Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3985-1 Final 1 1 2024-11-13T10:13:36Z current 2024-11-13T10:13:36Z 2024-11-13T10:13:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556). - CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893). - CVE-2022-48957: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() (bsc#1231973). - CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bsc#1231889). - CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976). - CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979). - CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286). - CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191). - CVE-2022-48980: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() (bsc#1232233). - CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070). - CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938). - CVE-2022-49017: tipc: re-fetch skb cb after tipc_msg_validate (bsc#1232004). - CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open (bsc#1232175). - CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797). - CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762). - CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (bsc#1227437). - CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885). - CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709). - CVE-2024-42253: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (bsc#1229005). - CVE-2024-44931: gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1229837). - CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179). - CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429). - CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456). - CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550). - CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715). - CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801). - CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763). - CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774). - CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773). - CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148). - CVE-2024-46811: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (bsc#1231179). - CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191). - CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193). - CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195). - CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197). - CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200). - CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203). - CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115). - CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114). - CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096). - CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105). - CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094). - CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072). - CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073). - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). - CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085). - CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087). - CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439). - CVE-2024-47661: drm/amd/display: Avoid overflow from uint32_t to uint8_t (bsc#1231496). - CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442). - CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502). - CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540). - CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539). - CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673). - CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987). - CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998). - CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857). - CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944). - CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872). - CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942). - CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935). - CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049). - CVE-2024-47720: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (bsc#1232043). - CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116). - CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075). - CVE-2024-47738: wifi: mac80211: do not use rate mask for offchannel TX either (bsc#1232114). - CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124). - CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135). - CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145). - CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174). - CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861). - CVE-2024-49866: tracing/timerlat: Fix a race during cpuhp processing (bsc#1232259). - CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201). - CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200). - CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199). - CVE-2024-49886: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (bsc#1232196). - CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217). - CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220). - CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354). - CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221). - CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355). - CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358). - CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305). - CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332). - CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337). - CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366). - CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369). - CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965). - CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967). - CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968). - CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313). - CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374). - CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361). - CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253). - CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260). - CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368). - CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424). - CVE-2024-49939: wifi: rtw89: avoid to add interface to list twice when SER (bsc#1232381). - CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164). - CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160). - CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155). - CVE-2024-49955: ACPI: battery: Fix possible crash when unregistering a battery hook (bsc#1232154). - CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151). - CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149). - CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395). - CVE-2024-49962: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (bsc#1232314). - CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140). - CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519). - CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105). - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383). - CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104). - CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282). - CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316). - CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085). - CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084). - CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083). - CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442). - CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446). - CVE-2024-50019: kthread: unpark only parked kthread (bsc#1231990). - CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954). - CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950). - CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914). - CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392). - CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907). - CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903). - CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902). - CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418). - CVE-2024-50048: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (bsc#1232310). - CVE-2024-50055: driver core: bus: Fix double free in driver API bus_register() (bsc#1232329). - CVE-2024-50058: serial: protect uart_port_dtr_rts() in uart_shutdown() too (bsc#1232285). - CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345). - CVE-2024-50061: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (bsc#1232263). - CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435). - CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501). The following non-security bugs were fixed: - ACPI: EC: Do not release locks during operation region accesses (stable-fixes). - ACPI: PAD: fix crash in exit_round_robin() (stable-fixes). - ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes). - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes). - ACPI: battery: Call power_supply_changed() when adding hooks (bsc#1232154) - ACPI: battery: Simplify battery hook locking (bsc#1232154) - ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes). - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes). - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes). - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes). - ACPICA: iasl: handle empty connection_node (stable-fixes). - ALSA: asihpi: Fix potential OOB array access (stable-fixes). - ALSA: core: add isascii() check to card ID generator (stable-fixes). - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes). - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes). - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes). - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes). - ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes). - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (git-fixes). - ALSA: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes). - ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes). - ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes). - ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes). - ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes). - ALSA: hda/realtek: Update default depop procedure (git-fixes). - ALSA: hda: Fix kctl->id initialization (git-fixes). - ALSA: hda: cs35l41: fix module autoloading (git-fixes). - ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes). - ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes). - ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes). - ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes). - ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes). - ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes). - ALSA: usb-audio: Define macros for quirk table entries (stable-fixes). - ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes). - ASoC: allow module autoloading for table db1200_pids (stable-fixes). - ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes). - ASoC: intel: fix module autoloading (stable-fixes). - ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: tda7419: fix module autoloading (stable-fixes). - Bluetooth: Call iso_exit() on module unload (git-fixes). - Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes). - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: Remove debugfs directory on module init failure (git-fixes). - Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes). - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes). - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes). - Drop HD-audio conexant patch that caused a regression on Thinkpad (bsc#1228269) - Drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342) - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes). - HID: multitouch: Add support for GT7868Q (stable-fixes). - HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes). - HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes). - Input: adp5589-keys - fix NULL pointer dereference (git-fixes). - Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes). - Input: ads7846 - ratelimit the spi_sync error message (stable-fixes). - Input: goodix - use the new soc_intel_is_byt() helper (stable-fixes). - Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes). - KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes). - KVM: Fix lockdep false negative during host resume (git-fixes). - KVM: Grab a reference to KVM for VM and vCPU stats file descriptors (git-fixes). - KVM: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes). - KVM: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() (git-fixes). - KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes). - KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes). - KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes). - KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes). - KVM: Unconditionally get a ref to /dev/kvm module when creating a VM (git-fixes). - KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes). - KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes). - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes). - KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes). - KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes). - KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes). - KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes). - KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes). - KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes). - KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes). - KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes). - KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes). - KVM: eventfd: Fix false positive RCU usage warning (git-fixes). - KVM: fix memoryleak in kvm_init() (git-fixes). - KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232631). - KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231277). - KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232630). - KVM: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes). - KVM: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k (git-fixes). - KVM: x86: Use a stable condition around all VT-d PI paths (git-fixes). - Makefile.compiler: replace cc-ifversion with compiler-specific macros (bsc#1230414 bsc#1229450). - NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes). - NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes). - NFSD: Mark filecache 'down' if init fails (git-fixes). - NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016). - NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes). - PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes). - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes). - PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019). - PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes). - RDMA/bnxt_re: Add a check for memory allocation (git-fixes) - RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes) - RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes) - RDMA/bnxt_re: Fix the GID table length (git-fixes) - RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes) - RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes) - RDMA/bnxt_re: Return more meaningful error (git-fixes) - RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes) - RDMA/cxgb4: Dump vendor specific QP details (git-fixes) - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes) - RDMA/hns: Remove unused abnormal interrupt of type RAS (git-fixes) - RDMA/irdma: Fix misspelling of 'accept*' (git-fixes) - RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes) - RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes). - RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes). - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes) - RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes) - RDMA/srpt: Make slab cache names unique (git-fixes) - SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes). - SUNRPC: Fixup gss_status tracepoint error output (git-fixes). - SUNRPC: clnt.c: Remove misleading comment (git-fixes). - USB: appledisplay: close race between probe and completion handler (stable-fixes). - USB: misc: cypress_cy7c63: check for short transfer (stable-fixes). - USB: misc: yurex: fix race between read and write (stable-fixes). - USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes). - USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes). - USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes). - Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450). - add bug reference for a mana change (bsc#1229769). - add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036). - afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes). - arm64: cputype: Add Neoverse-N3 definitions (git-fixes) - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes). - arm64: errata: Expand speculative SSBS workaround once more (git-fixes) - arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes) - arm64: probes: Fix simulate_ldr*_literal() (git-fixes) - arm64: probes: Fix uprobes for big-endian kernels (git-fixes) - arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes) - block: print symbolic error name instead of error code (bsc#1231872). - bpf, lsm: Add disabled BPF LSM hook list (git-fixes). - bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes). - bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes). - bpf, x64: Remove tail call detection (git-fixes). - bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes). - bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (bsc#1230414 bsc#1229450). - bpf: Allow helpers to accept pointers with a fixed size (git-fixes). - bpf: Check for helper calls in check_subprogs() (git-fixes). - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes). - bpf: Fix helper writes to read-only maps (git-fixes). - bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375). - bpf: Fix tailcall cases in test_bpf (git-fixes). - bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes). - bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes). - bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes). - bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes). - btf, scripts: Exclude Rust CUs with pahole (bsc#1230414 bsc#1229450). - bus: integrator-lm: fix OF node leak in probe() (git-fixes). - ceph: fix cap ref leak via netfs init_request (bsc#1231383). - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes). - clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885). - clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885). - comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes). - cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes). - crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075) - crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075) - debugfs: fix automount d_fsdata usage (git-fixes). - dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813). - drbd: Add NULL check for net_conf to prevent dereference in state validation (git-fixes). - drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes). - driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes). - drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes). - drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes). - drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (stable-fixes). - drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes). - drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944) - drm/amd/display: Check null pointer before dereferencing se (stable-fixes). - drm/amd/display: Check null pointers before using dc->clk_mgr (stable-fixes). - drm/amd/display: Check stream before comparing them (stable-fixes). - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes). - drm/amd/display: Fix index out of bounds in DCN30 color transformation (stable-fixes). - drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (stable-fixes). - drm/amd/display: Fix index out of bounds in degamma hardware format translation (stable-fixes). - drm/amd/display: Fix system hang while resume with TBT monitor (stable-fixes). - drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (stable-fixes). - drm/amd/display: Initialize get_bytes_per_element's default to 1 (stable-fixes). - drm/amd/display: Round calculated vtotal (stable-fixes). - drm/amd/display: Validate backlight caps are sane (stable-fixes). - drm/amd/pm: ensure the fw_info is not null before using it (stable-fixes). - drm/amd: Guard against bad data for ATIF ACPI method (git-fixes). - drm/amdgpu: Replace one-element array with flexible-array member (stable-fixes). - drm/amdgpu: add raven1 gfxoff quirk (stable-fixes). - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes). - drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes). - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes). - drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes). - drm/amdgpu: properly handle vbios fake edid sizing (git-fixes). - drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes). - drm/msm/dpu: do not always program merge_3d block (git-fixes). - drm/msm/dpu: make sure phys resources are properly initialized (git-fixes). - drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes). - drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes). - drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes). - drm/printer: Allow NULL data in devcoredump printer (stable-fixes). - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes). - drm/radeon: Fix encoder->possible_clones (git-fixes). - drm/radeon: Replace one-element array with flexible-array member (stable-fixes). - drm/radeon: properly handle vbios fake edid sizing (git-fixes). - drm/rockchip: define gamma registers for RK3399 (stable-fixes). - drm/rockchip: support gamma control on RK3399 (stable-fixes). - drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes). - drm/v3d: Stop the active perfmon before being destroyed (git-fixes). - drm/vc4: Stop the active perfmon before being destroyed (git-fixes). - drm/vmwgfx: Handle surface check failure correctly (git-fixes). - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes). - drm: komeda: Fix an issue related to normalized zpos (stable-fixes). - efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes). - erofs: avoid consecutive detection for Highmem memory (git-fixes). - erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF (git-fixes). - erofs: fix pcluster use-after-free on UP platforms (git-fixes). - erofs: fix potential overflow calculating xattr_isize (git-fixes). - erofs: stop parsing non-compact HEAD index if clusterofs is invalid (git-fixes). - exportfs: use pr_debug for unreachable debug statements (git-fixes). - ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201) - fat: fix uninitialized variable (git-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sisfb: Fix strbuf array overflow (stable-fixes). - fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes). - fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes). - fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes). - filelock: fix potential use-after-free in posix_lock_inode (git-fixes). - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes). - fs/namespace: fnic: Switch to use %ptTd (git-fixes). - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes). - fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes). - gpio: aspeed: Add the flush write to ensure the write complete (git-fixes). - gpio: aspeed: Use devm_clk api to manage clock source (git-fixes). - gpio: davinci: fix lazy disable (git-fixes). - hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes). - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes). - hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes). - i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes). - i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk does not work (bsc#1227885). - i2c: imx-lpi2c: use bulk clk API (bsc#1227885). - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes). - i2c: xiic: Fix RX IRQ busy check (stable-fixes). - i2c: xiic: Fix broken locking on tx_msg (stable-fixes). - i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - i2c: xiic: Switch from waitqueue to completion (stable-fixes). - i2c: xiic: Try re-initialization on bus busy timeout (git-fixes). - i2c: xiic: Use devm_clk_get_enabled() (stable-fixes). - i2c: xiic: improve error message when transfer fails to start (stable-fixes). - i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (git-fixes). - ice: Unbind the workqueue (bsc#1231344). - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes). - iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes). - iio: light: opt3001: add missing full-scale range value (git-fixes). - iio: light: veml6030: fix ALS sensor resolution (git-fixes). - iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes). - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes). - ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813). - ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813). - jfs: Fix sanity check in dbMount (git-fixes). - jfs: Fix uaf in dbFreeBits (git-fixes). - jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes). - jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes). - jfs: check if leafidx greater than num leaves per dmap tree (git-fixes). - kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes). - kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes). - kab: fix after net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes). - kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes). - kabi: fix after KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes). - kabi: fix after kvm: add guest_state_{enter,exit}_irqoff() (git-fixes). - kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450). - kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450). - kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450). - kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450). - kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450). - kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450). - kvm/arm64: rework guest entry logic (git-fixes). - kvm: Add support for arch compat vm ioctls (git-fixes). - kvm: add guest_state_{enter,exit}_irqoff() (git-fixes). - media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes). - module: abort module loading when sysfs setup suffer errors (git-fixes). - nbd: fix race between timeout and normal completion (bsc#1230918). - net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797) - net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes). - net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891). - net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289). - net: socket: suppress unused warning (git-fixes). - net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes). - net: usb: usbnet: fix name regression (git-fixes). - netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes). - nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes). - nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes). - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes). - nfsd: fix refcount leak when file is unhashed after being found (git-fixes). - nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes). - nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes). - nfsd: return -EINVAL when namelen is 0 (git-fixes). - nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes). - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes). - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (stable-fixes). - nvme-multipath: system fails to create generic nvme device (git-fixes). - nvme-pci: qdepth 1 quirk (git-fixes). - nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes). - ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes). - ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes). - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes). - parport: Proper fix for array out-of-bounds access (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes). - platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes). - power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes). - powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869). - powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869). - powerpc/boot: Only free if realloc() succeeds (bsc#1194869). - powerpc/code-patching: Add generic memory patching (bsc#1194869). - powerpc/code-patching: Consolidate and cache per-cpu patching context (bsc#1194869). - powerpc/code-patching: Do not call is_vmalloc_or_module_addr() without CONFIG_MODULES (bsc#1194869). - powerpc/code-patching: Fix error handling in do_patch_instruction() (bsc#1194869). - powerpc/code-patching: Fix oops with DEBUG_VM enabled (bsc#1194869). - powerpc/code-patching: Fix unmap_patch_area() error handling (bsc#1194869). - powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869). - powerpc/code-patching: Pre-map patch area (bsc#1194869). - powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX (bsc#1194869). - powerpc/code-patching: Remove pr_debug()/pr_devel() messages and fix check() (bsc#1194869). - powerpc/code-patching: Reorganise do_patch_instruction() to ease error handling (bsc#1194869). - powerpc/code-patching: Speed up page mapping/unmapping (bsc#1194869). - powerpc/code-patching: Use WARN_ON and fix check in poking_init (bsc#1194869). - powerpc/code-patching: Use jump_label to check if poking_init() is done (bsc#1194869). - powerpc/code-patching: Use temporary mm for Radix MMU (bsc#1194869). - powerpc/code-patching: introduce patch_instructions() (bsc#1194869). - powerpc/ftrace: Use patch_instruction() return directly (bsc#1194869). - powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes). - powerpc/imc-pmu: Use the correct spinlock initializer (bsc#1054914 git-fixes). - powerpc/inst: Refactor ___get_user_instr() (bsc#1194869). - powerpc/lib: Add __init attribute to eligible functions (bsc#1194869). - powerpc/tlb: Add local flush for page given mm_struct and psize (bsc#1194869). - powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869). - powerpc/vdso: Merge vdso64 and vdso32 into a single directory (bsc#1194869). - powerpc/vdso: Rework VDSO32 makefile to add a prefix to object files (bsc#1194869). - powerpc/vdso: augment VDSO32 functions to support 64 bits build (bsc#1194869). - powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869). - powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729). - powerpc: Allow clearing and restoring registers independent of saved breakpoint state (bsc#1194869). - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631). - rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327) - s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747). - s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232632). - sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327) - scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes). - scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes). - scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes). - scsi: core: Handle devices which return an unusually large VPD page count (git-fixes). - scsi: core: alua: I/O errors for ALUA state transitions (git-fixes). - scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (git-fixes). - scsi: fnic: Move flush_work initialization out of if block (bsc#1230055). - scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes). - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes). - scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes). - scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757). - scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757). - scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757). - scsi: lpfc: Remove trailing space after \n newline (bsc#1232757). - scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (git-fixes). - scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757). - scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757). - scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757). - scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757). - scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes). - scsi: mac_scsi: Refactor polling loop (git-fixes). - scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes). - scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes). - scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes). - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes). - scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes). - scsi: smartpqi: correct stream detection (git-fixes). - scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes). - scsi: spi: Fix sshdr use (git-fixes). - scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes). - selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes). - selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes). - selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes). - selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes). - selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes). - spi: bcm63xx: Enable module autoloading (stable-fixes). - spi: bcm63xx: Fix module autoloading (git-fixes). - spi: lpspi: Silence error message upon deferred probe (stable-fixes). - spi: lpspi: Simplify some error message (git-fixes). - spi: lpspi: release requested DMA channels (stable-fixes). - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes). - spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes). - spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes). - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes). - static_call: Do not make __static_call_return0 static (git-fixes). - tracing/hwlat: Fix a race during cpuhp processing (git-fixes). - tracing/uprobes: Use trace_event_buffer_reserve() helper (git-fixes). - tracing: Consider the NULL character when validating the event length (git-fixes). - uprobe: avoid out-of-bounds memory access of fetching args (git-fixes). - uprobes: encapsulate preparation of uprobe args buffer (git-fixes). - usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes). - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes). - usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes). - usb: gadget: core: force synchronous registration (git-fixes). - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes). - usb: typec: altmode should keep reference to parent (git-fixes). - usb: xhci: Fix problem with xhci resume from suspend (stable-fixes). - usb: yurex: Fix inconsistent locking bug in yurex_read() (git-fixes). - usb: yurex: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usbnet: ipheth: fix carrier detection in modes 1 and 4 (stable-fixes). - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes). - vhost_vdpa: assign irq bypass producer token correctly (git-fixes). - virtio-net: synchronize probe with ndo_set_features (git-fixes). - virtio_console: fix misc probe bugs (git-fixes). - virtio_net: fixing XDP for fully checksummed packets handling (git-fixes). - vmxnet3: add command to allow disabling of offloads (bsc#1226498). - vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498). - vmxnet3: prepare for version 9 changes (bsc#1226498). - vmxnet3: update to version 9 (bsc#1226498). - vsock/virtio: fix packet delivery to tap device (git-fixes). - wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes). - wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes). - wifi: ath9k: fix parameter check in ath9k_init_debug() (stable-fixes). - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes). - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes). - wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes). - wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes). - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes). - wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes). - workqueue: Avoid using isolated cpus' timers on (bsc#1231327) - workqueue: mark power efficient workqueue as unbounded if (bsc#1231327) - x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes). - x86/bugs: Skip RSB fill at VMEXIT (git-fixes). - x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes). - x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes). - x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes). - x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes). - x86/kaslr: Expose and use the end of the physical memory address space (bsc#1230405). - xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813). - xhci: Fix incorrect stream context type macro (git-fixes). - xhci: Mitigate failed set dequeue pointer commands (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro/rt-5.5:latest-2024-3985,SUSE-2024-3985,SUSE-SLE-Micro-5.5-2024-3985,SUSE-SLE-Module-Live-Patching-15-SP5-2024-3985,SUSE-SLE-Module-RT-15-SP5-2024-3985,openSUSE-Leap-Micro-5.5-2024-3985,openSUSE-SLE-15.5-2024-3985 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ Link for SUSE-SU-2024:3985-1 https://lists.suse.com/pipermail/sle-security-updates/2024-November/019814.html E-Mail link for SUSE-SU-2024:3985-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1054914 SUSE Bug 1054914 https://bugzilla.suse.com/1065729 SUSE Bug 1065729 https://bugzilla.suse.com/1194869 SUSE Bug 1194869 https://bugzilla.suse.com/1204171 SUSE Bug 1204171 https://bugzilla.suse.com/1205796 SUSE Bug 1205796 https://bugzilla.suse.com/1206188 SUSE Bug 1206188 https://bugzilla.suse.com/1206344 SUSE Bug 1206344 https://bugzilla.suse.com/1209290 SUSE Bug 1209290 https://bugzilla.suse.com/1210449 SUSE Bug 1210449 https://bugzilla.suse.com/1210627 SUSE Bug 1210627 https://bugzilla.suse.com/1213034 SUSE Bug 1213034 https://bugzilla.suse.com/1216813 SUSE Bug 1216813 https://bugzilla.suse.com/1218562 SUSE Bug 1218562 https://bugzilla.suse.com/1223384 SUSE Bug 1223384 https://bugzilla.suse.com/1223524 SUSE Bug 1223524 https://bugzilla.suse.com/1223824 SUSE Bug 1223824 https://bugzilla.suse.com/1225189 SUSE Bug 1225189 https://bugzilla.suse.com/1225336 SUSE Bug 1225336 https://bugzilla.suse.com/1225611 SUSE Bug 1225611 https://bugzilla.suse.com/1225762 SUSE Bug 1225762 https://bugzilla.suse.com/1226498 SUSE Bug 1226498 https://bugzilla.suse.com/1226631 SUSE Bug 1226631 https://bugzilla.suse.com/1226797 SUSE Bug 1226797 https://bugzilla.suse.com/1227437 SUSE Bug 1227437 https://bugzilla.suse.com/1227885 SUSE Bug 1227885 https://bugzilla.suse.com/1228119 SUSE Bug 1228119 https://bugzilla.suse.com/1228269 SUSE Bug 1228269 https://bugzilla.suse.com/1228709 SUSE Bug 1228709 https://bugzilla.suse.com/1228743 SUSE Bug 1228743 https://bugzilla.suse.com/1228747 SUSE Bug 1228747 https://bugzilla.suse.com/1229005 SUSE Bug 1229005 https://bugzilla.suse.com/1229019 SUSE Bug 1229019 https://bugzilla.suse.com/1229450 SUSE Bug 1229450 https://bugzilla.suse.com/1229454 SUSE Bug 1229454 https://bugzilla.suse.com/1229456 SUSE Bug 1229456 https://bugzilla.suse.com/1229556 SUSE Bug 1229556 https://bugzilla.suse.com/1229769 SUSE Bug 1229769 https://bugzilla.suse.com/1229837 SUSE Bug 1229837 https://bugzilla.suse.com/1229891 SUSE Bug 1229891 https://bugzilla.suse.com/1230055 SUSE Bug 1230055 https://bugzilla.suse.com/1230179 SUSE Bug 1230179 https://bugzilla.suse.com/1230289 SUSE Bug 1230289 https://bugzilla.suse.com/1230405 SUSE Bug 1230405 https://bugzilla.suse.com/1230414 SUSE Bug 1230414 https://bugzilla.suse.com/1230429 SUSE Bug 1230429 https://bugzilla.suse.com/1230456 SUSE Bug 1230456 https://bugzilla.suse.com/1230550 SUSE Bug 1230550 https://bugzilla.suse.com/1230600 SUSE Bug 1230600 https://bugzilla.suse.com/1230620 SUSE Bug 1230620 https://bugzilla.suse.com/1230715 SUSE Bug 1230715 https://bugzilla.suse.com/1230722 SUSE Bug 1230722 https://bugzilla.suse.com/1230763 SUSE Bug 1230763 https://bugzilla.suse.com/1230773 SUSE Bug 1230773 https://bugzilla.suse.com/1230774 SUSE Bug 1230774 https://bugzilla.suse.com/1230801 SUSE Bug 1230801 https://bugzilla.suse.com/1230903 SUSE Bug 1230903 https://bugzilla.suse.com/1230918 SUSE Bug 1230918 https://bugzilla.suse.com/1231016 SUSE Bug 1231016 https://bugzilla.suse.com/1231072 SUSE Bug 1231072 https://bugzilla.suse.com/1231073 SUSE Bug 1231073 https://bugzilla.suse.com/1231084 SUSE Bug 1231084 https://bugzilla.suse.com/1231085 SUSE Bug 1231085 https://bugzilla.suse.com/1231087 SUSE Bug 1231087 https://bugzilla.suse.com/1231094 SUSE Bug 1231094 https://bugzilla.suse.com/1231096 SUSE Bug 1231096 https://bugzilla.suse.com/1231105 SUSE Bug 1231105 https://bugzilla.suse.com/1231114 SUSE Bug 1231114 https://bugzilla.suse.com/1231115 SUSE Bug 1231115 https://bugzilla.suse.com/1231148 SUSE Bug 1231148 https://bugzilla.suse.com/1231179 SUSE Bug 1231179 https://bugzilla.suse.com/1231191 SUSE Bug 1231191 https://bugzilla.suse.com/1231193 SUSE Bug 1231193 https://bugzilla.suse.com/1231195 SUSE Bug 1231195 https://bugzilla.suse.com/1231197 SUSE Bug 1231197 https://bugzilla.suse.com/1231200 SUSE Bug 1231200 https://bugzilla.suse.com/1231203 SUSE Bug 1231203 https://bugzilla.suse.com/1231277 SUSE Bug 1231277 https://bugzilla.suse.com/1231293 SUSE Bug 1231293 https://bugzilla.suse.com/1231327 SUSE Bug 1231327 https://bugzilla.suse.com/1231344 SUSE Bug 1231344 https://bugzilla.suse.com/1231375 SUSE Bug 1231375 https://bugzilla.suse.com/1231383 SUSE Bug 1231383 https://bugzilla.suse.com/1231439 SUSE Bug 1231439 https://bugzilla.suse.com/1231442 SUSE Bug 1231442 https://bugzilla.suse.com/1231496 SUSE Bug 1231496 https://bugzilla.suse.com/1231502 SUSE Bug 1231502 https://bugzilla.suse.com/1231539 SUSE Bug 1231539 https://bugzilla.suse.com/1231540 SUSE Bug 1231540 https://bugzilla.suse.com/1231578 SUSE Bug 1231578 https://bugzilla.suse.com/1231673 SUSE Bug 1231673 https://bugzilla.suse.com/1231857 SUSE Bug 1231857 https://bugzilla.suse.com/1231861 SUSE Bug 1231861 https://bugzilla.suse.com/1231872 SUSE Bug 1231872 https://bugzilla.suse.com/1231883 SUSE Bug 1231883 https://bugzilla.suse.com/1231885 SUSE Bug 1231885 https://bugzilla.suse.com/1231887 SUSE Bug 1231887 https://bugzilla.suse.com/1231888 SUSE Bug 1231888 https://bugzilla.suse.com/1231889 SUSE Bug 1231889 https://bugzilla.suse.com/1231890 SUSE Bug 1231890 https://bugzilla.suse.com/1231892 SUSE Bug 1231892 https://bugzilla.suse.com/1231893 SUSE Bug 1231893 https://bugzilla.suse.com/1231895 SUSE Bug 1231895 https://bugzilla.suse.com/1231896 SUSE Bug 1231896 https://bugzilla.suse.com/1231897 SUSE Bug 1231897 https://bugzilla.suse.com/1231902 SUSE Bug 1231902 https://bugzilla.suse.com/1231903 SUSE Bug 1231903 https://bugzilla.suse.com/1231907 SUSE Bug 1231907 https://bugzilla.suse.com/1231914 SUSE Bug 1231914 https://bugzilla.suse.com/1231929 SUSE Bug 1231929 https://bugzilla.suse.com/1231935 SUSE Bug 1231935 https://bugzilla.suse.com/1231936 SUSE Bug 1231936 https://bugzilla.suse.com/1231937 SUSE Bug 1231937 https://bugzilla.suse.com/1231938 SUSE Bug 1231938 https://bugzilla.suse.com/1231939 SUSE Bug 1231939 https://bugzilla.suse.com/1231940 SUSE Bug 1231940 https://bugzilla.suse.com/1231941 SUSE Bug 1231941 https://bugzilla.suse.com/1231942 SUSE Bug 1231942 https://bugzilla.suse.com/1231944 SUSE Bug 1231944 https://bugzilla.suse.com/1231950 SUSE Bug 1231950 https://bugzilla.suse.com/1231954 SUSE Bug 1231954 https://bugzilla.suse.com/1231958 SUSE Bug 1231958 https://bugzilla.suse.com/1231960 SUSE Bug 1231960 https://bugzilla.suse.com/1231961 SUSE Bug 1231961 https://bugzilla.suse.com/1231962 SUSE Bug 1231962 https://bugzilla.suse.com/1231965 SUSE Bug 1231965 https://bugzilla.suse.com/1231967 SUSE Bug 1231967 https://bugzilla.suse.com/1231968 SUSE Bug 1231968 https://bugzilla.suse.com/1231972 SUSE Bug 1231972 https://bugzilla.suse.com/1231973 SUSE Bug 1231973 https://bugzilla.suse.com/1231976 SUSE Bug 1231976 https://bugzilla.suse.com/1231979 SUSE Bug 1231979 https://bugzilla.suse.com/1231987 SUSE Bug 1231987 https://bugzilla.suse.com/1231988 SUSE Bug 1231988 https://bugzilla.suse.com/1231990 SUSE Bug 1231990 https://bugzilla.suse.com/1231991 SUSE Bug 1231991 https://bugzilla.suse.com/1231992 SUSE Bug 1231992 https://bugzilla.suse.com/1231995 SUSE Bug 1231995 https://bugzilla.suse.com/1231996 SUSE Bug 1231996 https://bugzilla.suse.com/1231997 SUSE Bug 1231997 https://bugzilla.suse.com/1231998 SUSE Bug 1231998 https://bugzilla.suse.com/1232001 SUSE Bug 1232001 https://bugzilla.suse.com/1232004 SUSE Bug 1232004 https://bugzilla.suse.com/1232005 SUSE Bug 1232005 https://bugzilla.suse.com/1232006 SUSE Bug 1232006 https://bugzilla.suse.com/1232007 SUSE Bug 1232007 https://bugzilla.suse.com/1232025 SUSE Bug 1232025 https://bugzilla.suse.com/1232026 SUSE Bug 1232026 https://bugzilla.suse.com/1232033 SUSE Bug 1232033 https://bugzilla.suse.com/1232034 SUSE Bug 1232034 https://bugzilla.suse.com/1232035 SUSE Bug 1232035 https://bugzilla.suse.com/1232036 SUSE Bug 1232036 https://bugzilla.suse.com/1232037 SUSE Bug 1232037 https://bugzilla.suse.com/1232038 SUSE Bug 1232038 https://bugzilla.suse.com/1232039 SUSE Bug 1232039 https://bugzilla.suse.com/1232043 SUSE Bug 1232043 https://bugzilla.suse.com/1232049 SUSE Bug 1232049 https://bugzilla.suse.com/1232067 SUSE Bug 1232067 https://bugzilla.suse.com/1232069 SUSE Bug 1232069 https://bugzilla.suse.com/1232070 SUSE Bug 1232070 https://bugzilla.suse.com/1232071 SUSE Bug 1232071 https://bugzilla.suse.com/1232075 SUSE Bug 1232075 https://bugzilla.suse.com/1232083 SUSE Bug 1232083 https://bugzilla.suse.com/1232084 SUSE Bug 1232084 https://bugzilla.suse.com/1232085 SUSE Bug 1232085 https://bugzilla.suse.com/1232089 SUSE Bug 1232089 https://bugzilla.suse.com/1232097 SUSE Bug 1232097 https://bugzilla.suse.com/1232104 SUSE Bug 1232104 https://bugzilla.suse.com/1232105 SUSE Bug 1232105 https://bugzilla.suse.com/1232108 SUSE Bug 1232108 https://bugzilla.suse.com/1232114 SUSE Bug 1232114 https://bugzilla.suse.com/1232116 SUSE Bug 1232116 https://bugzilla.suse.com/1232119 SUSE Bug 1232119 https://bugzilla.suse.com/1232120 SUSE Bug 1232120 https://bugzilla.suse.com/1232123 SUSE Bug 1232123 https://bugzilla.suse.com/1232124 SUSE Bug 1232124 https://bugzilla.suse.com/1232133 SUSE Bug 1232133 https://bugzilla.suse.com/1232135 SUSE Bug 1232135 https://bugzilla.suse.com/1232136 SUSE Bug 1232136 https://bugzilla.suse.com/1232140 SUSE Bug 1232140 https://bugzilla.suse.com/1232145 SUSE Bug 1232145 https://bugzilla.suse.com/1232149 SUSE Bug 1232149 https://bugzilla.suse.com/1232150 SUSE Bug 1232150 https://bugzilla.suse.com/1232151 SUSE Bug 1232151 https://bugzilla.suse.com/1232154 SUSE Bug 1232154 https://bugzilla.suse.com/1232155 SUSE Bug 1232155 https://bugzilla.suse.com/1232160 SUSE Bug 1232160 https://bugzilla.suse.com/1232163 SUSE Bug 1232163 https://bugzilla.suse.com/1232164 SUSE Bug 1232164 https://bugzilla.suse.com/1232170 SUSE Bug 1232170 https://bugzilla.suse.com/1232172 SUSE Bug 1232172 https://bugzilla.suse.com/1232174 SUSE Bug 1232174 https://bugzilla.suse.com/1232175 SUSE Bug 1232175 https://bugzilla.suse.com/1232191 SUSE Bug 1232191 https://bugzilla.suse.com/1232196 SUSE Bug 1232196 https://bugzilla.suse.com/1232199 SUSE Bug 1232199 https://bugzilla.suse.com/1232200 SUSE Bug 1232200 https://bugzilla.suse.com/1232201 SUSE Bug 1232201 https://bugzilla.suse.com/1232217 SUSE Bug 1232217 https://bugzilla.suse.com/1232220 SUSE Bug 1232220 https://bugzilla.suse.com/1232221 SUSE Bug 1232221 https://bugzilla.suse.com/1232229 SUSE Bug 1232229 https://bugzilla.suse.com/1232233 SUSE Bug 1232233 https://bugzilla.suse.com/1232237 SUSE Bug 1232237 https://bugzilla.suse.com/1232251 SUSE Bug 1232251 https://bugzilla.suse.com/1232253 SUSE Bug 1232253 https://bugzilla.suse.com/1232259 SUSE Bug 1232259 https://bugzilla.suse.com/1232260 SUSE Bug 1232260 https://bugzilla.suse.com/1232262 SUSE Bug 1232262 https://bugzilla.suse.com/1232263 SUSE Bug 1232263 https://bugzilla.suse.com/1232282 SUSE Bug 1232282 https://bugzilla.suse.com/1232285 SUSE Bug 1232285 https://bugzilla.suse.com/1232286 SUSE Bug 1232286 https://bugzilla.suse.com/1232304 SUSE Bug 1232304 https://bugzilla.suse.com/1232305 SUSE Bug 1232305 https://bugzilla.suse.com/1232307 SUSE Bug 1232307 https://bugzilla.suse.com/1232309 SUSE Bug 1232309 https://bugzilla.suse.com/1232310 SUSE Bug 1232310 https://bugzilla.suse.com/1232313 SUSE Bug 1232313 https://bugzilla.suse.com/1232314 SUSE Bug 1232314 https://bugzilla.suse.com/1232316 SUSE Bug 1232316 https://bugzilla.suse.com/1232329 SUSE Bug 1232329 https://bugzilla.suse.com/1232332 SUSE Bug 1232332 https://bugzilla.suse.com/1232335 SUSE Bug 1232335 https://bugzilla.suse.com/1232337 SUSE Bug 1232337 https://bugzilla.suse.com/1232342 SUSE Bug 1232342 https://bugzilla.suse.com/1232345 SUSE Bug 1232345 https://bugzilla.suse.com/1232352 SUSE Bug 1232352 https://bugzilla.suse.com/1232354 SUSE Bug 1232354 https://bugzilla.suse.com/1232355 SUSE Bug 1232355 https://bugzilla.suse.com/1232358 SUSE Bug 1232358 https://bugzilla.suse.com/1232361 SUSE Bug 1232361 https://bugzilla.suse.com/1232366 SUSE Bug 1232366 https://bugzilla.suse.com/1232367 SUSE Bug 1232367 https://bugzilla.suse.com/1232368 SUSE Bug 1232368 https://bugzilla.suse.com/1232369 SUSE Bug 1232369 https://bugzilla.suse.com/1232374 SUSE Bug 1232374 https://bugzilla.suse.com/1232381 SUSE Bug 1232381 https://bugzilla.suse.com/1232383 SUSE Bug 1232383 https://bugzilla.suse.com/1232392 SUSE Bug 1232392 https://bugzilla.suse.com/1232395 SUSE Bug 1232395 https://bugzilla.suse.com/1232418 SUSE Bug 1232418 https://bugzilla.suse.com/1232424 SUSE Bug 1232424 https://bugzilla.suse.com/1232432 SUSE Bug 1232432 https://bugzilla.suse.com/1232435 SUSE Bug 1232435 https://bugzilla.suse.com/1232442 SUSE Bug 1232442 https://bugzilla.suse.com/1232446 SUSE Bug 1232446 https://bugzilla.suse.com/1232501 SUSE Bug 1232501 https://bugzilla.suse.com/1232519 SUSE Bug 1232519 https://bugzilla.suse.com/1232630 SUSE Bug 1232630 https://bugzilla.suse.com/1232631 SUSE Bug 1232631 https://bugzilla.suse.com/1232632 SUSE Bug 1232632 https://bugzilla.suse.com/1232757 SUSE Bug 1232757 https://www.suse.com/security/cve/CVE-2021-47416/ SUSE CVE CVE-2021-47416 page https://www.suse.com/security/cve/CVE-2021-47534/ SUSE CVE CVE-2021-47534 page https://www.suse.com/security/cve/CVE-2022-3435/ SUSE CVE CVE-2022-3435 page https://www.suse.com/security/cve/CVE-2022-45934/ SUSE CVE CVE-2022-45934 page https://www.suse.com/security/cve/CVE-2022-48664/ SUSE CVE CVE-2022-48664 page https://www.suse.com/security/cve/CVE-2022-48879/ SUSE CVE CVE-2022-48879 page https://www.suse.com/security/cve/CVE-2022-48946/ SUSE CVE CVE-2022-48946 page https://www.suse.com/security/cve/CVE-2022-48947/ SUSE CVE CVE-2022-48947 page https://www.suse.com/security/cve/CVE-2022-48948/ SUSE CVE CVE-2022-48948 page https://www.suse.com/security/cve/CVE-2022-48949/ SUSE CVE CVE-2022-48949 page https://www.suse.com/security/cve/CVE-2022-48951/ SUSE CVE CVE-2022-48951 page https://www.suse.com/security/cve/CVE-2022-48953/ SUSE CVE CVE-2022-48953 page https://www.suse.com/security/cve/CVE-2022-48954/ SUSE CVE CVE-2022-48954 page https://www.suse.com/security/cve/CVE-2022-48955/ SUSE CVE CVE-2022-48955 page https://www.suse.com/security/cve/CVE-2022-48956/ SUSE CVE CVE-2022-48956 page https://www.suse.com/security/cve/CVE-2022-48957/ SUSE CVE CVE-2022-48957 page https://www.suse.com/security/cve/CVE-2022-48958/ SUSE CVE CVE-2022-48958 page https://www.suse.com/security/cve/CVE-2022-48959/ SUSE CVE CVE-2022-48959 page https://www.suse.com/security/cve/CVE-2022-48960/ SUSE CVE CVE-2022-48960 page https://www.suse.com/security/cve/CVE-2022-48961/ SUSE CVE CVE-2022-48961 page https://www.suse.com/security/cve/CVE-2022-48962/ SUSE CVE CVE-2022-48962 page https://www.suse.com/security/cve/CVE-2022-48966/ SUSE CVE CVE-2022-48966 page https://www.suse.com/security/cve/CVE-2022-48967/ SUSE CVE CVE-2022-48967 page https://www.suse.com/security/cve/CVE-2022-48968/ SUSE CVE CVE-2022-48968 page https://www.suse.com/security/cve/CVE-2022-48969/ SUSE CVE CVE-2022-48969 page https://www.suse.com/security/cve/CVE-2022-48970/ SUSE CVE CVE-2022-48970 page https://www.suse.com/security/cve/CVE-2022-48971/ SUSE CVE CVE-2022-48971 page https://www.suse.com/security/cve/CVE-2022-48972/ SUSE CVE CVE-2022-48972 page https://www.suse.com/security/cve/CVE-2022-48973/ SUSE CVE CVE-2022-48973 page https://www.suse.com/security/cve/CVE-2022-48975/ SUSE CVE CVE-2022-48975 page https://www.suse.com/security/cve/CVE-2022-48977/ SUSE CVE CVE-2022-48977 page https://www.suse.com/security/cve/CVE-2022-48978/ SUSE CVE CVE-2022-48978 page https://www.suse.com/security/cve/CVE-2022-48980/ SUSE CVE CVE-2022-48980 page https://www.suse.com/security/cve/CVE-2022-48981/ SUSE CVE CVE-2022-48981 page https://www.suse.com/security/cve/CVE-2022-48985/ SUSE CVE CVE-2022-48985 page https://www.suse.com/security/cve/CVE-2022-48987/ SUSE CVE CVE-2022-48987 page https://www.suse.com/security/cve/CVE-2022-48988/ SUSE CVE CVE-2022-48988 page https://www.suse.com/security/cve/CVE-2022-48991/ SUSE CVE CVE-2022-48991 page https://www.suse.com/security/cve/CVE-2022-48992/ SUSE CVE CVE-2022-48992 page https://www.suse.com/security/cve/CVE-2022-48994/ SUSE CVE CVE-2022-48994 page https://www.suse.com/security/cve/CVE-2022-48995/ SUSE CVE CVE-2022-48995 page https://www.suse.com/security/cve/CVE-2022-48997/ SUSE CVE CVE-2022-48997 page https://www.suse.com/security/cve/CVE-2022-48999/ SUSE CVE CVE-2022-48999 page https://www.suse.com/security/cve/CVE-2022-49000/ SUSE CVE CVE-2022-49000 page https://www.suse.com/security/cve/CVE-2022-49002/ SUSE CVE CVE-2022-49002 page https://www.suse.com/security/cve/CVE-2022-49003/ SUSE CVE CVE-2022-49003 page https://www.suse.com/security/cve/CVE-2022-49005/ SUSE CVE CVE-2022-49005 page https://www.suse.com/security/cve/CVE-2022-49006/ SUSE CVE CVE-2022-49006 page https://www.suse.com/security/cve/CVE-2022-49007/ SUSE CVE CVE-2022-49007 page https://www.suse.com/security/cve/CVE-2022-49010/ SUSE CVE CVE-2022-49010 page https://www.suse.com/security/cve/CVE-2022-49011/ SUSE CVE CVE-2022-49011 page https://www.suse.com/security/cve/CVE-2022-49012/ SUSE CVE CVE-2022-49012 page https://www.suse.com/security/cve/CVE-2022-49014/ SUSE CVE CVE-2022-49014 page https://www.suse.com/security/cve/CVE-2022-49015/ SUSE CVE CVE-2022-49015 page https://www.suse.com/security/cve/CVE-2022-49016/ SUSE CVE CVE-2022-49016 page https://www.suse.com/security/cve/CVE-2022-49017/ SUSE CVE CVE-2022-49017 page https://www.suse.com/security/cve/CVE-2022-49019/ SUSE CVE CVE-2022-49019 page https://www.suse.com/security/cve/CVE-2022-49020/ SUSE CVE CVE-2022-49020 page https://www.suse.com/security/cve/CVE-2022-49021/ SUSE CVE CVE-2022-49021 page https://www.suse.com/security/cve/CVE-2022-49022/ SUSE CVE CVE-2022-49022 page https://www.suse.com/security/cve/CVE-2022-49023/ SUSE CVE CVE-2022-49023 page https://www.suse.com/security/cve/CVE-2022-49024/ SUSE CVE CVE-2022-49024 page https://www.suse.com/security/cve/CVE-2022-49025/ SUSE CVE CVE-2022-49025 page https://www.suse.com/security/cve/CVE-2022-49026/ SUSE CVE CVE-2022-49026 page https://www.suse.com/security/cve/CVE-2022-49027/ SUSE CVE CVE-2022-49027 page https://www.suse.com/security/cve/CVE-2022-49028/ SUSE CVE CVE-2022-49028 page https://www.suse.com/security/cve/CVE-2022-49029/ SUSE CVE CVE-2022-49029 page https://www.suse.com/security/cve/CVE-2022-49031/ SUSE CVE CVE-2022-49031 page https://www.suse.com/security/cve/CVE-2022-49032/ SUSE CVE CVE-2022-49032 page https://www.suse.com/security/cve/CVE-2023-2166/ SUSE CVE CVE-2023-2166 page https://www.suse.com/security/cve/CVE-2023-28327/ SUSE CVE CVE-2023-28327 page https://www.suse.com/security/cve/CVE-2023-52766/ SUSE CVE CVE-2023-52766 page https://www.suse.com/security/cve/CVE-2023-52800/ SUSE CVE CVE-2023-52800 page https://www.suse.com/security/cve/CVE-2023-52881/ SUSE CVE CVE-2023-52881 page https://www.suse.com/security/cve/CVE-2023-52919/ SUSE CVE CVE-2023-52919 page https://www.suse.com/security/cve/CVE-2023-6270/ SUSE CVE CVE-2023-6270 page https://www.suse.com/security/cve/CVE-2024-27043/ SUSE CVE CVE-2024-27043 page https://www.suse.com/security/cve/CVE-2024-36244/ SUSE CVE CVE-2024-36244 page https://www.suse.com/security/cve/CVE-2024-36957/ SUSE CVE CVE-2024-36957 page https://www.suse.com/security/cve/CVE-2024-39476/ SUSE CVE CVE-2024-39476 page https://www.suse.com/security/cve/CVE-2024-40965/ SUSE CVE CVE-2024-40965 page https://www.suse.com/security/cve/CVE-2024-42145/ SUSE CVE CVE-2024-42145 page https://www.suse.com/security/cve/CVE-2024-42226/ SUSE CVE CVE-2024-42226 page https://www.suse.com/security/cve/CVE-2024-42253/ SUSE CVE CVE-2024-42253 page https://www.suse.com/security/cve/CVE-2024-44931/ SUSE CVE CVE-2024-44931 page https://www.suse.com/security/cve/CVE-2024-44947/ SUSE CVE CVE-2024-44947 page https://www.suse.com/security/cve/CVE-2024-44958/ SUSE CVE CVE-2024-44958 page https://www.suse.com/security/cve/CVE-2024-45016/ SUSE CVE CVE-2024-45016 page https://www.suse.com/security/cve/CVE-2024-45025/ SUSE CVE CVE-2024-45025 page https://www.suse.com/security/cve/CVE-2024-46678/ SUSE CVE CVE-2024-46678 page https://www.suse.com/security/cve/CVE-2024-46716/ SUSE CVE CVE-2024-46716 page https://www.suse.com/security/cve/CVE-2024-46719/ SUSE CVE CVE-2024-46719 page https://www.suse.com/security/cve/CVE-2024-46754/ SUSE CVE CVE-2024-46754 page https://www.suse.com/security/cve/CVE-2024-46770/ SUSE CVE CVE-2024-46770 page https://www.suse.com/security/cve/CVE-2024-46775/ SUSE CVE CVE-2024-46775 page https://www.suse.com/security/cve/CVE-2024-46777/ SUSE CVE CVE-2024-46777 page https://www.suse.com/security/cve/CVE-2024-46809/ SUSE CVE CVE-2024-46809 page https://www.suse.com/security/cve/CVE-2024-46811/ SUSE CVE CVE-2024-46811 page https://www.suse.com/security/cve/CVE-2024-46813/ SUSE CVE CVE-2024-46813 page https://www.suse.com/security/cve/CVE-2024-46814/ SUSE CVE CVE-2024-46814 page https://www.suse.com/security/cve/CVE-2024-46815/ SUSE CVE CVE-2024-46815 page https://www.suse.com/security/cve/CVE-2024-46816/ SUSE CVE CVE-2024-46816 page https://www.suse.com/security/cve/CVE-2024-46817/ SUSE CVE CVE-2024-46817 page https://www.suse.com/security/cve/CVE-2024-46818/ SUSE CVE CVE-2024-46818 page https://www.suse.com/security/cve/CVE-2024-46826/ SUSE CVE CVE-2024-46826 page https://www.suse.com/security/cve/CVE-2024-46828/ SUSE CVE CVE-2024-46828 page https://www.suse.com/security/cve/CVE-2024-46834/ SUSE CVE CVE-2024-46834 page https://www.suse.com/security/cve/CVE-2024-46840/ SUSE CVE CVE-2024-46840 page https://www.suse.com/security/cve/CVE-2024-46841/ SUSE CVE CVE-2024-46841 page https://www.suse.com/security/cve/CVE-2024-46848/ SUSE CVE CVE-2024-46848 page https://www.suse.com/security/cve/CVE-2024-46849/ SUSE CVE CVE-2024-46849 page https://www.suse.com/security/cve/CVE-2024-46854/ SUSE CVE CVE-2024-46854 page https://www.suse.com/security/cve/CVE-2024-46855/ SUSE CVE CVE-2024-46855 page https://www.suse.com/security/cve/CVE-2024-46857/ SUSE CVE CVE-2024-46857 page https://www.suse.com/security/cve/CVE-2024-47660/ SUSE CVE CVE-2024-47660 page https://www.suse.com/security/cve/CVE-2024-47661/ SUSE CVE CVE-2024-47661 page https://www.suse.com/security/cve/CVE-2024-47664/ SUSE CVE CVE-2024-47664 page https://www.suse.com/security/cve/CVE-2024-47668/ SUSE CVE CVE-2024-47668 page https://www.suse.com/security/cve/CVE-2024-47672/ SUSE CVE CVE-2024-47672 page https://www.suse.com/security/cve/CVE-2024-47673/ SUSE CVE CVE-2024-47673 page https://www.suse.com/security/cve/CVE-2024-47674/ SUSE CVE CVE-2024-47674 page https://www.suse.com/security/cve/CVE-2024-47684/ SUSE CVE CVE-2024-47684 page https://www.suse.com/security/cve/CVE-2024-47685/ SUSE CVE CVE-2024-47685 page https://www.suse.com/security/cve/CVE-2024-47692/ SUSE CVE CVE-2024-47692 page https://www.suse.com/security/cve/CVE-2024-47704/ SUSE CVE CVE-2024-47704 page https://www.suse.com/security/cve/CVE-2024-47705/ SUSE CVE CVE-2024-47705 page https://www.suse.com/security/cve/CVE-2024-47706/ SUSE CVE CVE-2024-47706 page https://www.suse.com/security/cve/CVE-2024-47707/ SUSE CVE CVE-2024-47707 page https://www.suse.com/security/cve/CVE-2024-47710/ SUSE CVE CVE-2024-47710 page https://www.suse.com/security/cve/CVE-2024-47720/ SUSE CVE CVE-2024-47720 page https://www.suse.com/security/cve/CVE-2024-47727/ SUSE CVE CVE-2024-47727 page https://www.suse.com/security/cve/CVE-2024-47730/ SUSE CVE CVE-2024-47730 page https://www.suse.com/security/cve/CVE-2024-47738/ SUSE CVE CVE-2024-47738 page https://www.suse.com/security/cve/CVE-2024-47739/ SUSE CVE CVE-2024-47739 page https://www.suse.com/security/cve/CVE-2024-47745/ SUSE CVE CVE-2024-47745 page https://www.suse.com/security/cve/CVE-2024-47747/ SUSE CVE CVE-2024-47747 page https://www.suse.com/security/cve/CVE-2024-47748/ SUSE CVE CVE-2024-47748 page https://www.suse.com/security/cve/CVE-2024-49858/ SUSE CVE CVE-2024-49858 page https://www.suse.com/security/cve/CVE-2024-49860/ SUSE CVE CVE-2024-49860 page https://www.suse.com/security/cve/CVE-2024-49866/ SUSE CVE CVE-2024-49866 page https://www.suse.com/security/cve/CVE-2024-49867/ SUSE CVE CVE-2024-49867 page https://www.suse.com/security/cve/CVE-2024-49881/ SUSE CVE CVE-2024-49881 page https://www.suse.com/security/cve/CVE-2024-49882/ SUSE CVE CVE-2024-49882 page https://www.suse.com/security/cve/CVE-2024-49883/ SUSE CVE CVE-2024-49883 page https://www.suse.com/security/cve/CVE-2024-49886/ SUSE CVE CVE-2024-49886 page https://www.suse.com/security/cve/CVE-2024-49890/ SUSE CVE CVE-2024-49890 page https://www.suse.com/security/cve/CVE-2024-49892/ SUSE CVE CVE-2024-49892 page https://www.suse.com/security/cve/CVE-2024-49894/ SUSE CVE CVE-2024-49894 page https://www.suse.com/security/cve/CVE-2024-49895/ SUSE CVE CVE-2024-49895 page https://www.suse.com/security/cve/CVE-2024-49896/ SUSE CVE CVE-2024-49896 page https://www.suse.com/security/cve/CVE-2024-49897/ SUSE CVE CVE-2024-49897 page https://www.suse.com/security/cve/CVE-2024-49899/ SUSE CVE CVE-2024-49899 page https://www.suse.com/security/cve/CVE-2024-49901/ SUSE CVE CVE-2024-49901 page https://www.suse.com/security/cve/CVE-2024-49906/ SUSE CVE CVE-2024-49906 page https://www.suse.com/security/cve/CVE-2024-49908/ SUSE CVE CVE-2024-49908 page https://www.suse.com/security/cve/CVE-2024-49909/ SUSE CVE CVE-2024-49909 page https://www.suse.com/security/cve/CVE-2024-49911/ SUSE CVE CVE-2024-49911 page https://www.suse.com/security/cve/CVE-2024-49912/ SUSE CVE CVE-2024-49912 page https://www.suse.com/security/cve/CVE-2024-49913/ SUSE CVE CVE-2024-49913 page https://www.suse.com/security/cve/CVE-2024-49914/ SUSE CVE CVE-2024-49914 page https://www.suse.com/security/cve/CVE-2024-49917/ SUSE CVE CVE-2024-49917 page https://www.suse.com/security/cve/CVE-2024-49918/ SUSE CVE CVE-2024-49918 page https://www.suse.com/security/cve/CVE-2024-49919/ SUSE CVE CVE-2024-49919 page https://www.suse.com/security/cve/CVE-2024-49920/ SUSE CVE CVE-2024-49920 page https://www.suse.com/security/cve/CVE-2024-49922/ SUSE CVE CVE-2024-49922 page https://www.suse.com/security/cve/CVE-2024-49923/ SUSE CVE CVE-2024-49923 page https://www.suse.com/security/cve/CVE-2024-49929/ SUSE CVE CVE-2024-49929 page https://www.suse.com/security/cve/CVE-2024-49930/ SUSE CVE CVE-2024-49930 page https://www.suse.com/security/cve/CVE-2024-49933/ SUSE CVE CVE-2024-49933 page https://www.suse.com/security/cve/CVE-2024-49936/ SUSE CVE CVE-2024-49936 page https://www.suse.com/security/cve/CVE-2024-49939/ SUSE CVE CVE-2024-49939 page https://www.suse.com/security/cve/CVE-2024-49946/ SUSE CVE CVE-2024-49946 page https://www.suse.com/security/cve/CVE-2024-49949/ SUSE CVE CVE-2024-49949 page https://www.suse.com/security/cve/CVE-2024-49954/ SUSE CVE CVE-2024-49954 page https://www.suse.com/security/cve/CVE-2024-49955/ SUSE CVE CVE-2024-49955 page https://www.suse.com/security/cve/CVE-2024-49958/ SUSE CVE CVE-2024-49958 page https://www.suse.com/security/cve/CVE-2024-49959/ SUSE CVE CVE-2024-49959 page https://www.suse.com/security/cve/CVE-2024-49960/ SUSE CVE CVE-2024-49960 page https://www.suse.com/security/cve/CVE-2024-49962/ SUSE CVE CVE-2024-49962 page https://www.suse.com/security/cve/CVE-2024-49967/ SUSE CVE CVE-2024-49967 page https://www.suse.com/security/cve/CVE-2024-49969/ SUSE CVE CVE-2024-49969 page https://www.suse.com/security/cve/CVE-2024-49973/ SUSE CVE CVE-2024-49973 page https://www.suse.com/security/cve/CVE-2024-49974/ SUSE CVE CVE-2024-49974 page https://www.suse.com/security/cve/CVE-2024-49975/ SUSE CVE CVE-2024-49975 page https://www.suse.com/security/cve/CVE-2024-49982/ SUSE CVE CVE-2024-49982 page https://www.suse.com/security/cve/CVE-2024-49991/ SUSE CVE CVE-2024-49991 page https://www.suse.com/security/cve/CVE-2024-49993/ SUSE CVE CVE-2024-49993 page https://www.suse.com/security/cve/CVE-2024-49995/ SUSE CVE CVE-2024-49995 page https://www.suse.com/security/cve/CVE-2024-49996/ SUSE CVE CVE-2024-49996 page https://www.suse.com/security/cve/CVE-2024-50000/ SUSE CVE CVE-2024-50000 page https://www.suse.com/security/cve/CVE-2024-50001/ SUSE CVE CVE-2024-50001 page https://www.suse.com/security/cve/CVE-2024-50002/ SUSE CVE CVE-2024-50002 page https://www.suse.com/security/cve/CVE-2024-50006/ SUSE CVE CVE-2024-50006 page https://www.suse.com/security/cve/CVE-2024-50014/ SUSE CVE CVE-2024-50014 page https://www.suse.com/security/cve/CVE-2024-50019/ SUSE CVE CVE-2024-50019 page https://www.suse.com/security/cve/CVE-2024-50024/ SUSE CVE CVE-2024-50024 page https://www.suse.com/security/cve/CVE-2024-50028/ SUSE CVE CVE-2024-50028 page https://www.suse.com/security/cve/CVE-2024-50033/ SUSE CVE CVE-2024-50033 page https://www.suse.com/security/cve/CVE-2024-50035/ SUSE CVE CVE-2024-50035 page https://www.suse.com/security/cve/CVE-2024-50041/ SUSE CVE CVE-2024-50041 page https://www.suse.com/security/cve/CVE-2024-50045/ SUSE CVE CVE-2024-50045 page https://www.suse.com/security/cve/CVE-2024-50046/ SUSE CVE CVE-2024-50046 page https://www.suse.com/security/cve/CVE-2024-50047/ SUSE CVE CVE-2024-50047 page https://www.suse.com/security/cve/CVE-2024-50048/ SUSE CVE CVE-2024-50048 page https://www.suse.com/security/cve/CVE-2024-50049/ SUSE CVE CVE-2024-50049 page https://www.suse.com/security/cve/CVE-2024-50055/ SUSE CVE CVE-2024-50055 page https://www.suse.com/security/cve/CVE-2024-50058/ SUSE CVE CVE-2024-50058 page https://www.suse.com/security/cve/CVE-2024-50059/ SUSE CVE CVE-2024-50059 page https://www.suse.com/security/cve/CVE-2024-50061/ SUSE CVE CVE-2024-50061 page https://www.suse.com/security/cve/CVE-2024-50063/ SUSE CVE CVE-2024-50063 page https://www.suse.com/security/cve/CVE-2024-50081/ SUSE CVE CVE-2024-50081 page Container suse/sle-micro/rt-5.5:latest SUSE Linux Enterprise Live Patching 15 SP5 SUSE Linux Enterprise Micro 5.5 SUSE Real Time Module 15 SP5 openSUSE Leap 15.5 openSUSE Leap Micro 5.5 kernel-rt-5.14.21-150500.13.76.1 cluster-md-kmp-rt-5.14.21-150500.13.76.1 dlm-kmp-rt-5.14.21-150500.13.76.1 gfs2-kmp-rt-5.14.21-150500.13.76.1 kernel-devel-rt-5.14.21-150500.13.76.1 kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 kernel-rt-devel-5.14.21-150500.13.76.1 kernel-rt-extra-5.14.21-150500.13.76.1 kernel-rt-livepatch-5.14.21-150500.13.76.1 kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 kernel-rt-optional-5.14.21-150500.13.76.1 kernel-rt-vdso-5.14.21-150500.13.76.1 kernel-rt_debug-5.14.21-150500.13.76.1 kernel-rt_debug-devel-5.14.21-150500.13.76.1 kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 kernel-rt_debug-vdso-5.14.21-150500.13.76.1 kernel-source-rt-5.14.21-150500.13.76.1 kernel-syms-rt-5.14.21-150500.13.76.1 kselftests-kmp-rt-5.14.21-150500.13.76.1 ocfs2-kmp-rt-5.14.21-150500.13.76.1 reiserfs-kmp-rt-5.14.21-150500.13.76.1 kernel-rt-5.14.21-150500.13.76.1 as a component of Container suse/sle-micro/rt-5.5:latest kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 as a component of SUSE Linux Enterprise Live Patching 15 SP5 kernel-rt-5.14.21-150500.13.76.1 as a component of SUSE Linux Enterprise Micro 5.5 kernel-source-rt-5.14.21-150500.13.76.1 as a component of SUSE Linux Enterprise Micro 5.5 cluster-md-kmp-rt-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 dlm-kmp-rt-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 gfs2-kmp-rt-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 kernel-devel-rt-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 kernel-rt-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 kernel-rt-devel-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 kernel-rt-vdso-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 kernel-rt_debug-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 kernel-rt_debug-devel-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 kernel-rt_debug-vdso-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 kernel-source-rt-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 kernel-syms-rt-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 ocfs2-kmp-rt-5.14.21-150500.13.76.1 as a component of SUSE Real Time Module 15 SP5 cluster-md-kmp-rt-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 dlm-kmp-rt-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 gfs2-kmp-rt-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-devel-rt-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-rt-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-rt-devel-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-rt-extra-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-rt-livepatch-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-rt-optional-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-rt-vdso-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-rt_debug-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-rt_debug-devel-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-rt_debug-vdso-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-source-rt-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-syms-rt-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kselftests-kmp-rt-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 ocfs2-kmp-rt-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 reiserfs-kmp-rt-5.14.21-150500.13.76.1 as a component of openSUSE Leap 15.5 kernel-rt-5.14.21-150500.13.76.1 as a component of openSUSE Leap Micro 5.5 In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic. MDIOBUS_ALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and __mdiobus_register() fails, but device_register() was called In case of device_register() has been called we should call put_device() to correctly free the memory allocated for this device, but mdiobus_free() calls just kfree(dev) in case of MDIOBUS_ALLOCATED state To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED _before_ calling device_register(), because put_device() should be called even in case of device_register() failure. CVE-2021-47416 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2021-47416.html CVE-2021-47416 https://bugzilla.suse.com/1225189 SUSE Bug 1225189 https://bugzilla.suse.com/1225336 SUSE Bug 1225336 In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Add missing drm_crtc_commit_put Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") introduced a global state for the HVS, with each FIFO storing the current CRTC commit so that we can properly synchronize commits. However, the refcounting was off and we thus ended up leaking the drm_crtc_commit structure every commit. Add a drm_crtc_commit_put to prevent the leakage. CVE-2021-47534 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2021-47534.html CVE-2021-47534 https://bugzilla.suse.com/1230903 SUSE Bug 1230903 A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. CVE-2022-3435 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-3435.html CVE-2022-3435 https://bugzilla.suse.com/1204171 SUSE Bug 1204171 An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. CVE-2022-45934 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-45934.html CVE-2022-45934 https://bugzilla.suse.com/1205796 SUSE Bug 1205796 https://bugzilla.suse.com/1212292 SUSE Bug 1212292 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix hang during unmount when stopping a space reclaim worker Often when running generic/562 from fstests we can hang during unmount, resulting in a trace like this: Sep 07 11:52:00 debian9 unknown: run fstests generic/562 at 2022-09-07 11:52:00 Sep 07 11:55:32 debian9 kernel: INFO: task umount:49438 blocked for more than 120 seconds. Sep 07 11:55:32 debian9 kernel: Not tainted 6.0.0-rc2-btrfs-next-122 #1 Sep 07 11:55:32 debian9 kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. Sep 07 11:55:32 debian9 kernel: task:umount state:D stack: 0 pid:49438 ppid: 25683 flags:0x00004000 Sep 07 11:55:32 debian9 kernel: Call Trace: Sep 07 11:55:32 debian9 kernel: <TASK> Sep 07 11:55:32 debian9 kernel: __schedule+0x3c8/0xec0 Sep 07 11:55:32 debian9 kernel: ? rcu_read_lock_sched_held+0x12/0x70 Sep 07 11:55:32 debian9 kernel: schedule+0x5d/0xf0 Sep 07 11:55:32 debian9 kernel: schedule_timeout+0xf1/0x130 Sep 07 11:55:32 debian9 kernel: ? lock_release+0x224/0x4a0 Sep 07 11:55:32 debian9 kernel: ? lock_acquired+0x1a0/0x420 Sep 07 11:55:32 debian9 kernel: ? trace_hardirqs_on+0x2c/0xd0 Sep 07 11:55:32 debian9 kernel: __wait_for_common+0xac/0x200 Sep 07 11:55:32 debian9 kernel: ? usleep_range_state+0xb0/0xb0 Sep 07 11:55:32 debian9 kernel: __flush_work+0x26d/0x530 Sep 07 11:55:32 debian9 kernel: ? flush_workqueue_prep_pwqs+0x140/0x140 Sep 07 11:55:32 debian9 kernel: ? trace_clock_local+0xc/0x30 Sep 07 11:55:32 debian9 kernel: __cancel_work_timer+0x11f/0x1b0 Sep 07 11:55:32 debian9 kernel: ? close_ctree+0x12b/0x5b3 [btrfs] Sep 07 11:55:32 debian9 kernel: ? __trace_bputs+0x10b/0x170 Sep 07 11:55:32 debian9 kernel: close_ctree+0x152/0x5b3 [btrfs] Sep 07 11:55:32 debian9 kernel: ? evict_inodes+0x166/0x1c0 Sep 07 11:55:32 debian9 kernel: generic_shutdown_super+0x71/0x120 Sep 07 11:55:32 debian9 kernel: kill_anon_super+0x14/0x30 Sep 07 11:55:32 debian9 kernel: btrfs_kill_super+0x12/0x20 [btrfs] Sep 07 11:55:32 debian9 kernel: deactivate_locked_super+0x2e/0xa0 Sep 07 11:55:32 debian9 kernel: cleanup_mnt+0x100/0x160 Sep 07 11:55:32 debian9 kernel: task_work_run+0x59/0xa0 Sep 07 11:55:32 debian9 kernel: exit_to_user_mode_prepare+0x1a6/0x1b0 Sep 07 11:55:32 debian9 kernel: syscall_exit_to_user_mode+0x16/0x40 Sep 07 11:55:32 debian9 kernel: do_syscall_64+0x48/0x90 Sep 07 11:55:32 debian9 kernel: entry_SYSCALL_64_after_hwframe+0x63/0xcd Sep 07 11:55:32 debian9 kernel: RIP: 0033:0x7fcde59a57a7 Sep 07 11:55:32 debian9 kernel: RSP: 002b:00007ffe914217c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 Sep 07 11:55:32 debian9 kernel: RAX: 0000000000000000 RBX: 00007fcde5ae8264 RCX: 00007fcde59a57a7 Sep 07 11:55:32 debian9 kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055b57556cdd0 Sep 07 11:55:32 debian9 kernel: RBP: 000055b57556cba0 R08: 0000000000000000 R09: 00007ffe91420570 Sep 07 11:55:32 debian9 kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 Sep 07 11:55:32 debian9 kernel: R13: 000055b57556cdd0 R14: 000055b57556ccb8 R15: 0000000000000000 Sep 07 11:55:32 debian9 kernel: </TASK> What happens is the following: 1) The cleaner kthread tries to start a transaction to delete an unused block group, but the metadata reservation can not be satisfied right away, so a reservation ticket is created and it starts the async metadata reclaim task (fs_info->async_reclaim_work); 2) Writeback for all the filler inodes with an i_size of 2K starts (generic/562 creates a lot of 2K files with the goal of filling metadata space). We try to create an inline extent for them, but we fail when trying to insert the inline extent with -ENOSPC (at cow_file_range_inline()) - since this is not critical, we fallback to non-inline mode (back to cow_file_range()), reserve extents ---truncated--- CVE-2022-48664 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48664.html CVE-2022-48664 https://bugzilla.suse.com/1223524 SUSE Bug 1223524 In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in the unlikely event that EFI initialisation fails to avoid dereferencing a NULL pointer. CVE-2022-48879 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48879.html CVE-2022-48879 https://bugzilla.suse.com/1229556 SUSE Bug 1229556 In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the first one in the extent block, the code would corrupt extent tree header instead. Fix the problem and use udf_delete_aext() for deleting extent to avoid some code duplication. CVE-2022-48946 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48946.html CVE-2022-48946 https://bugzilla.suse.com/1231888 SUSE Bug 1231888 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventually it will wrap around the maximum number (i.e., 255). This patch prevents this by adding a boundary check with L2CAP_MAX_CONF_RSP Btmon log: Bluetooth monitor ver 5.64 = Note: Linux version 6.1.0-rc2 (x86_64) 0.264594 = Note: Bluetooth subsystem version 2.22 0.264636 @ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191 = New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604 @ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741 = Open Index: 00:00:00:00:00:00 [hci0] 13.900426 (...) > ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106 invalid packet size (12 != 1033) 08 00 01 00 02 01 04 00 01 10 ff ff ............ > ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561 invalid packet size (14 != 1547) 0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@..... > ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390 invalid packet size (16 != 2061) 0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@....... > ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932 invalid packet size (16 != 2061) 0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@....... = bluetoothd: Bluetooth daemon 5.43 14.401828 > ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753 invalid packet size (12 != 1033) 08 00 01 00 04 01 04 00 40 00 00 00 ........