, which being negative means the loop is skipped, producing an uninitialised page. This patch adds a sanity check which checks that the symbolic link size is not larger than expected. -- V2: fix spelling mistake. CVE-2024-46744 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46744.html CVE-2024-46744 https://bugzilla.suse.com/1230747 SUSE Bug 1230747 In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts. CVE-2024-46745 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46745.html CVE-2024-46745 https://bugzilla.suse.com/1230748 SUSE Bug 1230748 In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() One of the true positives that the cfg_access_lock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70 RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70 Call Trace: <TASK> ? __warn+0x8c/0x190 ? pci_bridge_secondary_bus_reset+0x5d/0x70 ? report_bug+0x1f8/0x200 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? pci_bridge_secondary_bus_reset+0x5d/0x70 pci_reset_bus+0x1d8/0x270 vmd_probe+0x778/0xa10 pci_device_probe+0x95/0x120 Where pci_reset_bus() users are triggering unlocked secondary bus resets. Ironically pci_bus_reset(), several calls down from pci_reset_bus(), uses pci_bus_lock() before issuing the reset which locks everything *but* the bridge itself. For the same motivation as adding: bridge = pci_upstream_bridge(dev); if (bridge) pci_dev_lock(bridge); to pci_reset_function() for the "bus" and "cxl_bus" reset cases, add pci_dev_lock() for @bus->self to pci_bus_lock(). [bhelgaas: squash in recursive locking deadlock fix from Keith Busch: https://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com] CVE-2024-46750 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46750.html CVE-2024-46750 https://bugzilla.suse.com/1230783 SUSE Bug 1230783 In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfs_dec_ref() properly In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error. CVE-2024-46753 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46753.html CVE-2024-46753 https://bugzilla.suse.com/1230796 SUSE Bug 1230796 In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. CVE-2024-46759 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46759.html CVE-2024-46759 https://bugzilla.suse.com/1230814 SUSE Bug 1230814 In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes the NULL pointer dereference and kernel crash. The patch fixes the check during unregistration path to prevent invoking pci_disable_msi/msix() since its data structure is already freed. CVE-2024-46761 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46761.html CVE-2024-46761 https://bugzilla.suse.com/1230761 SUSE Bug 1230761 In the Linux kernel, the following vulnerability has been resolved: ice: Add netif_device_attach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to access deleted resources, e.g. getting coalesce settings can result in a NULL pointer dereference seen below. Reproduction steps: Once the driver is fully initialized, trigger reset: # echo 1 > /sys/class/net/<interface>/device/reset when reset is in progress try to get coalesce settings using ethtool: # ethtool -c <interface> BUG: kernel NULL pointer dereference, address: 0000000000000020 PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ #7 RIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice] RSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206 RAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000 R13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40 FS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0 Call Trace: <TASK> ice_get_coalesce+0x17/0x30 [ice] coalesce_prepare_data+0x61/0x80 ethnl_default_doit+0xde/0x340 genl_family_rcv_msg_doit+0xf2/0x150 genl_rcv_msg+0x1b3/0x2c0 netlink_rcv_skb+0x5b/0x110 genl_rcv+0x28/0x40 netlink_unicast+0x19c/0x290 netlink_sendmsg+0x222/0x490 __sys_sendto+0x1df/0x1f0 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x82/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7faee60d8e27 Calling netif_device_detach() before reset makes the net core not call the driver when ethtool command is issued, the attempt to execute an ethtool command during reset will result in the following message: netlink error: No such device instead of NULL pointer dereference. Once reset is done and ice_rebuild() is executing, the netif_device_attach() is called to allow for ethtool operations to occur again in a safe manner. CVE-2024-46770 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46770.html CVE-2024-46770 https://bugzilla.suse.com/1230763 SUSE Bug 1230763 In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp these values for speculative execution. CVE-2024-46774 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46774.html CVE-2024-46774 https://bugzilla.suse.com/1230767 SUSE Bug 1230767 In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg() When we cork messages in psock->cork, the last message triggers the flushing will result in sending a sk_msg larger than the current message size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes negative at least in the following case: 468 case __SK_DROP: 469 default: 470 sk_msg_free_partial(sk, msg, tosend); 471 sk_msg_apply_bytes(psock, tosend); 472 *copied -= (tosend + delta); // <==== HERE 473 return -EACCES; Therefore, it could lead to the following BUG with a proper value of 'copied' (thanks to syzbot). We should not use negative 'copied' as a return value here. ------------[ cut here ]------------ kernel BUG at net/socket.c:733! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0 Hardware name: linux,dummy-virt (DT) pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) pc : sock_sendmsg_nosec net/socket.c:733 [inline] pc : sock_sendmsg_nosec net/socket.c:728 [inline] pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745 lr : sock_sendmsg_nosec net/socket.c:730 [inline] lr : __sock_sendmsg+0x54/0x60 net/socket.c:745 sp : ffff800088ea3b30 x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000 x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000 x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90 x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001 x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0 x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000 x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef Call trace: sock_sendmsg_nosec net/socket.c:733 [inline] __sock_sendmsg+0x5c/0x60 net/socket.c:745 ____sys_sendmsg+0x274/0x2ac net/socket.c:2597 ___sys_sendmsg+0xac/0x100 net/socket.c:2651 __sys_sendmsg+0x84/0xe0 net/socket.c:2680 __do_sys_sendmsg net/socket.c:2689 [inline] __se_sys_sendmsg net/socket.c:2687 [inline] __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49 el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151 el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598 Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000) ---[ end trace 0000000000000000 ]--- CVE-2024-46783 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46783.html CVE-2024-46783 https://bugzilla.suse.com/1230810 SUSE Bug 1230810 In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic. ? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80 CVE-2024-46784 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46784.html CVE-2024-46784 https://bugzilla.suse.com/1230771 SUSE Bug 1230771 In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. The pmd_trans_huge() code in mfill_atomic() is wrong in three different ways depending on kernel version: 1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit the right two race windows) - I've tested this in a kernel build with some extra mdelay() calls. See the commit message for a description of the race scenario. On older kernels (before 6.5), I think the same bug can even theoretically lead to accessing transhuge page contents as a page table if you hit the right 5 narrow race windows (I haven't tested this case). 2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for detecting PMDs that don't point to page tables. On older kernels (before 6.5), you'd just have to win a single fairly wide race to hit this. I've tested this on 6.1 stable by racing migration (with a mdelay() patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86 VM, that causes a kernel oops in ptlock_ptr(). 3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed to yank page tables out from under us (though I haven't tested that), so I think the BUG_ON() checks in mfill_atomic() are just wrong. I decided to write two separate fixes for these (one fix for bugs 1+2, one fix for bug 3), so that the first fix can be backported to kernels affected by bugs 1+2. This patch (of 2): This fixes two issues. I discovered that the following race can occur: mfill_atomic other thread ============ ============ <zap PMD> pmdp_get_lockless() [reads none pmd] <bail if trans_huge> <if none:> <pagefault creates transhuge zeropage> __pte_alloc [no-op] <zap PMD> <bail if pmd_trans_huge(*dst_pmd)> BUG_ON(pmd_none(*dst_pmd)) I have experimentally verified this in a kernel with extra mdelay() calls; the BUG_ON(pmd_none(*dst_pmd)) triggers. On kernels newer than commit 0d940a9b270b ("mm/pgtable: allow pte_offset_map[_lock]() to fail"), this can't lead to anything worse than a BUG_ON(), since the page table access helpers are actually designed to deal with page tables concurrently disappearing; but on older kernels (<=6.4), I think we could probably theoretically race past the two BUG_ON() checks and end up treating a hugepage as a page table. The second issue is that, as Qi Zheng pointed out, there are other types of huge PMDs that pmd_trans_huge() can't catch: devmap PMDs and swap PMDs (in particular, migration PMDs). On <=6.4, this is worse than the first issue: If mfill_atomic() runs on a PMD that contains a migration entry (which just requires winning a single, fairly wide race), it will pass the PMD to pte_offset_map_lock(), which assumes that the PMD points to a page table. Breakage follows: First, the kernel tries to take the PTE lock (which will crash or maybe worse if there is no "struct page" for the address bits in the migration entry PMD - I think at least on X86 there usually is no corresponding "struct page" thanks to the PTE inversion mitigation, amd64 looks different). If that didn't crash, the kernel would next try to write a PTE into what it wrongly thinks is a page table. As part of fixing these issues, get rid of the check for pmd_trans_huge() before __pte_alloc() - that's redundant, we're going to have to check for that after the __pte_alloc() anyway. Backport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels. CVE-2024-46787 