@... CVE-2022-48947 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48947.html CVE-2022-48947 https://bugzilla.suse.com/1231895 SUSE Bug 1231895 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvc_event->data.data array of size 60. This may result in an overflow of 4 bytes. CVE-2022-48948 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48948.html CVE-2022-48948 https://bugzilla.suse.com/1231896 SUSE Bug 1231896 In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that information may be leaked to the VM. Initialize the message buffer to 0 so that no information is passed to the VM in this case. CVE-2022-48949 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48949.html CVE-2022-48949 https://bugzilla.suse.com/1231897 SUSE Bug 1231897 In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() The bounds checks in snd_soc_put_volsw_sx() are only being applied to the first channel, meaning it is possible to write out of bounds values to the second channel in stereo controls. Add appropriate checks. CVE-2022-48951 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48951.html CVE-2022-48951 https://bugzilla.suse.com/1231929 SUSE Bug 1231929 In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpi_install_fixed_event_handler() enables the event automatically on success, it is incorrect to call it before the handler routine passed to it is ready to handle events. Unfortunately, the rtc-cmos driver does exactly the incorrect thing by calling cmos_wake_setup(), which passes rtc_handler() to acpi_install_fixed_event_handler(), before cmos_do_probe(), because rtc_handler() uses dev_get_drvdata() to get to the cmos object pointer and the driver data pointer is only populated in cmos_do_probe(). This leads to a NULL pointer dereference in rtc_handler() on boot if the RTC fixed event happens to be active at the init time. To address this issue, change the initialization ordering of the driver so that cmos_wake_setup() is always called after a successful cmos_do_probe() call. While at it, change cmos_pnp_probe() to call cmos_do_probe() after the initial if () statement used for computing the IRQ argument to be passed to cmos_do_probe() which is cleaner than calling it in each branch of that if () (local variable "irq" can be of type int, because it is passed to that function as an argument of type int). Note that commit 6492fed7d8c9 ("rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0") caused this issue to affect a larger number of systems, because previously it only affected systems with ACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that commit. CVE-2022-48953 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48953.html CVE-2022-48953 https://bugzilla.suse.com/1231941 SUSE Bug 1231941 In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix use-after-free in hsci KASAN found that addr was dereferenced after br2dev_event_work was freed. ================================================================== BUG: KASAN: use-after-free in qeth_l2_br2dev_worker+0x5ba/0x6b0 Read of size 1 at addr 00000000fdcea440 by task kworker/u760:4/540 CPU: 17 PID: 540 Comm: kworker/u760:4 Tainted: G E 6.1.0-20221128.rc7.git1.5aa3bed4ce83.300.fc36.s390x+kasan #1 Hardware name: IBM 8561 T01 703 (LPAR) Workqueue: 0.0.8000_event qeth_l2_br2dev_worker Call Trace: [<000000016944d4ce>] dump_stack_lvl+0xc6/0xf8 [<000000016942cd9c>] print_address_description.constprop.0+0x34/0x2a0 [<000000016942d118>] print_report+0x110/0x1f8 [<0000000167a7bd04>] kasan_report+0xfc/0x128 [<000000016938d79a>] qeth_l2_br2dev_worker+0x5ba/0x6b0 [<00000001673edd1e>] process_one_work+0x76e/0x1128 [<00000001673ee85c>] worker_thread+0x184/0x1098 [<000000016740718a>] kthread+0x26a/0x310 [<00000001672c606a>] __ret_from_fork+0x8a/0xe8 [<00000001694711da>] ret_from_fork+0xa/0x40 Allocated by task 108338: kasan_save_stack+0x40/0x68 kasan_set_track+0x36/0x48 __kasan_kmalloc+0xa0/0xc0 qeth_l2_switchdev_event+0x25a/0x738 atomic_notifier_call_chain+0x9c/0xf8 br_switchdev_fdb_notify+0xf4/0x110 fdb_notify+0x122/0x180 fdb_add_entry.constprop.0.isra.0+0x312/0x558 br_fdb_add+0x59e/0x858 rtnl_fdb_add+0x58a/0x928 rtnetlink_rcv_msg+0x5f8/0x8d8 netlink_rcv_skb+0x1f2/0x408 netlink_unicast+0x570/0x790 netlink_sendmsg+0x752/0xbe0 sock_sendmsg+0xca/0x110 ____sys_sendmsg+0x510/0x6a8 ___sys_sendmsg+0x12a/0x180 __sys_sendmsg+0xe6/0x168 __do_sys_socketcall+0x3c8/0x468 do_syscall+0x22c/0x328 __do_syscall+0x94/0xf0 system_call+0x82/0xb0 Freed by task 540: kasan_save_stack+0x40/0x68 kasan_set_track+0x36/0x48 kasan_save_free_info+0x4c/0x68 ____kasan_slab_free+0x14e/0x1a8 __kasan_slab_free+0x24/0x30 __kmem_cache_free+0x168/0x338 qeth_l2_br2dev_worker+0x154/0x6b0 process_one_work+0x76e/0x1128 worker_thread+0x184/0x1098 kthread+0x26a/0x310 __ret_from_fork+0x8a/0xe8 ret_from_fork+0xa/0x40 Last potentially related work creation: kasan_save_stack+0x40/0x68 __kasan_record_aux_stack+0xbe/0xd0 insert_work+0x56/0x2e8 __queue_work+0x4ce/0xd10 queue_work_on+0xf4/0x100 qeth_l2_switchdev_event+0x520/0x738 atomic_notifier_call_chain+0x9c/0xf8 br_switchdev_fdb_notify+0xf4/0x110 fdb_notify+0x122/0x180 fdb_add_entry.constprop.0.isra.0+0x312/0x558 br_fdb_add+0x59e/0x858 rtnl_fdb_add+0x58a/0x928 rtnetlink_rcv_msg+0x5f8/0x8d8 netlink_rcv_skb+0x1f2/0x408 netlink_unicast+0x570/0x790 netlink_sendmsg+0x752/0xbe0 sock_sendmsg+0xca/0x110 ____sys_sendmsg+0x510/0x6a8 ___sys_sendmsg+0x12a/0x180 __sys_sendmsg+0xe6/0x168 __do_sys_socketcall+0x3c8/0x468 do_syscall+0x22c/0x328 __do_syscall+0x94/0xf0 system_call+0x82/0xb0 Second to last potentially related work creation: kasan_save_stack+0x40/0x68 __kasan_record_aux_stack+0xbe/0xd0 kvfree_call_rcu+0xb2/0x760 kernfs_unlink_open_file+0x348/0x430 kernfs_fop_release+0xc2/0x320 __fput+0x1ae/0x768 task_work_run+0x1bc/0x298 exit_to_user_mode_prepare+0x1a0/0x1a8 __do_syscall+0x94/0xf0 system_call+0x82/0xb0 The buggy address belongs to the object at 00000000fdcea400 which belongs to the cache kmalloc-96 of size 96 The buggy address is located 64 bytes inside of 96-byte region [00000000fdcea400, 00000000fdcea460) The buggy address belongs to the physical page: page:000000005a9c26e8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xfdcea flags: 0x3ffff00000000200(slab|node=0|zone=1|lastcpupid=0x1ffff) raw: 3ffff00000000200 0000000000000000 0000000100000122 000000008008cc00 raw: 0000000000000000 0020004100000000 ffffffff00000001 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: 00000000fdcea300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc 00000000fdcea380: fb fb fb fb fb fb f ---truncated--- CVE-2022-48954 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48954.html CVE-2022-48954 https://bugzilla.suse.com/1231972 SUSE Bug 1231972 In the Linux kernel, the following vulnerability has been resolved: net: thunderbolt: fix memory leak in tbnet_open() When tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in tb_xdomain_alloc_out_hopid() is not released. Add tb_xdomain_release_out_hopid() to the error path to release ida. CVE-2022-48955 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48955.html CVE-2022-48955 https://bugzilla.suse.com/1231892 SUSE Bug 1231892 In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot reported: BUG: KASAN: use-after-free in ip6_dst_idev include/net/ip6_fib.h:245 [inline] BUG: KASAN: use-after-free in ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951 Read of size 8 at addr ffff88801d403e80 by task syz-executor.3/7618 CPU: 1 PID: 7618 Comm: syz-executor.3 Not tainted 6.1.0-rc6-syzkaller-00012-g4312098baf37 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x15e/0x45d mm/kasan/report.c:395 kasan_report+0xbf/0x1f0 mm/kasan/report.c:495 ip6_dst_idev include/net/ip6_fib.h:245 [inline] ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951 __ip6_finish_output net/ipv6/ip6_output.c:193 [inline] ip6_finish_output+0x9a3/0x1170 net/ipv6/ip6_output.c:206 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip6_output+0x1f1/0x540 net/ipv6/ip6_output.c:227 dst_output include/net/dst.h:445 [inline] ip6_local_out+0xb3/0x1a0 net/ipv6/output_core.c:161 ip6_send_skb+0xbb/0x340 net/ipv6/ip6_output.c:1966 udp_v6_send_skb+0x82a/0x18a0 net/ipv6/udp.c:1286 udp_v6_push_pending_frames+0x140/0x200 net/ipv6/udp.c:1313 udpv6_sendmsg+0x18da/0x2c80 net/ipv6/udp.c:1606 inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xd3/0x120 net/socket.c:734 sock_write_iter+0x295/0x3d0 net/socket.c:1108 call_write_iter include/linux/fs.h:2191 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x9ed/0xdd0 fs/read_write.c:584 ksys_write+0x1ec/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fde3588c0d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fde365b6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fde359ac050 RCX: 00007fde3588c0d9 RDX: 000000000000ffdc RSI: 00000000200000c0 RDI: 000000000000000a RBP: 00007fde358e7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fde35acfb1f R14: 00007fde365b6300 R15: 0000000000022000 </TASK> Allocated by task 7618: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 __kasan_slab_alloc+0x82/0x90 mm/kasan/common.c:325 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slab.h:737 [inline] slab_alloc_node mm/slub.c:3398 [inline] slab_alloc mm/slub.c:3406 [inline] __kmem_cache_alloc_lru mm/slub.c:3413 [inline] kmem_cache_alloc+0x2b4/0x3d0 mm/slub.c:3422 dst_alloc+0x14a/0x1f0 net/core/dst.c:92 ip6_dst_alloc+0x32/0xa0 net/ipv6/route.c:344 ip6_rt_pcpu_alloc net/ipv6/route.c:1369 [inline] rt6_make_pcpu_route net/ipv6/route.c:1417 [inline] ip6_pol_route+0x901/0x1190 net/ipv6/route.c:2254 pol_lookup_func include/net/ip6_fib.h:582 [inline] fib6_rule_lookup+0x52e/0x6f0 net/ipv6/fib6_rules.c:121 ip6_route_output_flags_noref+0x2e6/0x380 net/ipv6/route.c:2625 ip6_route_output_flags+0x76/0x320 net/ipv6/route.c:2638 ip6_route_output include/net/ip6_route.h:98 [inline] ip6_dst_lookup_tail+0x5ab/0x1620 net/ipv6/ip6_output.c:1092 ip6_dst_lookup_flow+0x90/0x1d0 net/ipv6/ip6_output.c:1222 ip6_sk_dst_lookup_flow+0x553/0x980 net/ipv6/ip6_output.c:1260 udpv6_sendmsg+0x151d/0x2c80 net/ipv6/udp.c:1554 inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665 sock_sendmsg_nosec n ---truncated--- CVE-2022-48956 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48956.html CVE-2022-48956 https://bugzilla.suse.com/1231893 SUSE Bug 1231893 https://bugzilla.suse.com/1232799 SUSE Bug 1232799 In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() The cmd_buff needs to be freed when error happened in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove(). CVE-2022-48957 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48957.html CVE-2022-48957 https://bugzilla.suse.com/1231973 SUSE Bug 1231973 In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in greth_init_rings() The greth_init_rings() function won't free the newly allocated skb when dma_mapping_error() returns error, so add dev_kfree_skb() to fix it. Compile tested only. CVE-2022-48958 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48958.html CVE-2022-48958 https://bugzilla.suse.com/1231889 SUSE Bug 1231889 In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() When dsa_devlink_region_create failed in sja1105_setup_devlink_regions(), priv->regions is not released. CVE-2022-48959 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48959.html CVE-2022-48959 https://bugzilla.suse.com/1231976 SUSE Bug 1231976 In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. CVE-2022-48960 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48960.html CVE-2022-48960 https://bugzilla.suse.com/1231979 SUSE Bug 1231979 https://bugzilla.suse.com/1231980 SUSE Bug 1231980 In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix unbalanced fwnode reference count in mdio_device_release() There is warning report about of_node refcount leak while probing mdio device: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /spi/soc@0/mdio@710700c0/ethernet@4 In of_mdiobus_register_device(), we increase fwnode refcount by fwnode_handle_get() before associating the of_node with mdio device, but it has never been decreased in normal path. Since that, in mdio_device_release(), it needs to call fwnode_handle_put() in addition instead of calling kfree() directly. After above, just calling mdio_device_free() in the error handle path of of_mdiobus_register_device() is enough to keep the refcount balanced. CVE-2022-48961 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48961.html CVE-2022-48961 https://bugzilla.suse.com/1232108 SUSE Bug 1232108 In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. CVE-2022-48962 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48962.html CVE-2022-48962 https://bugzilla.suse.com/1232286 SUSE Bug 1232286 https://bugzilla.suse.com/1232801 SUSE Bug 1232801 In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkeding to ensure that it is not beyond the end of the cpu bitmap. CVE-2022-48966 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48966.html CVE-2022-48966 https://bugzilla.suse.com/1232191 SUSE Bug 1232191 In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18) This appears to be a legitimate lack of bounds checking in nci_add_new_protocol(). Add the missing checks. CVE-2022-48967 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48967.html CVE-2022-48967 https://bugzilla.suse.com/1232304 SUSE Bug 1232304 https://bugzilla.suse.com/1232306 SUSE Bug 1232306 In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential memory leak in otx2_init_tc() In otx2_init_tc(), if rhashtable_init() failed, it does not free tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap(). CVE-2022-48968 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48968.html CVE-2022-48968 https://bugzilla.suse.com/1232237 SUSE Bug 1232237 In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Fix NULL sring after live migration A NAPI is setup for each network sring to poll data to kernel The sring with source host is destroyed before live migration and new sring with target host is setup after live migration. The NAPI for the old sring is not deleted until setup new sring with target host after migration. With busy_poll/busy_read enabled, the NAPI can be polled before got deleted when resume VM. BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: xennet_poll+0xae/0xd20 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI Call Trace: finish_task_switch+0x71/0x230 timerqueue_del+0x1d/0x40 hrtimer_try_to_cancel+0xb5/0x110 xennet_alloc_rx_buffers+0x2a0/0x2a0 napi_busy_loop+0xdb/0x270 sock_poll+0x87/0x90 do_sys_poll+0x26f/0x580 tracing_map_insert+0x1d4/0x2f0 event_hist_trigger+0x14a/0x260 finish_task_switch+0x71/0x230 __schedule+0x256/0x890 recalc_sigpending+0x1b/0x50 xen_sched_clock+0x15/0x20 __rb_reserve_next+0x12d/0x140 ring_buffer_lock_reserve+0x123/0x3d0 event_triggers_call+0x87/0xb0 trace_event_buffer_commit+0x1c4/0x210 xen_clocksource_get_cycles+0x15/0x20 ktime_get_ts64+0x51/0xf0 SyS_ppoll+0x160/0x1a0 SyS_ppoll+0x160/0x1a0 do_syscall_64+0x73/0x130 entry_SYSCALL_64_after_hwframe+0x41/0xa6 ... RIP: xennet_poll+0xae/0xd20 RSP: ffffb4f041933900 CR2: 0000000000000008 ---[ end trace f8601785b354351c ]--- xen frontend should remove the NAPIs for the old srings before live migration as the bond srings are destroyed There is a tiny window between the srings are set to NULL and the NAPIs are disabled, It is safe as the NAPI threads are still frozen at that time CVE-2022-48969 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48969.html CVE-2022-48969 https://bugzilla.suse.com/1232026 SUSE Bug 1232026 In the Linux kernel, the following vulnerability has been resolved: af_unix: Get user_ns from in_skb in unix_diag_get_exact(). Wei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed the root cause: in unix_diag_get_exact(), the newly allocated skb does not have sk. [2] We must get the user_ns from the NETLINK_CB(in_skb).sk and pass it to sk_diag_fill(). [0]: BUG: kernel NULL pointer dereference, address: 0000000000000270 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 12bbce067 P4D 12bbce067 PUD 12bc40067 PMD 0 Oops: 0000 [#1] PREEMPT SMP CPU: 0 PID: 27942 Comm: syz-executor.0 Not tainted 6.1.0-rc5-next-20221118 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014 RIP: 0010:sk_user_ns include/net/sock.h:920 [inline] RIP: 0010:sk_diag_dump_uid net/unix/diag.c:119 [inline] RIP: 0010:sk_diag_fill+0x77d/0x890 net/unix/diag.c:170 Code: 89 ef e8 66 d4 2d fd c7 44 24 40 00 00 00 00 49 8d 7c 24 18 e8 54 d7 2d fd 49 8b 5c 24 18 48 8d bb 70 02 00 00 e8 43 d7 2d fd <48> 8b 9b 70 02 00 00 48 8d 7b 10 e8 33 d7 2d fd 48 8b 5b 10 48 8d RSP: 0018:ffffc90000d67968 EFLAGS: 00010246 RAX: ffff88812badaa48 RBX: 0000000000000000 RCX: ffffffff840d481d RDX: 0000000000000465 RSI: 0000000000000000 RDI: 0000000000000270 RBP: ffffc90000d679a8 R08: 0000000000000277 R09: 0000000000000000 R10: 0001ffffffffffff R11: 0001c90000d679a8 R12: ffff88812ac03800 R13: ffff88812c87c400 R14: ffff88812ae42210 R15: ffff888103026940 FS: 00007f08b4e6f700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000270 CR3: 000000012c58b000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> unix_diag_get_exact net/unix/diag.c:285 [inline] unix_diag_handler_dump+0x3f9/0x500 net/unix/diag.c:317 __sock_diag_cmd net/core/sock_diag.c:235 [inline] sock_diag_rcv_msg+0x237/0x250 net/core/sock_diag.c:266 netlink_rcv_skb+0x13e/0x250 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x24/0x40 net/core/sock_diag.c:277 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline] netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1356 netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1932 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] ____sys_sendmsg+0x38f/0x500 net/socket.c:2476 ___sys_sendmsg net/socket.c:2530 [inline] __sys_sendmsg+0x197/0x230 net/socket.c:2559 __do_sys_sendmsg net/socket.c:2568 [inline] __se_sys_sendmsg net/socket.c:2566 [inline] __x64_sys_sendmsg+0x42/0x50 net/socket.c:2566 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x4697f9 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f08b4e6ec48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000077bf80 RCX: 00000000004697f9 RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 RBP: 00000000004d29e9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000077bf80 R13: 0000000000000000 R14: 000000000077bf80 R15: 00007ffdb36bc6c0 </TASK> Modules linked in: CR2: 0000000000000270 [1]: https://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/ [2]: https://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/ CVE-2022-48970 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48970.html CVE-2022-48970 https://bugzilla.suse.com/1231887 SUSE Bug 1231887 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix not cleanup led when bt_init fails bt_init() calls bt_leds_init() to register led, but if it fails later, bt_leds_cleanup() is not called to unregister it. This can cause panic if the argument "bluetooth-power" in text is freed and then another led_trigger_register() tries to access it: BUG: unable to handle page fault for address: ffffffffc06d3bc0 RIP: 0010:strcmp+0xc/0x30 Call Trace: <TASK> led_trigger_register+0x10d/0x4f0 led_trigger_register_simple+0x7d/0x100 bt_init+0x39/0xf7 [bluetooth] do_one_initcall+0xd0/0x4e0 CVE-2022-48971 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48971.html CVE-2022-48971 https://bugzilla.suse.com/1232037 SUSE Bug 1232037 In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114 Call Trace: <TASK> raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87 call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944 unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982 unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879 register_netdevice+0x9a8/0xb90 net/core/dev.c:10083 ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659 ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229 mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316 ieee802154_if_add() allocates wpan_dev as netdev's private data, but not init the list in struct wpan_dev. cfg802154_netdev_notifier_call() manage the list when device register/unregister, and may lead to null-ptr-deref. Use INIT_LIST_HEAD() on it to initialize it correctly. CVE-2022-48972 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48972.html CVE-2022-48972 https://bugzilla.suse.com/1232025 SUSE Bug 1232025 In the Linux kernel, the following vulnerability has been resolved: gpio: amd8111: Fix PCI device reference count leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_put() after the 'out' label. Since pci_dev_put() can handle NULL input parameter, there is no problem for the 'Device not found' branch. For the normal path, add pci_dev_put() in amd_gpio_exit(). CVE-2022-48973 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48973.html CVE-2022-48973 https://bugzilla.suse.com/1232039 SUSE Bug 1232039 In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix memory leak in gpiochip_setup_dev() Here is a backtrace report about memory leak detected in gpiochip_setup_dev(): unreferenced object 0xffff88810b406400 (size 512): comm "python3", pid 1682, jiffies 4295346908 (age 24.090s) backtrace: kmalloc_trace device_add device_private_init at drivers/base/core.c:3361 (inlined by) device_add at drivers/base/core.c:3411 cdev_device_add gpiolib_cdev_register gpiochip_setup_dev gpiochip_add_data_with_key gcdev_register() & gcdev_unregister() would call device_add() & device_del() (no matter CONFIG_GPIO_CDEV is enabled or not) to register/unregister device. However, if device_add() succeeds, some resource (like struct device_private allocated by device_private_init()) is not released by device_del(). Therefore, after device_add() succeeds by gcdev_register(), it needs to call put_device() to release resource in the error handle path. Here we move forward the register of release function, and let it release every piece of resource by put_device() instead of kfree(). While at it, fix another subtle issue, i.e. when gc->ngpio is equal to 0, we still call kcalloc() and, in case of further error, kfree() on the ZERO_PTR pointer, which is not NULL. It's not a bug per se, but rather waste of the resources and potentially wrong expectation about contents of the gdev->descs variable. CVE-2022-48975 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48975.html CVE-2022-48975 https://bugzilla.suse.com/1231885 SUSE Bug 1231885 In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rcv_filter Analogue to commit 8aa59e355949 ("can: af_can: fix NULL pointer dereference in can_rx_register()") we need to check for a missing initialization of ml_priv in the receive path of CAN frames. Since commit 4e096a18867a ("net: introduce CAN specific pointer in the struct net_device") the check for dev->type to be ARPHRD_CAN is not sufficient anymore since bonding or tun netdevices claim to be CAN devices but do not initialize ml_priv accordingly. CVE-2022-48977 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48977.html CVE-2022-48977 https://bugzilla.suse.com/1231883 SUSE Bug 1231883 In the Linux kernel, the following vulnerability has been resolved: HID: core: fix shift-out-of-bounds in hid_report_raw_event Syzbot reported shift-out-of-bounds in hid_report_raw_event. microsoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) > 32! (swapper/0) ====================================================================== UBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1323:20 shift exponent 127 is too large for 32-bit type 'int' CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322 snto32 drivers/hid/hid-core.c:1323 [inline] hid_input_fetch_field drivers/hid/hid-core.c:1572 [inline] hid_process_report drivers/hid/hid-core.c:1665 [inline] hid_report_raw_event+0xd56/0x18b0 drivers/hid/hid-core.c:1998 hid_input_report+0x408/0x4f0 drivers/hid/hid-core.c:2066 hid_irq_in+0x459/0x690 drivers/hid/usbhid/hid-core.c:284 __usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671 dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988 call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474 expire_timers kernel/time/timer.c:1519 [inline] __run_timers+0x76a/0x980 kernel/time/timer.c:1790 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803 __do_softirq+0x277/0x75b kernel/softirq.c:571 __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1107 ====================================================================== If the size of the integer (unsigned n) is bigger than 32 in snto32(), shift exponent will be too large for 32-bit type 'int', resulting in a shift-out-of-bounds bug. Fix this by adding a check on the size of the integer (unsigned n) in snto32(). To add support for n greater than 32 bits, set n to 32, if n is greater than 32. CVE-2022-48978 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48978.html CVE-2022-48978 https://bugzilla.suse.com/1232038 SUSE Bug 1232038 In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() The SJA1105 family has 45 L2 policing table entries (SJA1105_MAX_L2_POLICING_COUNT) and SJA1110 has 110 (SJA1110_MAX_L2_POLICING_COUNT). Keeping the table structure but accounting for the difference in port count (5 in SJA1105 vs 10 in SJA1110) does not fully explain the difference. Rather, the SJA1110 also has L2 ingress policers for multicast traffic. If a packet is classified as multicast, it will be processed by the policer index 99 + SRCPORT. The sja1105_init_l2_policing() function initializes all L2 policers such that they don't interfere with normal packet reception by default. To have a common code between SJA1105 and SJA1110, the index of the multicast policer for the port is calculated because it's an index that is out of bounds for SJA1105 but in bounds for SJA1110, and a bounds check is performed. The code fails to do the proper thing when determining what to do with the multicast policer of port 0 on SJA1105 (ds->num_ports = 5). The "mcast" index will be equal to 45, which is also equal to table->ops->max_entry_count (SJA1105_MAX_L2_POLICING_COUNT). So it passes through the check. But at the same time, SJA1105 doesn't have multicast policers. So the code programs the SHARINDX field of an out-of-bounds element in the L2 Policing table of the static config. The comparison between index 45 and 45 entries should have determined the code to not access this policer index on SJA1105, since its memory wasn't even allocated. With enough bad luck, the out-of-bounds write could even overwrite other valid kernel data, but in this case, the issue was detected using KASAN. Kernel log: sja1105 spi5.0: Probed switch chip: SJA1105Q ================================================================== BUG: KASAN: slab-out-of-bounds in sja1105_setup+0x1cbc/0x2340 Write of size 8 at addr ffffff880bd57708 by task kworker/u8:0/8 ... Workqueue: events_unbound deferred_probe_work_func Call trace: ... sja1105_setup+0x1cbc/0x2340 dsa_register_switch+0x1284/0x18d0 sja1105_probe+0x748/0x840 ... Allocated by task 8: ... sja1105_setup+0x1bcc/0x2340 dsa_register_switch+0x1284/0x18d0 sja1105_probe+0x748/0x840 ... CVE-2022-48980 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48980.html CVE-2022-48980 https://bugzilla.suse.com/1232233 SUSE Bug 1232233 In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove errant put in error path drm_gem_shmem_mmap() doesn't own this reference, resulting in the GEM object getting prematurely freed leading to a later use-after-free. CVE-2022-48981 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48981.html CVE-2022-48981 https://bugzilla.suse.com/1232229 SUSE Bug 1232229 In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi work_done After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq->work_done. If the other thread (for example, from busy_poll) sets it to a value >= budget, this thread will continue to run when it should stop, and cause memory corruption and panic. To fix this issue, save the per-CQ work_done variable in a local variable before napi_complete_done(), so it won't be corrupted by a possible concurrent thread after napi_complete_done(). Also, add a flag bit to advertise to the NIC firmware: the NAPI work_done variable race is fixed, so the driver is able to reliably support features like busy_poll. CVE-2022-48985 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48985.html CVE-2022-48985 https://bugzilla.suse.com/1231958 SUSE Bug 1231958 In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2_bt_timings blanking fields in order to avoid integer overflows when userspace passes weird values. But that assumed that userspace would correctly fill in the front porch, backporch and sync values, but sometimes all you know is the total blanking, which is then assigned to just one of these fields. And that can fail with these checks. So instead set a maximum for the total horizontal and vertical blanking and check that each field remains below that. That is still sufficient to avoid integer overflows, but it also allows for more flexibility in how userspace fills in these fields. CVE-2022-48987 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48987.html CVE-2022-48987 https://bugzilla.suse.com/1232067 SUSE Bug 1232067 In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcg_write_event_control() memcg_write_event_control() accesses the dentry->d_name of the specified control fd to route the write call. As a cgroup interface file can't be renamed, it's safe to access d_name as long as the specified file is a regular cgroup file. Also, as these cgroup interface files can't be removed before the directory, it's safe to access the parent too. Prior to 347c4a874710 ("memcg: remove cgroup_event->cft"), there was a call to __file_cft() which verified that the specified file is a regular cgroupfs file before further accesses. The cftype pointer returned from __file_cft() was no longer necessary and the commit inadvertently dropped the file type check with it allowing any file to slip through. With the invarients broken, the d_name and parent accesses can now race against renames and removals of arbitrary files and cause use-after-free's. Fix the bug by resurrecting the file type check in __file_cft(). Now that cgroupfs is implemented through kernfs, checking the file operations needs to go through a layer of indirection. Instead, let's check the superblock and dentry type. CVE-2022-48988 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48988.html CVE-2022-48988 https://bugzilla.suse.com/1232069 SUSE Bug 1232069 https://bugzilla.suse.com/1232106 SUSE Bug 1232106 In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifiers to ensure that secondary MMUs (like KVM) don't keep accessing pages which aren't mapped anymore. Secondary MMUs don't hold their own references to pages that are mirrored over, so failing to notify them can lead to page use-after-free. I'm marking this as addressing an issue introduced in commit f3f0e1d2150b ("khugepaged: add support of collapse for tmpfs/shmem pages"), but most of the security impact of this only came in commit 27e1f8273113 ("khugepaged: enable collapse pmd for pte-mapped THP"), which actually omitted flushes for the removal of present PTEs, not just for the removal of empty page tables. CVE-2022-48991 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48991.html CVE-2022-48991 https://bugzilla.suse.com/1232070 SUSE Bug 1232070 https://bugzilla.suse.com/1232372 SUSE Bug 1232372 In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcm_be_reparent API, to handle kernel NULL pointer dereference error. The issue occurred in fuzzing test. CVE-2022-48992 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48992.html CVE-2022-48992 https://bugzilla.suse.com/1232071 SUSE Bug 1232071 In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. seq_copy_in_user() and seq_copy_in_kernel() did not have prototypes matching snd_seq_dump_func_t. Adjust this and remove the casts. There are not resulting binary output differences. This was found as a result of Clang's new -Wcast-function-type-strict flag, which is more sensitive than the simpler -Wcast-function-type, which only checks for type width mismatches. CVE-2022-48994 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48994.html CVE-2022-48994 https://bugzilla.suse.com/1232119 SUSE Bug 1232119 In the Linux kernel, the following vulnerability has been resolved: Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() There is a kmemleak when test the raydium_i2c_ts with bpf mock device: unreferenced object 0xffff88812d3675a0 (size 8): comm "python3", pid 349, jiffies 4294741067 (age 95.695s) hex dump (first 8 bytes): 11 0e 10 c0 01 00 04 00 ........ backtrace: [<0000000068427125>] __kmalloc+0x46/0x1b0 [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts] [<000000006e631aee>] raydium_i2c_initialize.cold+0xbc/0x3e4 [raydium_i2c_ts] [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts] [<00000000a310de16>] i2c_device_probe+0x651/0x680 [<00000000f5a96bf3>] really_probe+0x17c/0x3f0 [<00000000096ba499>] __driver_probe_device+0xe3/0x170 [<00000000c5acb4d9>] driver_probe_device+0x49/0x120 [<00000000264fe082>] __device_attach_driver+0xf7/0x150 [<00000000f919423c>] bus_for_each_drv+0x114/0x180 [<00000000e067feca>] __device_attach+0x1e5/0x2d0 [<0000000054301fc2>] bus_probe_device+0x126/0x140 [<00000000aad93b22>] device_add+0x810/0x1130 [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0 [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110 [<00000000ffec4177>] of_i2c_notify+0x100/0x160 unreferenced object 0xffff88812d3675c8 (size 8): comm "python3", pid 349, jiffies 4294741070 (age 95.692s) hex dump (first 8 bytes): 22 00 36 2d 81 88 ff ff ".6-.... backtrace: [<0000000068427125>] __kmalloc+0x46/0x1b0 [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts] [<000000001d5c9620>] raydium_i2c_initialize.cold+0x223/0x3e4 [raydium_i2c_ts] [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts] [<00000000a310de16>] i2c_device_probe+0x651/0x680 [<00000000f5a96bf3>] really_probe+0x17c/0x3f0 [<00000000096ba499>] __driver_probe_device+0xe3/0x170 [<00000000c5acb4d9>] driver_probe_device+0x49/0x120 [<00000000264fe082>] __device_attach_driver+0xf7/0x150 [<00000000f919423c>] bus_for_each_drv+0x114/0x180 [<00000000e067feca>] __device_attach+0x1e5/0x2d0 [<0000000054301fc2>] bus_probe_device+0x126/0x140 [<00000000aad93b22>] device_add+0x810/0x1130 [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0 [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110 [<00000000ffec4177>] of_i2c_notify+0x100/0x160 After BANK_SWITCH command from i2c BUS, no matter success or error happened, the tx_buf should be freed. CVE-2022-48995 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48995.html CVE-2022-48995 https://bugzilla.suse.com/1232120 SUSE Bug 1232120 In the Linux kernel, the following vulnerability has been resolved: char: tpm: Protect tpm_pm_suspend with locks Currently tpm transactions are executed unconditionally in tpm_pm_suspend() function, which may lead to races with other tpm accessors in the system. Specifically, the hw_random tpm driver makes use of tpm_get_random(), and this function is called in a loop from a kthread, which means it's not frozen alongside userspace, and so can race with the work done during system suspend: tpm tpm0: tpm_transmit: tpm_recv: error -52 tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 Call Trace: tpm_tis_status.cold+0x19/0x20 tpm_transmit+0x13b/0x390 tpm_transmit_cmd+0x20/0x80 tpm1_pm_suspend+0xa6/0x110 tpm_pm_suspend+0x53/0x80 __pnp_bus_suspend+0x35/0xe0 __device_suspend+0x10f/0x350 Fix this by calling tpm_try_get_ops(), which itself is a wrapper around tpm_chip_start(), but takes the appropriate mutex. [Jason: reworked commit message, added metadata] CVE-2022-48997 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48997.html CVE-2022-48997 https://bugzilla.suse.com/1232035 SUSE Bug 1232035 In the Linux kernel, the following vulnerability has been resolved: ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference Gwangun Jung reported a slab-out-of-bounds access in fib_nh_match: fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961 fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753 inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874 Separate nexthop objects are mutually exclusive with the legacy multipath spec. Fix fib_nh_match to return if the config for the to be deleted route contains a multipath spec while the fib_info is using a nexthop object. CVE-2022-48999 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-48999.html CVE-2022-48999 https://bugzilla.suse.com/1231936 SUSE Bug 1231936 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix PCI device refcount leak in has_external_pci() for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_put() before 'return true' to avoid reference count leak. CVE-2022-49000 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49000.html CVE-2022-49000 https://bugzilla.suse.com/1232123 SUSE Bug 1232123 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_put() for the error path to avoid reference count leak. CVE-2022-49002 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49002.html CVE-2022-49002 https://bugzilla.suse.com/1232133 SUSE Bug 1232133 In the Linux kernel, the following vulnerability has been resolved: nvme: fix SRCU protection of nvme_ns_head list Walking the nvme_ns_head siblings list is protected by the head's srcu in nvme_ns_head_submit_bio() but not nvme_mpath_revalidate_paths(). Removing namespaces from the list also fails to synchronize the srcu. Concurrent scan work can therefore cause use-after-frees. Hold the head's srcu lock in nvme_mpath_revalidate_paths() and synchronize with the srcu, not the global RCU, in nvme_ns_remove(). Observed the following panic when making NVMe/RDMA connections with native multipath on the Rocky Linux 8.6 kernel (it seems the upstream kernel has the same race condition). Disassembly shows the faulting instruction is cmp 0x50(%rdx),%rcx; computing capacity != get_capacity(ns->disk). Address 0x50 is dereferenced because ns->disk is NULL. The NULL disk appears to be the result of concurrent scan work freeing the namespace (note the log line in the middle of the panic). [37314.206036] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050 [37314.206036] nvme0n3: detected capacity change from 0 to 11811160064 [37314.299753] PGD 0 P4D 0 [37314.299756] Oops: 0000 [#1] SMP PTI [37314.299759] CPU: 29 PID: 322046 Comm: kworker/u98:3 Kdump: loaded Tainted: G W X --------- - - 4.18.0-372.32.1.el8test86.x86_64 #1 [37314.299762] Hardware name: Dell Inc. PowerEdge R720/0JP31P, BIOS 2.7.0 05/23/2018 [37314.299763] Workqueue: nvme-wq nvme_scan_work [nvme_core] [37314.299783] RIP: 0010:nvme_mpath_revalidate_paths+0x26/0xb0 [nvme_core] [37314.299790] Code: 1f 44 00 00 66 66 66 66 90 55 53 48 8b 5f 50 48 8b 83 c8 c9 00 00 48 8b 13 48 8b 48 50 48 39 d3 74 20 48 8d 42 d0 48 8b 50 20 <48> 3b 4a 50 74 05 f0 80 60 70 ef 48 8b 50 30 48 8d 42 d0 48 39 d3 [37315.058803] RSP: 0018:ffffabe28f913d10 EFLAGS: 00010202 [37315.121316] RAX: ffff927a077da800 RBX: ffff92991dd70000 RCX: 0000000001600000 [37315.206704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff92991b719800 [37315.292106] RBP: ffff929a6b70c000 R08: 000000010234cd4a R09: c0000000ffff7fff [37315.377501] R10: 0000000000000001 R11: ffffabe28f913a30 R12: 0000000000000000 [37315.462889] R13: ffff92992716600c R14: ffff929964e6e030 R15: ffff92991dd70000 [37315.548286] FS: 0000000000000000(0000) GS:ffff92b87fb80000(0000) knlGS:0000000000000000 [37315.645111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [37315.713871] CR2: 0000000000000050 CR3: 0000002208810006 CR4: 00000000000606e0 [37315.799267] Call Trace: [37315.828515] nvme_update_ns_info+0x1ac/0x250 [nvme_core] [37315.892075] nvme_validate_or_alloc_ns+0x2ff/0xa00 [nvme_core] [37315.961871] ? __blk_mq_free_request+0x6b/0x90 [37316.015021] nvme_scan_work+0x151/0x240 [nvme_core] [37316.073371] process_one_work+0x1a7/0x360 [37316.121318] ? create_worker+0x1a0/0x1a0 [37316.168227] worker_thread+0x30/0x390 [37316.212024] ? create_worker+0x1a0/0x1a0 [37316.258939] kthread+0x10a/0x120 [37316.297557] ? set_kthread_struct+0x50/0x50 [37316.347590] ret_from_fork+0x35/0x40 [37316.390360] Modules linked in: nvme_rdma nvme_tcp(X) nvme_fabrics nvme_core netconsole iscsi_tcp libiscsi_tcp dm_queue_length dm_service_time nf_conntrack_netlink br_netfilter bridge stp llc overlay nft_chain_nat ipt_MASQUERADE nf_nat xt_addrtype xt_CT nft_counter xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment xt_multiport nft_compat nf_tables libcrc32c nfnetlink dm_multipath tg3 rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm intel_rapl_msr iTCO_wdt iTCO_vendor_support dcdbas intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ipmi_ssif kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel ib_uverbs rapl intel_cstate intel_uncore ib_core ipmi_si joydev mei_me pcspkr ipmi_devintf mei lpc_ich wmi ipmi_msghandler acpi_power_meter ex ---truncated--- CVE-2022-49003 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49003.html CVE-2022-49003 https://bugzilla.suse.com/1232136 SUSE Bug 1232136 https://bugzilla.suse.com/1232139 SUSE Bug 1232139 In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Fix bounds check for _sx controls For _sx controls the semantics of the max field is not the usual one, max is the number of steps rather than the maximum value. This means that our check in snd_soc_put_volsw_sx() needs to just check against the maximum value. CVE-2022-49005 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49005.html CVE-2022-49005 https://bugzilla.suse.com/1232150 SUSE Bug 1232150 In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that is available (not currently used by other events). A type number is the identifier of the binary blobs in the tracing ring buffer (known as events) to map them to logic that can parse the binary blob. The issue is that if a dynamic event (like a kprobe event) is traced and is in the ring buffer, and then that event is removed (because it is dynamic, which means it can be created and destroyed), if another dynamic event is created that has the same number that new event's logic on parsing the binary blob will be used. To show how this can be an issue, the following can crash the kernel: # cd /sys/kernel/tracing # for i in `seq 65536`; do echo 'p:kprobes/foo do_sys_openat2 $arg1:u32' > kprobe_events # done For every iteration of the above, the writing to the kprobe_events will remove the old event and create a new one (with the same format) and increase the type number to the next available on until the type number reaches over 65535 which is the max number for the 16 bit type. After it reaches that number, the logic to allocate a new number simply looks for the next available number. When an dynamic event is removed, that number is then available to be reused by the next dynamic event created. That is, once the above reaches the max number, the number assigned to the event in that loop will remain the same. Now that means deleting one dynamic event and created another will reuse the previous events type number. This is where bad things can happen. After the above loop finishes, the kprobes/foo event which reads the do_sys_openat2 function call's first parameter as an integer. # echo 1 > kprobes/foo/enable # cat /etc/passwd > /dev/null # cat trace cat-2211 [005] .... 2007.849603: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 cat-2211 [005] .... 2007.849620: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 cat-2211 [005] .... 2007.849838: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 cat-2211 [005] .... 2007.849880: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 # echo 0 > kprobes/foo/enable Now if we delete the kprobe and create a new one that reads a string: # echo 'p:kprobes/foo do_sys_openat2 +0($arg2):string' > kprobe_events And now we can the trace: # cat trace sendmail-1942 [002] ..... 530.136320: foo: (do_sys_openat2+0x0/0x240) arg1= cat-2046 [004] ..... 530.930817: foo: (do_sys_openat2+0x0/0x240) arg1="������������������������������������������������������������������������������������������������" cat-2046 [004] ..... 530.930961: foo: (do_sys_openat2+0x0/0x240) arg1="������������������������������������������������������������������������������������������������" cat-2046 [004] ..... 530.934278: foo: (do_sys_openat2+0x0/0x240) arg1="������������������������������������������������������������������������������������������������" cat-2046 [004] ..... 530.934563: foo: (do_sys_openat2+0x0/0x240) arg1="��������������������������������������� ---truncated--- CVE-2022-49006 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49006.html CVE-2022-49006 https://bugzilla.suse.com/1232163 SUSE Bug 1232163 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() Syzbot reported a null-ptr-deref bug: NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 3603 Comm: segctord Not tainted 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 RIP: 0010:nilfs_palloc_commit_free_entry+0xe5/0x6b0 fs/nilfs2/alloc.c:608 Code: 00 00 00 00 fc ff df 80 3c 02 00 0f 85 cd 05 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 73 08 49 8d 7e 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 26 05 00 00 49 8b 46 10 be a6 00 00 00 48 c7 c7 RSP: 0018:ffffc90003dff830 EFLAGS: 00010212 RAX: dffffc0000000000 RBX: ffff88802594e218 RCX: 000000000000000d RDX: 0000000000000002 RSI: 0000000000002000 RDI: 0000000000000010 RBP: ffff888071880222 R08: 0000000000000005 R09: 000000000000003f R10: 000000000000000d R11: 0000000000000000 R12: ffff888071880158 R13: ffff88802594e220 R14: 0000000000000000 R15: 0000000000000004 FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb1c08316a8 CR3: 0000000018560000 CR4: 0000000000350ee0 Call Trace: <TASK> nilfs_dat_commit_free fs/nilfs2/dat.c:114 [inline] nilfs_dat_commit_end+0x464/0x5f0 fs/nilfs2/dat.c:193 nilfs_dat_commit_update+0x26/0x40 fs/nilfs2/dat.c:236 nilfs_btree_commit_update_v+0x87/0x4a0 fs/nilfs2/btree.c:1940 nilfs_btree_commit_propagate_v fs/nilfs2/btree.c:2016 [inline] nilfs_btree_propagate_v fs/nilfs2/btree.c:2046 [inline] nilfs_btree_propagate+0xa00/0xd60 fs/nilfs2/btree.c:2088 nilfs_bmap_propagate+0x73/0x170 fs/nilfs2/bmap.c:337 nilfs_collect_file_data+0x45/0xd0 fs/nilfs2/segment.c:568 nilfs_segctor_apply_buffers+0x14a/0x470 fs/nilfs2/segment.c:1018 nilfs_segctor_scan_file+0x3f4/0x6f0 fs/nilfs2/segment.c:1067 nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1197 [inline] nilfs_segctor_collect fs/nilfs2/segment.c:1503 [inline] nilfs_segctor_do_construct+0x12fc/0x6af0 fs/nilfs2/segment.c:2045 nilfs_segctor_construct+0x8e3/0xb30 fs/nilfs2/segment.c:2379 nilfs_segctor_thread_construct fs/nilfs2/segment.c:2487 [inline] nilfs_segctor_thread+0x3c3/0xf30 fs/nilfs2/segment.c:2570 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 </TASK> ... If DAT metadata file is corrupted on disk, there is a case where req->pr_desc_bh is NULL and blocknr is 0 at nilfs_dat_commit_end() during a b-tree operation that cascadingly updates ancestor nodes of the b-tree, because nilfs_dat_commit_alloc() for a lower level block can initialize the blocknr on the same DAT entry between nilfs_dat_prepare_end() and nilfs_dat_commit_end(). If this happens, nilfs_dat_commit_end() calls nilfs_dat_commit_free() without valid buffer heads in req->pr_desc_bh and req->pr_bitmap_bh, and causes the NULL pointer dereference above in nilfs_palloc_commit_free_entry() function, which leads to a crash. Fix this by adding a NULL check on req->pr_desc_bh and req->pr_bitmap_bh before nilfs_palloc_commit_free_entry() in nilfs_dat_commit_free(). This also calls nilfs_error() in that case to notify that there is a fatal flaw in the filesystem metadata and prevent further operations. CVE-2022-49007 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49007.html CVE-2022-49007 https://bugzilla.suse.com/1232170 SUSE Bug 1232170 In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Check for null before removing sysfs attrs If coretemp_add_core() gets an error then pdata->core_data[indx] is already NULL and has been kfreed. Don't pass that to sysfs_remove_group() as that will crash in sysfs_remove_group(). [Shortened for readability] [91854.020159] sysfs: cannot create duplicate filename '/devices/platform/coretemp.0/hwmon/hwmon2/temp20_label' <cpu offline> [91855.126115] BUG: kernel NULL pointer dereference, address: 0000000000000188 [91855.165103] #PF: supervisor read access in kernel mode [91855.194506] #PF: error_code(0x0000) - not-present page [91855.224445] PGD 0 P4D 0 [91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI ... [91855.342716] RIP: 0010:sysfs_remove_group+0xc/0x80 ... [91855.796571] Call Trace: [91855.810524] coretemp_cpu_offline+0x12b/0x1dd [coretemp] [91855.841738] ? coretemp_cpu_online+0x180/0x180 [coretemp] [91855.871107] cpuhp_invoke_callback+0x105/0x4b0 [91855.893432] cpuhp_thread_fun+0x8e/0x150 ... Fix this by checking for NULL first. CVE-2022-49010 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49010.html CVE-2022-49010 https://bugzilla.suse.com/1232172 SUSE Bug 1232172 In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). So call it after using to avoid refcount leak. CVE-2022-49011 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49011.html CVE-2022-49011 https://bugzilla.suse.com/1232006 SUSE Bug 1232006 In the Linux kernel, the following vulnerability has been resolved: afs: Fix server->active leak in afs_put_server The atomic_read was accidentally replaced with atomic_inc_return, which prevents the server from getting cleaned up and causes rmmod to hang with a warning: Can't purge s=00000001 CVE-2022-49012 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49012.html CVE-2022-49012 https://bugzilla.suse.com/1232005 SUSE Bug 1232005 In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tun_detach() syzbot reported use-after-free in tun_detach() [1]. This causes call trace like below: ================================================================== BUG: KASAN: use-after-free in notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75 Read of size 8 at addr ffff88807324e2a8 by task syz-executor.0/3673 CPU: 0 PID: 3673 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller-00044-gcc675d22e422 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x15e/0x461 mm/kasan/report.c:395 kasan_report+0xbf/0x1f0 mm/kasan/report.c:495 notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75 call_netdevice_notifiers_info+0x86/0x130 net/core/dev.c:1942 call_netdevice_notifiers_extack net/core/dev.c:1983 [inline] call_netdevice_notifiers net/core/dev.c:1997 [inline] netdev_wait_allrefs_any net/core/dev.c:10237 [inline] netdev_run_todo+0xbc6/0x1100 net/core/dev.c:10351 tun_detach drivers/net/tun.c:704 [inline] tun_chr_close+0xe4/0x190 drivers/net/tun.c:3467 __fput+0x27c/0xa90 fs/file_table.c:320 task_work_run+0x16f/0x270 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xb3d/0x2a30 kernel/exit.c:820 do_group_exit+0xd4/0x2a0 kernel/exit.c:950 get_signal+0x21b1/0x2440 kernel/signal.c:2858 arch_do_signal_or_restart+0x86/0x2300 arch/x86/kernel/signal.c:869 exit_to_user_mode_loop kernel/entry/common.c:168 [inline] exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd The cause of the issue is that sock_put() from __tun_detach() drops last reference count for struct net, and then notifier_call_chain() from netdev_state_change() accesses that struct net. This patch fixes the issue by calling sock_put() from tun_detach() after all necessary accesses for the struct net has done. CVE-2022-49014 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49014.html CVE-2022-49014 https://bugzilla.suse.com/1231890 SUSE Bug 1231890 https://bugzilla.suse.com/1232818 SUSE Bug 1232818 In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netif_rx() which may free it, after calling this, dereferencing skb may trigger use-after-free. CVE-2022-49015 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49015.html CVE-2022-49015 https://bugzilla.suse.com/1231938 SUSE Bug 1231938 https://bugzilla.suse.com/1233021 SUSE Bug 1233021 In the Linux kernel, the following vulnerability has been resolved: net: mdiobus: fix unbalanced node reference count I got the following report while doing device(mscc-miim) load test with CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC enabled: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /spi/soc@0/mdio@7107009c/ethernet-phy@0 If the 'fwnode' is not an acpi node, the refcount is get in fwnode_mdiobus_phy_device_register(), but it has never been put when the device is freed in the normal path. So call fwnode_handle_put() in phy_device_release() to avoid leak. If it's an acpi node, it has never been get, but it's put in the error path, so call fwnode_handle_get() before phy_device_register() to keep get/put operation balanced. CVE-2022-49016 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49016.html CVE-2022-49016 https://bugzilla.suse.com/1231937 SUSE Bug 1231937 In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipc_msg_validate As the call trace shows, the original skb was freed in tipc_msg_validate(), and dereferencing the old skb cb would cause an use-after-free crash. BUG: KASAN: use-after-free in tipc_crypto_rcv_complete+0x1835/0x2240 [tipc] Call Trace: <IRQ> tipc_crypto_rcv_complete+0x1835/0x2240 [tipc] tipc_crypto_rcv+0xd32/0x1ec0 [tipc] tipc_rcv+0x744/0x1150 [tipc] ... Allocated by task 47078: kmem_cache_alloc_node+0x158/0x4d0 __alloc_skb+0x1c1/0x270 tipc_buf_acquire+0x1e/0xe0 [tipc] tipc_msg_create+0x33/0x1c0 [tipc] tipc_link_build_proto_msg+0x38a/0x2100 [tipc] tipc_link_timeout+0x8b8/0xef0 [tipc] tipc_node_timeout+0x2a1/0x960 [tipc] call_timer_fn+0x2d/0x1c0 ... Freed by task 47078: tipc_msg_validate+0x7b/0x440 [tipc] tipc_crypto_rcv_complete+0x4b5/0x2240 [tipc] tipc_crypto_rcv+0xd32/0x1ec0 [tipc] tipc_rcv+0x744/0x1150 [tipc] This patch fixes it by re-fetching the skb cb from the new allocated skb after calling tipc_msg_validate(). CVE-2022-49017 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49017.html CVE-2022-49017 https://bugzilla.suse.com/1232004 SUSE Bug 1232004 In the Linux kernel, the following vulnerability has been resolved: net: ethernet: nixge: fix NULL dereference In function nixge_hw_dma_bd_release() dereference of NULL pointer priv->rx_bd_v is possible for the case of its allocation failure in nixge_hw_dma_bd_init(). Move for() loop with priv->rx_bd_v dereference under the check for its validity. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2022-49019 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49019.html CVE-2022-49019 https://bugzilla.suse.com/1231940 SUSE Bug 1231940 In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix a potential socket leak in p9_socket_open Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). If the creation of p9_trans_fd fails, p9_fd_create_tcp() and p9_fd_create_unix() will return an error directly instead of releasing the cscoket, which will result in a socket leak. This patch adds sock_release() to fix the leak issue. CVE-2022-49020 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49020.html CVE-2022-49020 https://bugzilla.suse.com/1232175 SUSE Bug 1232175 In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe() failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 253 Comm: 507-spi-dm9051 Tainted: G B N 6.1.0-rc3+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:klist_put+0x2d/0xd0 Call Trace: <TASK> klist_remove+0xf1/0x1c0 device_release_driver_internal+0x23e/0x2d0 bus_remove_device+0x1bd/0x240 device_del+0x357/0x770 phy_device_remove+0x11/0x30 mdiobus_unregister+0xa5/0x140 release_nodes+0x6a/0xa0 devres_release_all+0xf8/0x150 device_unbind_cleanup+0x19/0xd0 //probe path: phy_device_register() device_add() phy_connect phy_attach_direct() //set device driver probe() //it's failed, driver is not bound device_bind_driver() // probe failed, it's not called //remove path: phy_device_remove() device_del() device_release_driver_internal() __device_release_driver() //dev->drv is not NULL klist_remove() <- knode_driver is not added yet, cause null-ptr-deref In phy_attach_direct(), after setting the 'dev->driver', probe() fails, device_bind_driver() is not called, so the knode_driver->n_klist is not set, then it causes null-ptr-deref in __device_release_driver() while deleting device. Fix this by setting dev->driver to NULL in the error path in phy_attach_direct(). CVE-2022-49021 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49021.html CVE-2022-49021 https://bugzilla.suse.com/1231939 SUSE Bug 1231939 In the Linux kernel, the following vulnerability has been resolved: wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration Fix possible out-of-bound access in ieee80211_get_rate_duration routine as reported by the following UBSAN report: UBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47 index 15 is out of range for type 'u16 [12]' CPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic Hardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017 Workqueue: mt76 mt76u_tx_status_data [mt76_usb] Call Trace: <TASK> show_stack+0x4e/0x61 dump_stack_lvl+0x4a/0x6f dump_stack+0x10/0x18 ubsan_epilogue+0x9/0x43 __ubsan_handle_out_of_bounds.cold+0x42/0x47 ieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211] ? ieee80211_tx_status_ext+0x32e/0x640 [mac80211] ieee80211_calc_rx_airtime+0xda/0x120 [mac80211] ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211] mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib] mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib] mt76u_tx_status_data+0x67/0xd0 [mt76_usb] process_one_work+0x225/0x400 worker_thread+0x50/0x3e0 ? process_one_work+0x400/0x400 kthread+0xe9/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 CVE-2022-49022 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49022.html CVE-2022-49022 https://bugzilla.suse.com/1231962 SUSE Bug 1231962 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. Since the element itself is already checked to fit, we only need to check the length. CVE-2022-49023 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49023.html CVE-2022-49023 https://bugzilla.suse.com/1231961 SUSE Bug 1231961 https://bugzilla.suse.com/1233022 SUSE Bug 1233022 In the Linux kernel, the following vulnerability has been resolved: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods In m_can_pci_remove() and error handling path of m_can_pci_probe(), m_can_class_free_dev() should be called to free resource allocated by m_can_class_allocate_dev(), otherwise there will be memleak. CVE-2022-49024 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49024.html CVE-2022-49024 https://bugzilla.suse.com/1232001 SUSE Bug 1232001 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second one or afterwards fails the driver reverts usage of term tables but doesn't reset the assignment in attr->dests[num_vport_dests].termtbl which case a use-after-free when releasing the rule. Fix by resetting the assignment of termtbl to null. CVE-2022-49025 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49025.html CVE-2022-49025 https://bugzilla.suse.com/1231960 SUSE Bug 1231960 https://bugzilla.suse.com/1233023 SUSE Bug 1233023 In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100_xmit_prepare In e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will resend the skb. But the skb is already freed, which will cause UAF bug when the upper layer resends the skb. Remove the harmful free. CVE-2022-49026 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49026.html CVE-2022-49026 https://bugzilla.suse.com/1231997 SUSE Bug 1231997 In the Linux kernel, the following vulnerability has been resolved: iavf: Fix error handling in iavf_init_module() The iavf_init_module() won't destroy workqueue when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver() failed to prevent the resource leak. Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak") CVE-2022-49027 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49027.html CVE-2022-49027 https://bugzilla.suse.com/1232007 SUSE Bug 1232007 In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Add destroy_workqueue() in fail path to prevent the resource leak. Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak") CVE-2022-49028 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49028.html CVE-2022-49028 https://bugzilla.suse.com/1231996 SUSE Bug 1231996 In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will be freed, but data->list will not be removed from driver_data.bmc_data, then list traversal may cause UAF. Fix by removeing it from driver_data.bmc_data before free(). CVE-2022-49029 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49029.html CVE-2022-49029 https://bugzilla.suse.com/1231995 SUSE Bug 1231995 In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0 Read of size 4 at addr ffffffffc02ac638 by task cat/279 Call Trace: afe4403_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4403_channel_leds+0x18/0xffffffffffffe9e0 This issue can be reproduced by singe command: $ cat /sys/bus/spi/devices/spi0.0/iio\:device0/in_intensity6_raw The array size of afe4403_channel_leds is less than channels, so access with chan->address cause OOB read in afe4403_read_raw. Fix it by moving access before use it. CVE-2022-49031 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49031.html CVE-2022-49031 https://bugzilla.suse.com/1231992 SUSE Bug 1231992 In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr ffffffffc00e4658 by task cat/278 Call Trace: afe4404_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4404_channel_leds+0x18/0xffffffffffffe9c0 This issue can be reproduce by singe command: $ cat /sys/bus/i2c/devices/0-0058/iio\:device0/in_intensity6_raw The array size of afe4404_channel_leds and afe4404_channel_offdacs are less than channels, so access with chan->address cause OOB read in afe4404_[read|write]_raw. Fix it by moving access before use them. CVE-2022-49032 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2022-49032.html CVE-2022-49032 https://bugzilla.suse.com/1231991 SUSE Bug 1231991 A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. CVE-2023-2166 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2023-2166.html CVE-2023-2166 https://bugzilla.suse.com/1210627 SUSE Bug 1210627 A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. CVE-2023-28327 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2023-28327.html CVE-2023-28327 https://bugzilla.suse.com/1209290 SUSE Bug 1209290 In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Do not loop over ring headers in hci_dma_irq_handler() that are not allocated and enabled in hci_dma_init(). Otherwise out of bounds access will occur from rings->headers[i] access when i >= number of allocated ring headers. CVE-2023-52766 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2023-52766.html CVE-2023-52766 https://bugzilla.suse.com/1230620 SUSE Bug 1230620 In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Compile tested only. CVE-2023-52800 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2023-52800.html CVE-2023-52800 https://bugzilla.suse.com/1230600 SUSE Bug 1230600 In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The ACK value is considered acceptable only if it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <= SND.NXT). All incoming segments whose ACK value doesn't satisfy the above condition MUST be discarded and an ACK sent back. It needs to be noted that RFC 793 on page 72 (fifth check) says: "If the ACK is a duplicate (SEG.ACK < SND.UNA), it can be ignored. If the ACK acknowledges something not yet sent (SEG.ACK > SND.NXT) then send an ACK, drop the segment, and return". The "ignored" above implies that the processing of the incoming data segment continues, which means the ACK value is treated as acceptable. This mitigation makes the ACK check more stringent since any ACK < SND.UNA wouldn't be accepted, instead only ACKs that are in the range ((SND.UNA - MAX.SND.WND) <= SEG.ACK <= SND.NXT) get through. This can be refined for new (and possibly spoofed) flows, by not accepting ACK for bytes that were never sent. This greatly improves TCP security at a little cost. I added a Fixes: tag to make sure this patch will reach stable trees, even if the 'blamed' patch was adhering to the RFC. tp->bytes_acked was added in linux-4.2 Following packetdrill test (courtesy of Yepeng Pan) shows the issue at hand: 0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3 +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 +0 bind(3, ..., ...) = 0 +0 listen(3, 1024) = 0 // ---------------- Handshake ------------------- // // when window scale is set to 14 the window size can be extended to // 65535 * (2^14) = 1073725440. Linux would accept an ACK packet // with ack number in (Server_ISN+1-1073725440. Server_ISN+1) // ,though this ack number acknowledges some data never // sent by the server. +0 < S 0:0(0) win 65535 <mss 1400,nop,wscale 14> +0 > S. 0:0(0) ack 1 <...> +0 < . 1:1(0) ack 1 win 65535 +0 accept(3, ..., ...) = 4 // For the established connection, we send an ACK packet, // the ack packet uses ack number 1 - 1073725300 + 2^32, // where 2^32 is used to wrap around. // Note: we used 1073725300 instead of 1073725440 to avoid possible // edge cases. // 1 - 1073725300 + 2^32 = 3221241997 // Oops, old kernels happily accept this packet. +0 < . 1:1001(1000) ack 3221241997 win 65535 // After the kernel fix the following will be replaced by a challenge ACK, // and prior malicious frame would be dropped. +0 > . 1:1(0) ack 1001 CVE-2023-52881 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2023-52881.html CVE-2023-52881 https://bugzilla.suse.com/1223384 SUSE Bug 1223384 https://bugzilla.suse.com/1225611 SUSE Bug 1225611 https://bugzilla.suse.com/1226152 SUSE Bug 1226152 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Handle memory allocation failure from nci_skb_alloc() (calling alloc_skb()) to avoid possible NULL pointer dereference. CVE-2023-52919 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2023-52919.html CVE-2023-52919 https://bugzilla.suse.com/1231988 SUSE Bug 1231988 A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. CVE-2023-6270 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2023-6270.html CVE-2023-6270 https://bugzilla.suse.com/1218562 SUSE Bug 1218562 https://bugzilla.suse.com/1218813 SUSE Bug 1218813 https://bugzilla.suse.com/1221578 SUSE Bug 1221578 https://bugzilla.suse.com/1221598 SUSE Bug 1221598 https://bugzilla.suse.com/1223016 SUSE Bug 1223016 https://bugzilla.suse.com/1227675 SUSE Bug 1227675 In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free. CVE-2024-27043 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-27043.html CVE-2024-27043 https://bugzilla.suse.com/1218562 SUSE Bug 1218562 https://bugzilla.suse.com/1223824 SUSE Bug 1223824 https://bugzilla.suse.com/1223825 SUSE Bug 1223825 In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals. We need one more restriction, which is that the cycle time itself must be larger than N * ETH_ZLEN bit times, where N is the number of schedule entries. This restriction needs to apply regardless of whether the cycle time came from the user or was the implicit, auto-calculated value, so we move the existing "cycle == 0" check outside the "if "(!new->cycle_time)" branch. This way covers both conditions and scenarios. Add a selftest which illustrates the issue triggered by syzbot. CVE-2024-36244 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-36244.html CVE-2024-36244 https://bugzilla.suse.com/1226797 SUSE Bug 1226797 In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: avoid off-by-one read from userspace We try to access count + 1 byte from userspace with memdup_user(buffer, count + 1). However, the userspace only provides buffer of count bytes and only these count bytes are verified to be okay to access. To ensure the copied buffer is NUL terminated, we use memdup_user_nul instead. CVE-2024-36957 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-36957.html CVE-2024-36957 https://bugzilla.suse.com/1225762 SUSE Bug 1225762 In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Xiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with small possibility, the root cause is exactly the same as commit bed9e27baf52 ("Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"") However, Dan reported another hang after that, and junxiao investigated the problem and found out that this is caused by plugged bio can't issue from raid5d(). Current implementation in raid5d() has a weird dependence: 1) md_check_recovery() from raid5d() must hold 'reconfig_mutex' to clear MD_SB_CHANGE_PENDING; 2) raid5d() handles IO in a deadloop, until all IO are issued; 3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared; This behaviour is introduce before v2.6, and for consequence, if other context hold 'reconfig_mutex', and md_check_recovery() can't update super_block, then raid5d() will waste one cpu 100% by the deadloop, until 'reconfig_mutex' is released. Refer to the implementation from raid1 and raid10, fix this problem by skipping issue IO if MD_SB_CHANGE_PENDING is still set after md_check_recovery(), daemon thread will be woken up when 'reconfig_mutex' is released. Meanwhile, the hang problem will be fixed as well. CVE-2024-39476 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-39476.html CVE-2024-39476 https://bugzilla.suse.com/1227437 SUSE Bug 1227437 In the Linux kernel, the following vulnerability has been resolved: i2c: lpi2c: Avoid calling clk_get_rate during transfer Instead of repeatedly calling clk_get_rate for each transfer, lock the clock rate and cache the value. A deadlock has been observed while adding tlv320aic32x4 audio codec to the system. When this clock provider adds its clock, the clk mutex is locked already, it needs to access i2c, which in return needs the mutex for clk_get_rate as well. CVE-2024-40965 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-40965.html CVE-2024-40965 https://bugzilla.suse.com/1227885 SUSE Bug 1227885 In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow. To address this, we introduce a limit to the size of the list. After considering typical scenarios, such as OpenSM processing, which can handle approximately 100k packets per second, and the 1-second retry timeout for most packets, we set the list size limit to 200k. Packets received beyond this limit are dropped, assuming they are likely timed out by the time they are handled by user-space. Notably, packets queued on the receive list due to reasons like timed-out sends are preserved even when the list is full. CVE-2024-42145 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-42145.html CVE-2024-42145 https://bugzilla.suse.com/1223384 SUSE Bug 1223384 https://bugzilla.suse.com/1228743 SUSE Bug 1228743 https://bugzilla.suse.com/1228744 SUSE Bug 1228744 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-42226 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-42226.html CVE-2024-42226 https://bugzilla.suse.com/1228709 SUSE Bug 1228709 In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call site pca953x_gpio_set_multiple() ensures the lock is held before calling pca953x_write_regs(). The problem occurred when a request raced against irq_bus_sync_unlock() approximately once per thousand reboots on an i.MX8MP based system. * Normal case 0-0022: write register AI|3a {03,02,00,00,01} Input latch P0 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0 0-0022: write register AI|08 {ff,00,00,00,00} Output P3 0-0022: write register AI|12 {fc,00,00,00,00} Config P3 * Race case 0-0022: write register AI|08 {ff,00,00,00,00} Output P3 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register *** 0-0022: write register AI|12 {fc,00,00,00,00} Config P3 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0 CVE-2024-42253 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-42253.html CVE-2024-42253 https://bugzilla.suse.com/1229005 SUSE Bug 1229005 In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in gpio_device_get_desc(). This change ensures that the offset is sanitized by using array_index_nospec() to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. CVE-2024-44931 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-44931.html CVE-2024-44931 https://bugzilla.suse.com/1229837 SUSE Bug 1229837 In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). CVE-2024-44947 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-44947.html CVE-2024-44947 https://bugzilla.suse.com/1229456 SUSE Bug 1229456 https://bugzilla.suse.com/1230098 SUSE Bug 1230098 In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance sched_smt_present dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0 Call Trace: <TASK> __static_key_slow_dec_cpuslocked+0x16/0x70 sched_cpu_deactivate+0x26e/0x2a0 cpuhp_invoke_callback+0x3ad/0x10d0 cpuhp_thread_fun+0x3f5/0x680 smpboot_thread_fn+0x56d/0x8d0 kthread+0x309/0x400 ret_from_fork+0x41/0x70 ret_from_fork_asm+0x1b/0x30 </TASK> Because when cpuset_cpu_inactive() fails in sched_cpu_deactivate(), the cpu offline failed, but sched_smt_present is decremented before calling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so fix it by incrementing sched_smt_present in the error path. CVE-2024-44958 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-44958.html CVE-2024-44958 https://bugzilla.suse.com/1230179 SUSE Bug 1230179 In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free. This commit made netem_enqueue() always return NET_XMIT_SUCCESS when a packet is duplicated, which can cause the parent qdisc's q.qlen to be mistakenly incremented. When this happens qlen_notify() may be skipped on the parent during destruction, leaving a dangling pointer for some classful qdiscs like DRR. There are two ways for the bug happen: - If the duplicated packet is dropped by rootq->enqueue() and then the original packet is also dropped. - If rootq->enqueue() sends the duplicated packet to a different qdisc and the original packet is dropped. In both cases NET_XMIT_SUCCESS is returned even though no packets are enqueued at the netem qdisc. The fix is to defer the enqueue of the duplicate packet until after the original packet has been guaranteed to return NET_XMIT_SUCCESS. CVE-2024-45016 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-45016.html CVE-2024-45016 https://bugzilla.suse.com/1230429 SUSE Bug 1230429 https://bugzilla.suse.com/1230998 SUSE Bug 1230998 In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes. What it does is copying enough words (BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest. That works fine, *if* all bits past the cutoff point are clear. Otherwise we are risking garbage from the last word we'd copied. For most of the callers that is true - expand_fdtable() has count equal to old->max_fds, so there's no open descriptors past count, let alone fully occupied words in ->open_fds[], which is what bits in ->full_fds_bits[] correspond to. The other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds), which is the smallest multiple of BITS_PER_LONG that covers all opened descriptors below max_fds. In the common case (copying on fork()) max_fds is ~0U, so all opened descriptors will be below it and we are fine, by the same reasons why the call in expand_fdtable() is safe. Unfortunately, there is a case where max_fds is less than that and where we might, indeed, end up with junk in ->full_fds_bits[] - close_range(from, to, CLOSE_RANGE_UNSHARE) with * descriptor table being currently shared * 'to' being above the current capacity of descriptor table * 'from' being just under some chunk of opened descriptors. In that case we end up with observably wrong behaviour - e.g. spawn a child with CLONE_FILES, get all descriptors in range 0..127 open, then close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending up with descriptor #128, despite #64 being observably not open. The minimally invasive fix would be to deal with that in dup_fd(). If this proves to add measurable overhead, we can go that way, but let's try to fix copy_fd_bitmaps() first. * new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size). * make copy_fd_bitmaps() take the bitmap size in words, rather than bits; it's 'count' argument is always a multiple of BITS_PER_LONG, so we are not losing any information, and that way we can use the same helper for all three bitmaps - compiler will see that count is a multiple of BITS_PER_LONG for the large ones, so it'll generate plain memcpy()+memset(). Reproducer added to tools/testing/selftests/core/close_range_test.c CVE-2024-45025 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-45025.html CVE-2024-45025 https://bugzilla.suse.com/1230456 SUSE Bug 1230456 In the Linux kernel, the following vulnerability has been resolved: bonding: change ipsec_lock from spin lock to mutex In the cited commit, bond->ipsec_lock is added to protect ipsec_list, hence xdo_dev_state_add and xdo_dev_state_delete are called inside this lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep, "scheduling while atomic" will be triggered when changing bond's active slave. [ 101.055189] BUG: scheduling while atomic: bash/902/0x00000200 [ 101.055726] Modules linked in: [ 101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1 [ 101.058760] Hardware name: [ 101.059434] Call Trace: [ 101.059436] <TASK> [ 101.060873] dump_stack_lvl+0x51/0x60 [ 101.061275] __schedule_bug+0x4e/0x60 [ 101.061682] __schedule+0x612/0x7c0 [ 101.062078] ? __mod_timer+0x25c/0x370 [ 101.062486] schedule+0x25/0xd0 [ 101.062845] schedule_timeout+0x77/0xf0 [ 101.063265] ? asm_common_interrupt+0x22/0x40 [ 101.063724] ? __bpf_trace_itimer_state+0x10/0x10 [ 101.064215] __wait_for_common+0x87/0x190 [ 101.064648] ? usleep_range_state+0x90/0x90 [ 101.065091] cmd_exec+0x437/0xb20 [mlx5_core] [ 101.065569] mlx5_cmd_do+0x1e/0x40 [mlx5_core] [ 101.066051] mlx5_cmd_exec+0x18/0x30 [mlx5_core] [ 101.066552] mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core] [ 101.067163] ? bonding_sysfs_store_option+0x4d/0x80 [bonding] [ 101.067738] ? kmalloc_trace+0x4d/0x350 [ 101.068156] mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core] [ 101.068747] mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core] [ 101.069312] bond_change_active_slave+0x392/0x900 [bonding] [ 101.069868] bond_option_active_slave_set+0x1c2/0x240 [bonding] [ 101.070454] __bond_opt_set+0xa6/0x430 [bonding] [ 101.070935] __bond_opt_set_notify+0x2f/0x90 [bonding] [ 101.071453] bond_opt_tryset_rtnl+0x72/0xb0 [bonding] [ 101.071965] bonding_sysfs_store_option+0x4d/0x80 [bonding] [ 101.072567] kernfs_fop_write_iter+0x10c/0x1a0 [ 101.073033] vfs_write+0x2d8/0x400 [ 101.073416] ? alloc_fd+0x48/0x180 [ 101.073798] ksys_write+0x5f/0xe0 [ 101.074175] do_syscall_64+0x52/0x110 [ 101.074576] entry_SYSCALL_64_after_hwframe+0x4b/0x53 As bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called from bond_change_active_slave, which requires holding the RTNL lock. And bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state xdo_dev_state_add and xdo_dev_state_delete APIs, which are in user context. So ipsec_lock doesn't have to be spin lock, change it to mutex, and thus the above issue can be resolved. CVE-2024-46678 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46678.html CVE-2024-46678 https://bugzilla.suse.com/1230550 SUSE Bug 1230550 In the Linux kernel, the following vulnerability has been resolved: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Remove list_del call in msgdma_chan_desc_cleanup, this should be the role of msgdma_free_descriptor. In consequence replace list_add_tail with list_move_tail in msgdma_free_descriptor. This fixes the path: msgdma_free_chan_resources -> msgdma_free_descriptors -> msgdma_free_desc_list -> msgdma_free_descriptor which does not correctly free the descriptors as first nodes were not removed from the list. CVE-2024-46716 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46716.html CVE-2024-46716 https://bugzilla.suse.com/1230715 SUSE Bug 1230715 In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix null pointer dereference in trace ucsi_register_altmode checks IS_ERR for the alt pointer and treats NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled, ucsi_register_displayport returns NULL which causes a NULL pointer dereference in trace. Rather than return NULL, call typec_port_register_altmode to register DisplayPort alternate mode as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled. CVE-2024-46719 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46719.html CVE-2024-46719 https://bugzilla.suse.com/1230722 SUSE Bug 1230722 In the Linux kernel, the following vulnerability has been resolved: bpf: Remove tst_run from lwt_seg6local_prog_ops. The syzbot reported that the lwt_seg6 related BPF ops can be invoked via bpf_test_run() without without entering input_action_end_bpf() first. Martin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL probably didn't work since it was introduced in commit 04d4b274e2a ("ipv6: sr: Add seg6local action End.BPF"). The reason is that the per-CPU variable seg6_bpf_srh_states::srh is never assigned in the self test case but each BPF function expects it. Remove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL. CVE-2024-46754 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46754.html CVE-2024-46754 https://bugzilla.suse.com/1230801 SUSE Bug 1230801 In the Linux kernel, the following vulnerability has been resolved: ice: Add netif_device_attach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to access deleted resources, e.g. getting coalesce settings can result in a NULL pointer dereference seen below. Reproduction steps: Once the driver is fully initialized, trigger reset: # echo 1 > /sys/class/net/<interface>/device/reset when reset is in progress try to get coalesce settings using ethtool: # ethtool -c <interface> BUG: kernel NULL pointer dereference, address: 0000000000000020 PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ #7 RIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice] RSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206 RAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000 R13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40 FS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0 Call Trace: <TASK> ice_get_coalesce+0x17/0x30 [ice] coalesce_prepare_data+0x61/0x80 ethnl_default_doit+0xde/0x340 genl_family_rcv_msg_doit+0xf2/0x150 genl_rcv_msg+0x1b3/0x2c0 netlink_rcv_skb+0x5b/0x110 genl_rcv+0x28/0x40 netlink_unicast+0x19c/0x290 netlink_sendmsg+0x222/0x490 __sys_sendto+0x1df/0x1f0 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x82/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7faee60d8e27 Calling netif_device_detach() before reset makes the net core not call the driver when ethtool command is issued, the attempt to execute an ethtool command during reset will result in the following message: netlink error: No such device instead of NULL pointer dereference. Once reset is done and ice_rebuild() is executing, the netif_device_attach() is called to allow for ethtool operations to occur again in a safe manner. CVE-2024-46770 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46770.html CVE-2024-46770 https://bugzilla.suse.com/1230763 SUSE Bug 1230763 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Validate function returns [WHAT & HOW] Function return values must be checked before data can be used in subsequent functions. This fixes 4 CHECKED_RETURN issues reported by Coverity. CVE-2024-46775 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46775.html CVE-2024-46775 https://bugzilla.suse.com/1230774 SUSE Bug 1230774 In the Linux kernel, the following vulnerability has been resolved: udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would overflow the 32-bits used for block number. Also refuse to mount filesystems where the partition length is so large we cannot safely index bits in a block bitmap. CVE-2024-46777 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46777.html CVE-2024-46777 https://bugzilla.suse.com/1230773 SUSE Bug 1230773 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check BIOS images before it is used BIOS images may fail to load and null checks are added before they are used. This fixes 6 NULL_RETURNS issues reported by Coverity. CVE-2024-46809 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46809.html CVE-2024-46809 https://bugzilla.suse.com/1231148 SUSE Bug 1231148 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box [Why] Coverity reports OVERRUN warning. soc.num_states could be 40. But array range of bw_params->clk_table.entries is 8. [How] Assert if soc.num_states greater than 8. CVE-2024-46811 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46811.html CVE-2024-46811 https://bugzilla.suse.com/1231179 SUSE Bug 1231179 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_index before accessing dc->links[] [WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is return when trying to access with out-of-bound index. This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity. CVE-2024-46813 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46813.html CVE-2024-46813 https://bugzilla.suse.com/1231191 SUSE Bug 1231191 https://bugzilla.suse.com/1231192 SUSE Bug 1231192 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid array index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Coverity. CVE-2024-46814 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46814.html CVE-2024-46814 https://bugzilla.suse.com/1231193 SUSE Bug 1231193 https://bugzilla.suse.com/1231194 SUSE Bug 1231194 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [WHY & HOW] num_valid_sets needs to be checked to avoid a negative index when accessing reader_wm_sets[num_valid_sets - 1]. This fixes an OVERRUN issue reported by Coverity. CVE-2024-46815 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46815.html CVE-2024-46815 https://bugzilla.suse.com/1231195 SUSE Bug 1231195 https://bugzilla.suse.com/1231196 SUSE Bug 1231196 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links [Why] Coverity report OVERRUN warning. There are only max_links elements within dc->links. link count could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31. [How] Make sure link count less than max_links. CVE-2024-46816 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46816.html CVE-2024-46816 https://bugzilla.suse.com/1231197 SUSE Bug 1231197 https://bugzilla.suse.com/1231198 SUSE Bug 1231198 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 [Why] Coverity reports OVERRUN warning. Should abort amdgpu_dm initialize. [How] Return failure to amdgpu_dm_init. CVE-2024-46817 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46817.html CVE-2024-46817 https://bugzilla.suse.com/1231200 SUSE Bug 1231200 https://bugzilla.suse.com/1231201 SUSE Bug 1231201 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity. CVE-2024-46818 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46818.html CVE-2024-46818 https://bugzilla.suse.com/1231203 SUSE Bug 1231203 https://bugzilla.suse.com/1231204 SUSE Bug 1231204 In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec. CVE-2024-46826 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46826.html CVE-2024-46826 https://bugzilla.suse.com/1231115 SUSE Bug 1231115 In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: fix bulk flow accounting logic for host fairness In sch_cake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when iterating through flows. The count of active bulk flows is updated whenever a flow changes state. This has a peculiar interaction with the hash collision handling: when a hash collision occurs (after the set-associative hashing), the state of the hash bucket is simply updated to match the new packet that collided, and if host fairness is enabled, that also means assigning new per-host state to the flow. For this reason, the bulk flow counters of the host(s) assigned to the flow are decremented, before new state is assigned (and the counters, which may not belong to the same host anymore, are incremented again). Back when this code was introduced, the host fairness mode was always enabled, so the decrement was unconditional. When the configuration flags were introduced the *increment* was made conditional, but the *decrement* was not. Which of course can lead to a spurious decrement (and associated wrap-around to U16_MAX). AFAICT, when host fairness is disabled, the decrement and wrap-around happens as soon as a hash collision occurs (which is not that common in itself, due to the set-associative hashing). However, in most cases this is harmless, as the value is only used when host fairness mode is enabled. So in order to trigger an array overflow, sch_cake has to first be configured with host fairness disabled, and while running in this mode, a hash collision has to occur to cause the overflow. Then, the qdisc has to be reconfigured to enable host fairness, which leads to the array out-of-bounds because the wrapped-around value is retained and used as an array index. It seems that syzbot managed to trigger this, which is quite impressive in its own right. This patch fixes the issue by introducing the same conditional check on decrement as is used on increment. The original bug predates the upstreaming of cake, but the commit listed in the Fixes tag touched that code, meaning that this patch won't apply before that. CVE-2024-46828 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46828.html CVE-2024-46828 https://bugzilla.suse.com/1231114 SUSE Bug 1231114 In the Linux kernel, the following vulnerability has been resolved: ethtool: fail closed if we can't get max channel used in indirection tables Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with active RSS contexts") proves that allowing indirection table to contain channels with out of bounds IDs may lead to crashes. Currently the max channel check in the core gets skipped if driver can't fetch the indirection table or when we can't allocate memory. Both of those conditions should be extremely rare but if they do happen we should try to be safe and fail the channel change. CVE-2024-46834 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46834.html CVE-2024-46834 https://bugzilla.suse.com/1231096 SUSE Bug 1231096 In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUG_ON(refs == 0), which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which could happen if we have extent tree corruption. Change that to return -EUCLEAN. In do_walk_down() we catch this case and handle it correctly, however we return -EIO, which -EUCLEAN is a more appropriate error code. Finally in walk_up_proc we have the same BUG_ON(refs == 0), so convert that to proper error handling. Also adjust the error message so we can actually do something with the information. CVE-2024-46840 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46840.html CVE-2024-46840 https://bugzilla.suse.com/1231105 SUSE Bug 1231105 In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() We handle errors here properly, ENOMEM isn't fatal, return the error. CVE-2024-46841 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46841.html CVE-2024-46841 https://bugzilla.suse.com/1231094 SUSE Bug 1231094 In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: <NMI> ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? report_bug+0x3e/0xa0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? irq_work_claim+0x1e/0x40 ? intel_pmu_handle_irq+0x285/0x370 perf_event_nmi_handler+0x3d/0x60 nmi_handle+0x104/0x330 Thanks to Thomas Gleixner's analysis, the issue is caused by the low initial period (1) of the frequency estimation algorithm, which triggers the defects of the HW, specifically erratum HSW11 and HSW143. (For the details, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/) The HSW11 requires a period larger than 100 for the INST_RETIRED.ALL event, but the initial period in the freq mode is 1. The erratum is the same as the BDM11, which has been supported in the kernel. A minimum period of 128 is enforced as well on HSW. HSW143 is regarding that the fixed counter 1 may overcount 32 with the Hyper-Threading is enabled. However, based on the test, the hardware has more issues than it tells. Besides the fixed counter 1, the message 'interrupt took too long' can be observed on any counter which was armed with a period < 32 and two events expired in the same NMI. A minimum period of 32 is enforced for the rest of the events. The recommended workaround code of the HSW143 is not implemented. Because it only addresses the issue for the fixed counter. It brings extra overhead through extra MSR writing. No related overcounting issue has been reported so far. CVE-2024-46848 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46848.html CVE-2024-46848 https://bugzilla.suse.com/1231072 SUSE Bug 1231072 In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated. Kasan bug report: ================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356 CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 driver_register+0xa8/0x1e8 __platform_driver_register+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] do_one_initcall+0xdc/0x25c do_init_module+0x10c/0x334 load_module+0x24c4/0x26cc init_module_from_file+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invoke_syscall+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c do_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194 CVE-2024-46849 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46849.html CVE-2024-46849 https://bugzilla.suse.com/1231073 SUSE Bug 1231073 https://bugzilla.suse.com/1231256 SUSE Bug 1231256 In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running $ ping -s 11 destination CVE-2024-46854 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46854.html CVE-2024-46854 https://bugzilla.suse.com/1231084 SUSE Bug 1231084 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: fix sk refcount leaks We must put 'sk' reference before returning. CVE-2024-46855 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46855.html CVE-2024-46855 https://bugzilla.suse.com/1231085 SUSE Bug 1231085 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa [ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] [ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core] [...] [ 168.976037] Call Trace: [ 168.976188] <TASK> [ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core] [ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core] [ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0 [ 168.979714] rtnetlink_rcv_msg+0x159/0x400 [ 168.980451] netlink_rcv_skb+0x54/0x100 [ 168.980675] netlink_unicast+0x241/0x360 [ 168.980918] netlink_sendmsg+0x1f6/0x430 [ 168.981162] ____sys_sendmsg+0x3bb/0x3f0 [ 168.982155] ___sys_sendmsg+0x88/0xd0 [ 168.985036] __sys_sendmsg+0x59/0xa0 [ 168.985477] do_syscall_64+0x79/0x150 [ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 168.987773] RIP: 0033:0x7f8f7950f917 (esw->fdb_table.legacy.vepa_fdb is null) The bridge mode is only relevant when there are multiple functions per port. Therefore, prevent setting and getting this setting when there are no VFs. Note that after this change, there are no settings to change on the PF interface using `bridge link` when there are no VFs, so the interface no longer appears in the `bridge link` output. CVE-2024-46857 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-46857.html CVE-2024-46857 https://bugzilla.suse.com/1231087 SUSE Bug 1231087 In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a significant amount of time. Since the bulk of this function happens under inode->i_lock this causes a significant contention on the lock when we remove the watch from the directory as the __fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask() races with __fsnotify_update_child_dentry_flags() calls from __fsnotify_parent() happening on children. This can lead upto softlockup reports reported by users. Fix the problem by calling fsnotify_update_children_dentry_flags() to set PARENT_WATCHED flags only when parent starts watching children. When parent stops watching children, clear false positive PARENT_WATCHED flags lazily in __fsnotify_parent() for each accessed child. CVE-2024-47660 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47660.html CVE-2024-47660 https://bugzilla.suse.com/1231439 SUSE Bug 1231439 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32_t to uint8_t [WHAT & HOW] dmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned 0xFFFF. Fix it by changing it to uint8_t with value of 0xFF. This fixes 2 INTEGER_OVERFLOW issues reported by Coverity. CVE-2024-47661 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47661.html CVE-2024-47661 https://bugzilla.suse.com/1231496 SUSE Bug 1231496 In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware If the value of max_speed_hz is 0, it may cause a division by zero error in hisi_calc_effective_speed(). The value of max_speed_hz is provided by firmware. Firmware is generally considered as a trusted domain. However, as division by zero errors can cause system failure, for defense measure, the value of max_speed is validated here. So 0 is regarded as invalid and an error code is returned. CVE-2024-47664 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47664.html CVE-2024-47664 https://bugzilla.suse.com/1231442 SUSE Bug 1231442 In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll still have a preallocated node that might be used later. If we then use that node for a new non-root node, it'll still have a pointer to the old root instead of being zeroed - fix this by zeroing it in the cmpxchg failure path. CVE-2024-47668 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47668.html CVE-2024-47668 https://bugzilla.suse.com/1231502 SUSE Bug 1231502 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead There is a WARNING in iwl_trans_wait_tx_queues_empty() (that was recently converted from just a message), that can be hit if we wait for TX queues to become empty after firmware died. Clearly, we can't expect anything from the firmware after it's declared dead. Don't call iwl_trans_wait_tx_queues_empty() in this case. While it could be a good idea to stop the flow earlier, the flush functions do some maintenance work that is not related to the firmware, so keep that part of the code running even when the firmware is not running. [edit commit message] CVE-2024-47672 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47672.html CVE-2024-47672 https://bugzilla.suse.com/1231540 SUSE Bug 1231540 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Not doing so will make us send a host command to the transport while the firmware is not alive, which will trigger a WARNING. bad state = 0 WARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi] RIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi] Call Trace: <TASK> iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm] iwl_mvm_config_scan+0x198/0x260 [iwlmvm] iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm] iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm] process_one_work+0x29e/0x640 worker_thread+0x2df/0x690 ? rescuer_thread+0x540/0x540 kthread+0x192/0x1e0 ? set_kthread_struct+0x90/0x90 ret_from_fork+0x22/0x30 CVE-2024-47673 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47673.html CVE-2024-47673 https://bugzilla.suse.com/1231539 SUSE Bug 1231539 In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it is just a raw mapping of PFNs with no reference counting of a 'struct page'. That's all very much intentional, but it does mean that it's easy to mess up the cleanup in case of errors. Yes, a failed mmap() will always eventually clean up any partial mappings, but without any explicit lifetime in the page table mapping itself, it's very easy to do the error handling in the wrong order. In particular, it's easy to mistakenly free the physical backing store before the page tables are actually cleaned up and (temporarily) have stale dangling PTE entries. To make this situation less error-prone, just make sure that any partial pfn mapping is torn down early, before any other error handling. CVE-2024-47674 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47674.html CVE-2024-47674 https://bugzilla.suse.com/1231673 SUSE Bug 1231673 https://bugzilla.suse.com/1231676 SUSE Bug 1231676 In the Linux kernel, the following vulnerability has been resolved: tcp: check skb is non-NULL in tcp_rto_delta_us() We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic kernel that are running ceph and recently hit a null ptr dereference in tcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also saw it getting hit from the RACK case as well. Here are examples of the oops messages we saw in each of those cases: Jul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020 Jul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode Jul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page Jul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0 Jul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI Jul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu Jul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023 Jul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160 Jul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 <48> 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3 Jul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246 Jul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000 Jul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60 Jul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8 Jul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900 Jul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30 Jul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000 Jul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0 Jul 26 15:05:02 rx [11061395.913822] PKRU: 55555554 Jul 26 15:05:02 rx [11061395.916786] Call Trace: Jul 26 15:05:02 rx [11061395.919488] Jul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f Jul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9 Jul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380 Jul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0 Jul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50 Jul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0 Jul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20 Jul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450 Jul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140 Jul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90 Jul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0 Jul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40 Jul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160 Jul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160 Jul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220 Jul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240 Jul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0 Jul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240 Jul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130 Jul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280 Jul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10 Jul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30 Jul 26 15:05:02 rx [11061396.017718] ? lapic_next_even ---truncated--- CVE-2024-47684 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47684.html CVE-2024-47684 https://bugzilla.suse.com/1231987 SUSE Bug 1231987 https://bugzilla.suse.com/1231993 SUSE Bug 1231993 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put() BUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5661 [inline] __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775 process_backlog+0x4ad/0xa50 net/core/dev.c:6108 __napi_poll+0xe7/0x980 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [inline] net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963 handle_softirqs+0x1ce/0x800 kernel/softirq.c:554 __do_softirq+0x14/0x1a kernel/softirq.c:588 do_softirq+0x9a/0x100 kernel/softirq.c:455 __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline] __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450 dev_queue_xmit include/linux/netdevice.h:3105 [inline] neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:215 [inline] ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247 dst_output include/net/dst.h:450 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366 inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135 __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143 tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333 __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679 inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750 __sys_connect_file net/socket.c:2061 [inline] __sys_connect+0x606/0x690 net/socket.c:2078 __do_sys_connect net/socket.c:2088 [inline] __se_sys_connect net/socket.c:2085 [inline] __x64_sys_connect+0x91/0xe0 net/socket.c:2085 x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249 nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core ---truncated--- CVE-2024-47685 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47685.html CVE-2024-47685 https://bugzilla.suse.com/1231998 SUSE Bug 1231998 In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdup_user() to return ZERO_SIZE_PTR. When we access the name.data that has been assigned the value of ZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is triggered. [ T1205] ================================================================== [ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260 [ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205 [ T1205] [ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406 [ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014 [ T1205] Call Trace: [ T1205] dump_stack+0x9a/0xd0 [ T1205] ? nfs4_client_to_reclaim+0xe9/0x260 [ T1205] __kasan_report.cold+0x34/0x84 [ T1205] ? nfs4_client_to_reclaim+0xe9/0x260 [ T1205] kasan_report+0x3a/0x50 [ T1205] nfs4_client_to_reclaim+0xe9/0x260 [ T1205] ? nfsd4_release_lockowner+0x410/0x410 [ T1205] cld_pipe_downcall+0x5ca/0x760 [ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0 [ T1205] ? down_write_killable_nested+0x170/0x170 [ T1205] ? avc_policy_seqno+0x28/0x40 [ T1205] ? selinux_file_permission+0x1b4/0x1e0 [ T1205] rpc_pipe_write+0x84/0xb0 [ T1205] vfs_write+0x143/0x520 [ T1205] ksys_write+0xc9/0x170 [ T1205] ? __ia32_sys_read+0x50/0x50 [ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110 [ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110 [ T1205] do_syscall_64+0x33/0x40 [ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ T1205] RIP: 0033:0x7fdbdb761bc7 [ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 514 [ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7 [ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008 [ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001 [ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b [ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000 [ T1205] ================================================================== Fix it by checking namelen. CVE-2024-47692 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47692.html CVE-2024-47692 https://bugzilla.suse.com/1231857 SUSE Bug 1231857 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_res->hpo_dp_link_enc before using it [WHAT & HOW] Functions dp_enable_link_phy and dp_disable_link_phy can pass link_res without initializing hpo_dp_link_enc and it is necessary to check for null before dereferencing. This fixes 2 FORWARD_NULL issues reported by Coverity. CVE-2024-47704 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47704.html CVE-2024-47704 https://bugzilla.suse.com/1231944 SUSE Bug 1231944 In the Linux kernel, the following vulnerability has been resolved: block: fix potential invalid pointer dereference in blk_add_partition The blk_add_partition() function initially used a single if-condition (IS_ERR(part)) to check for errors when adding a partition. This was modified to handle the specific case of -ENXIO separately, allowing the function to proceed without logging the error in this case. However, this change unintentionally left a path where md_autodetect_dev() could be called without confirming that part is a valid pointer. This commit separates the error handling logic by splitting the initial if-condition, improving code readability and handling specific error scenarios explicitly. The function now distinguishes the general error case from -ENXIO without altering the existing behavior of md_autodetect_dev() calls. CVE-2024-47705 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47705.html CVE-2024-47705 https://bugzilla.suse.com/1231872 SUSE Bug 1231872 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq->bic with merge chain 1) initial state, three tasks: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) | Λ | Λ | Λ | | | | | | V | V | V | bfqq1 bfqq2 bfqq3 process ref: 1 1 1 2) bfqq1 merged to bfqq2: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) | | | Λ \--------------\| | | V V | bfqq1--------->bfqq2 bfqq3 process ref: 0 2 1 3) bfqq2 merged to bfqq3: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) here -> Λ | | \--------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3 process ref: 0 1 3 In this case, IO from Process 1 will get bfqq2 from BIC1 first, and then get bfqq3 through merge chain, and finially handle IO by bfqq3. Howerver, current code will think bfqq2 is owned by BIC1, like initial state, and set bfqq2->bic to BIC1. bfq_insert_request -> by Process 1 bfqq = bfq_init_rq(rq) bfqq = bfq_get_bfqq_handle_split bfqq = bic_to_bfqq -> get bfqq2 from BIC1 bfqq->ref++ rq->elv.priv[0] = bic rq->elv.priv[1] = bfqq if (bfqq_process_refs(bfqq) == 1) bfqq->bic = bic -> record BIC1 to bfqq2 __bfq_insert_request new_bfqq = bfq_setup_cooperator -> get bfqq3 from bfqq2->new_bfqq bfqq_request_freed(bfqq) new_bfqq->ref++ rq->elv.priv[1] = new_bfqq -> handle IO by bfqq3 Fix the problem by checking bfqq is from merge chain fist. And this might fix a following problem reported by our syzkaller(unreproducible): ================================================================== BUG: KASAN: slab-use-after-free in bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline] BUG: KASAN: slab-use-after-free in bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline] BUG: KASAN: slab-use-after-free in bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889 Write of size 1 at addr ffff888123839eb8 by task kworker/0:1H/18595 CPU: 0 PID: 18595 Comm: kworker/0:1H Tainted: G L 6.6.0-07439-gba2303cacfda #6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Workqueue: kblockd blk_mq_requeue_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0x10d/0x610 mm/kasan/report.c:475 kasan_report+0x8e/0xc0 mm/kasan/report.c:588 bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline] bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline] bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889 bfq_get_bfqq_handle_split+0x169/0x5d0 block/bfq-iosched.c:6757 bfq_init_rq block/bfq-iosched.c:6876 [inline] bfq_insert_request block/bfq-iosched.c:6254 [inline] bfq_insert_requests+0x1112/0x5cf0 block/bfq-iosched.c:6304 blk_mq_insert_request+0x290/0x8d0 block/blk-mq.c:2593 blk_mq_requeue_work+0x6bc/0xa70 block/blk-mq.c:1502 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x432/0x13f0 kernel/workqueue.c:2700 worker_thread+0x6f2/0x1160 kernel/workqueue.c:2781 kthread+0x33c/0x440 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:305 </TASK> Allocated by task 20776: kasan_save_stack+0x20/0x40 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328 kasan_slab_alloc include/linux/kasan.h:188 [inline] slab_post_alloc_hook mm/slab.h:763 [inline] slab_alloc_node mm/slub.c:3458 [inline] kmem_cache_alloc_node+0x1a4/0x6f0 mm/slub.c:3503 ioc_create_icq block/blk-ioc.c:370 [inline] ---truncated--- CVE-2024-47706 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47706.html CVE-2024-47706 https://bugzilla.suse.com/1231942 SUSE Bug 1231942 https://bugzilla.suse.com/1231943 SUSE Bug 1231943 In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Blamed commit accidentally removed a check for rt->rt6i_idev being NULL, as spotted by syzbot: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 10998 Comm: syz-executor Not tainted 6.11.0-rc6-syzkaller-00208-g625403177711 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline] RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914 Code: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06 RSP: 0018:ffffc900047374e0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0 RBP: ffffc900047375d0 R08: 0000000000000003 R09: fffff520008e6e8c R10: dffffc0000000000 R11: fffff520008e6e8c R12: 1ffff1100fdf8f18 R13: ffff88807efc7998 R14: 0000000000000000 R15: ffff88807efc7930 FS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020002a80 