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46787.html CVE-2024-46787 https://bugzilla.suse.com/1230815 SUSE Bug 1230815 In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. As such, a valid ID is needed. If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible for the entry in cpu_madt_gicc[cpu] == NULL. This function would then cause a NULL pointer dereference. Whilst a path to trigger this has not been established, harden this caller against the possibility. CVE-2024-46822 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46822.html CVE-2024-46822 https://bugzilla.suse.com/1231120 SUSE Bug 1231120 In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes data to NOR chip. dd if=3b of=/dev/mtd0 [ 36.926103] ================================================================== [ 36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838 [ 36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455 [ 36.946721] [ 36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070 [ 36.956185] Hardware name: Freescale i.MX8QM MEK (DT) [ 36.961260] Call trace: [ 36.963723] dump_backtrace+0x90/0xe8 [ 36.967414] show_stack+0x18/0x24 [ 36.970749] dump_stack_lvl+0x78/0x90 [ 36.974451] print_report+0x114/0x5cc [ 36.978151] kasan_report+0xa4/0xf0 [ 36.981670] __asan_report_load_n_noabort+0x1c/0x28 [ 36.986587] nxp_fspi_exec_op+0x26ec/0x2838 [ 36.990800] spi_mem_exec_op+0x8ec/0xd30 [ 36.994762] spi_mem_no_dirmap_read+0x190/0x1e0 [ 36.999323] spi_mem_dirmap_write+0x238/0x32c [ 37.003710] spi_nor_write_data+0x220/0x374 [ 37.007932] spi_nor_write+0x110/0x2e8 [ 37.011711] mtd_write_oob_std+0x154/0x1f0 [ 37.015838] mtd_write_oob+0x104/0x1d0 [ 37.019617] mtd_write+0xb8/0x12c [ 37.022953] mtdchar_write+0x224/0x47c [ 37.026732] vfs_write+0x1e4/0x8c8 [ 37.030163] ksys_write+0xec/0x1d0 [ 37.033586] __arm64_sys_write+0x6c/0x9c [ 37.037539] invoke_syscall+0x6c/0x258 [ 37.041327] el0_svc_common.constprop.0+0x160/0x22c [ 37.046244] do_el0_svc+0x44/0x5c [ 37.049589] el0_svc+0x38/0x78 [ 37.052681] el0t_64_sync_handler+0x13c/0x158 [ 37.057077] el0t_64_sync+0x190/0x194 [ 37.060775] [ 37.062274] Allocated by task 455: [ 37.065701] kasan_save_stack+0x2c/0x54 [ 37.069570] kasan_save_track+0x20/0x3c [ 37.073438] kasan_save_alloc_info+0x40/0x54 [ 37.077736] __kasan_kmalloc+0xa0/0xb8 [ 37.081515] __kmalloc_noprof+0x158/0x2f8 [ 37.085563] mtd_kmalloc_up_to+0x120/0x154 [ 37.089690] mtdchar_write+0x130/0x47c [ 37.093469] vfs_write+0x1e4/0x8c8 [ 37.096901] ksys_write+0xec/0x1d0 [ 37.100332] __arm64_sys_write+0x6c/0x9c [ 37.104287] invoke_syscall+0x6c/0x258 [ 37.108064] el0_svc_common.constprop.0+0x160/0x22c [ 37.112972] do_el0_svc+0x44/0x5c [ 37.116319] el0_svc+0x38/0x78 [ 37.119401] el0t_64_sync_handler+0x13c/0x158 [ 37.123788] el0t_64_sync+0x190/0x194 [ 37.127474] [ 37.128977] The buggy address belongs to the object at ffff00081037c2a0 [ 37.128977] which belongs to the cache kmalloc-8 of size 8 [ 37.141177] The buggy address is located 0 bytes inside of [ 37.141177] allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3) [ 37.153465] [ 37.154971] The buggy address belongs to the physical page: [ 37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c [ 37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.175149] page_type: 0xfdffffff(slab) [ 37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000 [ 37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000 [ 37.194553] page dumped because: kasan: bad access detected [ 37.200144] [ 37.201647] Memory state around the buggy address: [ 37.206460] ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 37.213701] ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc [ 37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc [ 37.228186] ^ [ 37.232473] ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.239718] ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.246962] ============================================================== ---truncated--- CVE-2024-46853 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46853.html CVE-2024-46853 https://bugzilla.suse.com/1231083 SUSE Bug 1231083 In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running $ ping -s 11 destination CVE-2024-46854 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46854.html CVE-2024-46854 https://bugzilla.suse.com/1231084 SUSE Bug 1231084 In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array is big enough. Not all panasonic laptops have this many SINF array entries, for example the Toughbook CF-18 model only has 10 SINF array entries. So it only supports the AC+DC brightness entries and mute. Check that the SINF array has a minimum size which covers all AC+DC brightness entries and refuse to load if the SINF array is smaller. For higher SINF indexes hide the sysfs attributes when the SINF array does not contain an entry for that attribute, avoiding show()/store() accessing the array out of bounds and add bounds checking to the probe() and resume() code accessing these. CVE-2024-46859 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.200.1 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.200.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.200.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/ https://www.suse.com/security/cve/CVE-2024-46859.html CVE-2024-46859 https://bugzilla.suse.com/1231089 SUSE Bug 1231089