CR3: 0000000022f62000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> addrconf_ifdown+0x15d/0x1bd0 net/ipv6/addrconf.c:3856 addrconf_notify+0x3cb/0x1020 notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93 call_netdevice_notifiers_extack net/core/dev.c:2032 [inline] call_netdevice_notifiers net/core/dev.c:2046 [inline] unregister_netdevice_many_notify+0xd81/0x1c40 net/core/dev.c:11352 unregister_netdevice_many net/core/dev.c:11414 [inline] unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11289 unregister_netdevice include/linux/netdevice.h:3129 [inline] __tun_detach+0x6b9/0x1600 drivers/net/tun.c:685 tun_detach drivers/net/tun.c:701 [inline] tun_chr_close+0x108/0x1b0 drivers/net/tun.c:3510 __fput+0x24a/0x8a0 fs/file_table.c:422 task_work_run+0x24f/0x310 kernel/task_work.c:228 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0xa2f/0x27f0 kernel/exit.c:882 do_group_exit+0x207/0x2c0 kernel/exit.c:1031 __do_sys_exit_group kernel/exit.c:1042 [inline] __se_sys_exit_group kernel/exit.c:1040 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f1acc77def9 Code: Unable to access opcode bytes at 0x7f1acc77decf. RSP: 002b:00007ffeb26fa738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1acc77def9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 RBP: 00007f1acc7dd508 R08: 00007ffeb26f84d7 R09: 0000000000000003 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffeb26fa8e0 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline] RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914 Code: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06 RSP: 0018:ffffc900047374e0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0 R ---truncated--- CVE-2024-47707 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47707.html CVE-2024-47707 https://bugzilla.suse.com/1231935 SUSE Bug 1231935 In the Linux kernel, the following vulnerability has been resolved: sock_map: Add a cond_resched() in sock_hash_free() Several syzbot soft lockup reports all have in common sock_hash_free() If a map with a large number of buckets is destroyed, we need to yield the cpu when needed. CVE-2024-47710 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47710.html CVE-2024-47710 https://bugzilla.suse.com/1232049 SUSE Bug 1232049 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func This commit adds a null check for the set_output_gamma function pointer in the dcn30_set_output_transfer_func function. Previously, set_output_gamma was being checked for nullity at line 386, but then it was being dereferenced without any nullity check at line 401. This could potentially lead to a null pointer dereference error if set_output_gamma is indeed null. To fix this, we now ensure that set_output_gamma is not null before dereferencing it. We do this by adding a nullity check for set_output_gamma before the call to set_output_gamma at line 401. If set_output_gamma is null, we log an error message and do not call the function. This fix prevents a potential null pointer dereference error. drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:401 dcn30_set_output_transfer_func() error: we previously assumed 'mpc->funcs->set_output_gamma' could be null (see line 386) drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c 373 bool dcn30_set_output_transfer_func(struct dc *dc, 374 struct pipe_ctx *pipe_ctx, 375 const struct dc_stream_state *stream) 376 { 377 int mpcc_id = pipe_ctx->plane_res.hubp->inst; 378 struct mpc *mpc = pipe_ctx->stream_res.opp->ctx->dc->res_pool->mpc; 379 const struct pwl_params *params = NULL; 380 bool ret = false; 381 382 /* program OGAM or 3DLUT only for the top pipe*/ 383 if (pipe_ctx->top_pipe == NULL) { 384 /*program rmu shaper and 3dlut in MPC*/ 385 ret = dcn30_set_mpc_shaper_3dlut(pipe_ctx, stream); 386 if (ret == false && mpc->funcs->set_output_gamma) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If this is NULL 387 if (stream->out_transfer_func.type == TF_TYPE_HWPWL) 388 params = &stream->out_transfer_func.pwl; 389 else if (pipe_ctx->stream->out_transfer_func.type == 390 TF_TYPE_DISTRIBUTED_POINTS && 391 cm3_helper_translate_curve_to_hw_format( 392 &stream->out_transfer_func, 393 &mpc->blender_params, false)) 394 params = &mpc->blender_params; 395 /* there are no ROM LUTs in OUTGAM */ 396 if (stream->out_transfer_func.type == TF_TYPE_PREDEFINED) 397 BREAK_TO_DEBUGGER(); 398 } 399 } 400 --> 401 mpc->funcs->set_output_gamma(mpc, mpcc_id, params); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Then it will crash 402 return ret; 403 } CVE-2024-47720 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47720.html CVE-2024-47720 https://bugzilla.suse.com/1232043 SUSE Bug 1232043 In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #VE as in-kernel MMIO. Ensure that the target MMIO address is within the kernel before decoding instruction. CVE-2024-47727 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47727.html CVE-2024-47727 https://bugzilla.suse.com/1232116 SUSE Bug 1232116 In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo. Currently, the qm error is injected after stopping queue, memory may be released immediately after stopping queue, causing the device to access the released memory. Therefore, error is injected to close master ooo before stopping queue to ensure that the device does not access the released memory. CVE-2024-47730 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47730.html CVE-2024-47730 https://bugzilla.suse.com/1232075 SUSE Bug 1232075 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't use rate mask for offchannel TX either Like the commit ab9177d83c04 ("wifi: mac80211: don't use rate mask for scanning"), ignore incorrect settings to avoid no supported rate warning reported by syzbot. The syzbot did bisect and found cause is commit 9df66d5b9f45 ("cfg80211: fix default HE tx bitrate mask in 2G band"), which however corrects bitmask of HE MCS and recognizes correctly settings of empty legacy rate plus HE MCS rate instead of returning -EINVAL. As suggestions [1], follow the change of SCAN TX to consider this case of offchannel TX as well. [1] https://lore.kernel.org/linux-wireless/6ab2dc9c3afe753ca6fdcdd1421e7a1f47e87b84.camel@sipsolutions.net/T/#m2ac2a6d2be06a37c9c47a3d8a44b4f647ed4f024 CVE-2024-47738 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47738.html CVE-2024-47738 https://bugzilla.suse.com/1232114 SUSE Bug 1232114 In the Linux kernel, the following vulnerability has been resolved: padata: use integer wrap around to prevent deadlock on seq_nr overflow When submitting more than 2^32 padata objects to padata_do_serial, the current sorting implementation incorrectly sorts padata objects with overflowed seq_nr, causing them to be placed before existing objects in the reorder list. This leads to a deadlock in the serialization process as padata_find_next cannot match padata->seq_nr and pd->processed because the padata instance with overflowed seq_nr will be selected next. To fix this, we use an unsigned integer wrap around to correctly sort padata objects in scenarios with integer overflow. CVE-2024-47739 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47739.html CVE-2024-47739 https://bugzilla.suse.com/1232124 SUSE Bug 1232124 In the Linux kernel, the following vulnerability has been resolved: mm: call the security_mmap_file() LSM hook in remap_file_pages() The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for RW pages, this will actually result in remapping the pages to RWX, bypassing a W^X policy enforced by SELinux. So we should check prot by security_mmap_file LSM hook in the remap_file_pages syscall handler before do_mmap() is called. Otherwise, it potentially permits an attacker to bypass a W^X policy enforced by SELinux. The bypass is similar to CVE-2016-10044, which bypass the same thing via AIO and can be found in [1]. The PoC: $ cat > test.c int main(void) { size_t pagesz = sysconf(_SC_PAGE_SIZE); int mfd = syscall(SYS_memfd_create, "test", 0); const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE, MAP_SHARED, mfd, 0); unsigned int old = syscall(SYS_personality, 0xffffffff); syscall(SYS_personality, READ_IMPLIES_EXEC | old); syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0); syscall(SYS_personality, old); // show the RWX page exists even if W^X policy is enforced int fd = open("/proc/self/maps", O_RDONLY); unsigned char buf2[1024]; while (1) { int ret = read(fd, buf2, 1024); if (ret <= 0) break; write(1, buf2, ret); } close(fd); } $ gcc test.c -o test $ ./test | grep rwx 7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted) [PM: subject line tweaks] CVE-2024-47745 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47745.html CVE-2024-47745 https://bugzilla.suse.com/1232135 SUSE Bug 1232135 In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to &prev(dev)->timer. Once the timer is started, there is a risk of a race condition if the module or device is removed, triggering the ether3_remove function to perform cleanup. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | ether3_ledoff ether3_remove | free_netdev(dev); | put_devic | kfree(dev); | | ether3_outw(priv(dev)->regs.config2 |= CFG2_CTRLO, REG_CONFIG2); | // use dev Fix it by ensuring that the timer is canceled before proceeding with the cleanup in ether3_remove. CVE-2024-47747 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47747.html CVE-2024-47747 https://bugzilla.suse.com/1232145 SUSE Bug 1232145 https://bugzilla.suse.com/1232146 SUSE Bug 1232146 In the Linux kernel, the following vulnerability has been resolved: vhost_vdpa: assign irq bypass producer token correctly We used to call irq_bypass_unregister_producer() in vhost_vdpa_setup_vq_irq() which is problematic as we don't know if the token pointer is still valid or not. Actually, we use the eventfd_ctx as the token so the life cycle of the token should be bound to the VHOST_SET_VRING_CALL instead of vhost_vdpa_setup_vq_irq() which could be called by set_status(). Fixing this by setting up irq bypass producer's token when handling VHOST_SET_VRING_CALL and un-registering the producer before calling vhost_vring_ioctl() to prevent a possible use after free as eventfd could have been released in vhost_vring_ioctl(). And such registering and unregistering will only be done if DRIVER_OK is set. CVE-2024-47748 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-47748.html CVE-2024-47748 https://bugzilla.suse.com/1232174 SUSE Bug 1232174 https://bugzilla.suse.com/1232177 SUSE Bug 1232177 In the Linux kernel, the following vulnerability has been resolved: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption The TPM event log table is a Linux specific construct, where the data produced by the GetEventLog() boot service is cached in memory, and passed on to the OS using an EFI configuration table. The use of EFI_LOADER_DATA here results in the region being left unreserved in the E820 memory map constructed by the EFI stub, and this is the memory description that is passed on to the incoming kernel by kexec, which is therefore unaware that the region should be reserved. Even though the utility of the TPM2 event log after a kexec is questionable, any corruption might send the parsing code off into the weeds and crash the kernel. So let's use EFI_ACPI_RECLAIM_MEMORY instead, which is always treated as reserved by the E820 conversion logic. CVE-2024-49858 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49858.html CVE-2024-49858 https://bugzilla.suse.com/1232251 SUSE Bug 1232251 In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory. CVE-2024-49860 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49860.html CVE-2024-49860 https://bugzilla.suse.com/1231861 SUSE Bug 1231861 https://bugzilla.suse.com/1231862 SUSE Bug 1231862 In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ``` ODEBUG: init active (active state 0) object: ffff888237c2e108 object type: hrtimer hint: timerlat_irq+0x0/0x220 WARNING: CPU: 0 PID: 426 at lib/debugobjects.c:518 debug_print_object+0x7d/0xb0 Modules linked in: CPU: 0 UID: 0 PID: 426 Comm: timerlat/1 Not tainted 6.11.0-rc7+ #45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:debug_print_object+0x7d/0xb0 ... Call Trace: <TASK> ? __warn+0x7c/0x110 ? debug_print_object+0x7d/0xb0 ? report_bug+0xf1/0x1d0 ? prb_read_valid+0x17/0x20 ? handle_bug+0x3f/0x70 ? exc_invalid_op+0x13/0x60 ? asm_exc_invalid_op+0x16/0x20 ? debug_print_object+0x7d/0xb0 ? debug_print_object+0x7d/0xb0 ? __pfx_timerlat_irq+0x10/0x10 __debug_object_init+0x110/0x150 hrtimer_init+0x1d/0x60 timerlat_main+0xab/0x2d0 ? __pfx_timerlat_main+0x10/0x10 kthread+0xb7/0xe0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x40 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ``` After tracing the scheduling event, it was discovered that the migration of the "timerlat/1" thread was performed during thread creation. Further analysis confirmed that it is because the CPU online processing for osnoise is implemented through workers, which is asynchronous with the offline processing. When the worker was scheduled to create a thread, the CPU may has already been removed from the cpu_online_mask during the offline process, resulting in the inability to select the right CPU: T1 | T2 [CPUHP_ONLINE] | cpu_device_down() osnoise_hotplug_workfn() | | cpus_write_lock() | takedown_cpu(1) | cpus_write_unlock() [CPUHP_OFFLINE] | cpus_read_lock() | start_kthread(1) | cpus_read_unlock() | To fix this, skip online processing if the CPU is already offline. CVE-2024-49866 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49866.html CVE-2024-49866 https://bugzilla.suse.com/1232259 SUSE Bug 1232259 In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - this doesn't destroy the kthread, it basically halts its execution (wake ups against it work but do nothing); 2) We stop the cleaner kthread - this results in freeing the respective struct task_struct; 3) We call btrfs_stop_all_workers() which waits for any jobs running in all the work queues and then free the work queues. Syzbot reported a case where a fixup worker resulted in a crash when doing a delayed iput on its inode while attempting to wake up the cleaner at btrfs_add_delayed_iput(), because the task_struct of the cleaner kthread was already freed. This can happen during unmount because we don't wait for any fixup workers still running before we call kthread_stop() against the cleaner kthread, which stops and free all its resources. Fix this by waiting for any fixup workers at close_ctree() before we call kthread_stop() against the cleaner and run pending delayed iputs. The stack traces reported by syzbot were the following: BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065 Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52 CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: btrfs-fixup btrfs_work_helper Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline] try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154 btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842 btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 2: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:247 [inline] slab_post_alloc_hook mm/slub.c:4086 [inline] slab_alloc_node mm/slub.c:4135 [inline] kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187 alloc_task_struct_node kernel/fork.c:180 [inline] dup_task_struct+0x57/0x8c0 kernel/fork.c:1107 copy_process+0x5d1/0x3d50 kernel/fork.c:2206 kernel_clone+0x223/0x880 kernel/fork.c:2787 kernel_thread+0x1bc/0x240 kernel/fork.c:2849 create_kthread kernel/kthread.c:412 [inline] kthreadd+0x60d/0x810 kernel/kthread.c:765 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 61: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_h ---truncated--- CVE-2024-49867 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49867.html CVE-2024-49867 https://bugzilla.suse.com/1232262 SUSE Bug 1232262 https://bugzilla.suse.com/1232271 SUSE Bug 1232271 In the Linux kernel, the following vulnerability has been resolved: ext4: update orig_path in ext4_find_extent() In ext4_find_extent(), if the path is not big enough, we free it and set *orig_path to NULL. But after reallocating and successfully initializing the path, we don't update *orig_path, in which case the caller gets a valid path but a NULL ppath, and this may cause a NULL pointer dereference or a path memory leak. For example: ext4_split_extent path = *ppath = 2000 ext4_find_extent if (depth > path[0].p_maxdepth) kfree(path = 2000); *orig_path = path = NULL; path = kcalloc() = 3000 ext4_split_extent_at(*ppath = NULL) path = *ppath; ex = path[depth].p_ext; // NULL pointer dereference! ================================================================== BUG: kernel NULL pointer dereference, address: 0000000000000010 CPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847 RIP: 0010:ext4_split_extent_at+0x6d/0x560 Call Trace: <TASK> ext4_split_extent.isra.0+0xcb/0x1b0 ext4_ext_convert_to_initialized+0x168/0x6c0 ext4_ext_handle_unwritten_extents+0x325/0x4d0 ext4_ext_map_blocks+0x520/0xdb0 ext4_map_blocks+0x2b0/0x690 ext4_iomap_begin+0x20e/0x2c0 [...] ================================================================== Therefore, *orig_path is updated when the extent lookup succeeds, so that the caller can safely use path or *ppath. CVE-2024-49881 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49881.html CVE-2024-49881 https://bugzilla.suse.com/1232201 SUSE Bug 1232201 In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path In ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been released, otherwise it may be released twice. An example of what triggers this is as follows: split2 map split1 |--------|-------|--------| ext4_ext_map_blocks ext4_ext_handle_unwritten_extents ext4_split_convert_extents // path->p_depth == 0 ext4_split_extent // 1. do split1 ext4_split_extent_at |ext4_ext_insert_extent | ext4_ext_create_new_leaf | ext4_ext_grow_indepth | le16_add_cpu(&neh->eh_depth, 1) | ext4_find_extent | // return -ENOMEM |// get error and try zeroout |path = ext4_find_extent | path->p_depth = 1 |ext4_ext_try_to_merge | ext4_ext_try_to_merge_up | path->p_depth = 0 | brelse(path[1].p_bh) ---> not set to NULL here |// zeroout success // 2. update path ext4_find_extent // 3. do split2 ext4_split_extent_at ext4_ext_insert_extent ext4_ext_create_new_leaf ext4_ext_grow_indepth le16_add_cpu(&neh->eh_depth, 1) ext4_find_extent path[0].p_bh = NULL; path->p_depth = 1 read_extent_tree_block ---> return err // path[1].p_bh is still the old value ext4_free_ext_path ext4_ext_drop_refs // path->p_depth == 1 brelse(path[1].p_bh) ---> brelse a buffer twice Finally got the following WARRNING when removing the buffer from lru: ============================================ VFS: brelse: Trying to free free buffer WARNING: CPU: 2 PID: 72 at fs/buffer.c:1241 __brelse+0x58/0x90 CPU: 2 PID: 72 Comm: kworker/u19:1 Not tainted 6.9.0-dirty #716 RIP: 0010:__brelse+0x58/0x90 Call Trace: <TASK> __find_get_block+0x6e7/0x810 bdev_getblk+0x2b/0x480 __ext4_get_inode_loc+0x48a/0x1240 ext4_get_inode_loc+0xb2/0x150 ext4_reserve_inode_write+0xb7/0x230 __ext4_mark_inode_dirty+0x144/0x6a0 ext4_ext_insert_extent+0x9c8/0x3230 ext4_ext_map_blocks+0xf45/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] ============================================ CVE-2024-49882 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49882.html CVE-2024-49882 https://bugzilla.suse.com/1232200 SUSE Bug 1232200 In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), we'll use the stale path and cause UAF. Below is a sample trace with dummy values: ext4_ext_insert_extent path = *ppath = 2000 ext4_ext_create_new_leaf(ppath) ext4_find_extent(ppath) path = *ppath = 2000 if (depth > path[0].p_maxdepth) kfree(path = 2000); *ppath = path = NULL; path = kcalloc() = 3000 *ppath = 3000; return path; /* here path is still 2000, UAF! */ eh = path[depth].p_hdr ================================================================== BUG: KASAN: slab-use-after-free in ext4_ext_insert_extent+0x26d4/0x3330 Read of size 8 at addr ffff8881027bf7d0 by task kworker/u36:1/179 CPU: 3 UID: 0 PID: 179 Comm: kworker/u6:1 Not tainted 6.11.0-rc2-dirty #866 Call Trace: <TASK> ext4_ext_insert_extent+0x26d4/0x3330 ext4_ext_map_blocks+0xe22/0x2d40 ext4_map_blocks+0x71e/0x1700 ext4_do_writepages+0x1290/0x2800 [...] Allocated by task 179: ext4_find_extent+0x81c/0x1f70 ext4_ext_map_blocks+0x146/0x2d40 ext4_map_blocks+0x71e/0x1700 ext4_do_writepages+0x1290/0x2800 ext4_writepages+0x26d/0x4e0 do_writepages+0x175/0x700 [...] Freed by task 179: kfree+0xcb/0x240 ext4_find_extent+0x7c0/0x1f70 ext4_ext_insert_extent+0xa26/0x3330 ext4_ext_map_blocks+0xe22/0x2d40 ext4_map_blocks+0x71e/0x1700 ext4_do_writepages+0x1290/0x2800 ext4_writepages+0x26d/0x4e0 do_writepages+0x175/0x700 [...] ================================================================== So use *ppath to update the path to avoid the above problem. CVE-2024-49883 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49883.html CVE-2024-49883 https://bugzilla.suse.com/1232199 SUSE Bug 1232199 In the Linux kernel, the following vulnerability has been resolved: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Attaching SST PCI device to VM causes "BUG: KASAN: slab-out-of-bounds". kasan report: [ 19.411889] ================================================================== [ 19.413702] BUG: KASAN: slab-out-of-bounds in _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.415634] Read of size 8 at addr ffff888829e65200 by task cpuhp/16/113 [ 19.417368] [ 19.418627] CPU: 16 PID: 113 Comm: cpuhp/16 Tainted: G E 6.9.0 #10 [ 19.420435] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022 [ 19.422687] Call Trace: [ 19.424091] <TASK> [ 19.425448] dump_stack_lvl+0x5d/0x80 [ 19.426963] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.428694] print_report+0x19d/0x52e [ 19.430206] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 19.431837] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.433539] kasan_report+0xf0/0x170 [ 19.435019] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.436709] _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.438379] ? __pfx_sched_clock_cpu+0x10/0x10 [ 19.439910] isst_if_cpu_online+0x406/0x58f [isst_if_common] [ 19.441573] ? __pfx_isst_if_cpu_online+0x10/0x10 [isst_if_common] [ 19.443263] ? ttwu_queue_wakelist+0x2c1/0x360 [ 19.444797] cpuhp_invoke_callback+0x221/0xec0 [ 19.446337] cpuhp_thread_fun+0x21b/0x610 [ 19.447814] ? __pfx_cpuhp_thread_fun+0x10/0x10 [ 19.449354] smpboot_thread_fn+0x2e7/0x6e0 [ 19.450859] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 19.452405] kthread+0x29c/0x350 [ 19.453817] ? __pfx_kthread+0x10/0x10 [ 19.455253] ret_from_fork+0x31/0x70 [ 19.456685] ? __pfx_kthread+0x10/0x10 [ 19.458114] ret_from_fork_asm+0x1a/0x30 [ 19.459573] </TASK> [ 19.460853] [ 19.462055] Allocated by task 1198: [ 19.463410] kasan_save_stack+0x30/0x50 [ 19.464788] kasan_save_track+0x14/0x30 [ 19.466139] __kasan_kmalloc+0xaa/0xb0 [ 19.467465] __kmalloc+0x1cd/0x470 [ 19.468748] isst_if_cdev_register+0x1da/0x350 [isst_if_common] [ 19.470233] isst_if_mbox_init+0x108/0xff0 [isst_if_mbox_msr] [ 19.471670] do_one_initcall+0xa4/0x380 [ 19.472903] do_init_module+0x238/0x760 [ 19.474105] load_module+0x5239/0x6f00 [ 19.475285] init_module_from_file+0xd1/0x130 [ 19.476506] idempotent_init_module+0x23b/0x650 [ 19.477725] __x64_sys_finit_module+0xbe/0x130 [ 19.476506] idempotent_init_module+0x23b/0x650 [ 19.477725] __x64_sys_finit_module+0xbe/0x130 [ 19.478920] do_syscall_64+0x82/0x160 [ 19.480036] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 19.481292] [ 19.482205] The buggy address belongs to the object at ffff888829e65000 which belongs to the cache kmalloc-512 of size 512 [ 19.484818] The buggy address is located 0 bytes to the right of allocated 512-byte region [ffff888829e65000, ffff888829e65200) [ 19.487447] [ 19.488328] The buggy address belongs to the physical page: [ 19.489569] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888829e60c00 pfn:0x829e60 [ 19.491140] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.492466] anon flags: 0x57ffffc0000840(slab|head|node=1|zone=2|lastcpupid=0x1fffff) [ 19.493914] page_type: 0xffffffff() [ 19.494988] raw: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001 [ 19.496451] raw: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000 [ 19.497906] head: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001 [ 19.499379] head: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000 [ 19.500844] head: 0057ffffc0000003 ffffea0020a79801 ffffea0020a79848 00000000ffffffff [ 19.502316] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000 [ 19.503784] page dumped because: k ---truncated--- CVE-2024-49886 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49886.html CVE-2024-49886 https://bugzilla.suse.com/1232196 SUSE Bug 1232196 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: ensure the fw_info is not null before using it This resolves the dereference null return value warning reported by Coverity. CVE-2024-49890 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49890.html CVE-2024-49890 https://bugzilla.suse.com/1232217 SUSE Bug 1232217 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize get_bytes_per_element's default to 1 Variables, used as denominators and maybe not assigned to other values, should not be 0. bytes_per_element_y & bytes_per_element_c are initialized by get_bytes_per_element() which should never return 0. This fixes 10 DIVIDE_BY_ZERO issues reported by Coverity. CVE-2024-49892 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49892.html CVE-2024-49892 https://bugzilla.suse.com/1232220 SUSE Bug 1232220 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out of bounds issue in `cm_helper_translate_curve_to_degamma_hw_format` function. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds the function returns false to indicate an error. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max CVE-2024-49894 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49894.html CVE-2024-49894 https://bugzilla.suse.com/1232354 SUSE Bug 1232354 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, the function returns false to indicate an error. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max CVE-2024-49895 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49895.html CVE-2024-49895 https://bugzilla.suse.com/1232352 SUSE Bug 1232352 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check stream before comparing them [WHAT & HOW] amdgpu_dm can pass a null stream to dc_is_stream_unchanged. It is necessary to check for null before dereferencing them. This fixes 1 FORWARD_NULL issue reported by Coverity. CVE-2024-49896 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49896.html CVE-2024-49896 https://bugzilla.suse.com/1232221 SUSE Bug 1232221 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check phantom_stream before it is used dcn32_enable_phantom_stream can return null, so returned value must be checked before used. This fixes 1 NULL_RETURNS issue reported by Coverity. CVE-2024-49897 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49897.html CVE-2024-49897 https://bugzilla.suse.com/1232355 SUSE Bug 1232355 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominators' default to 1 [WHAT & HOW] Variables used as denominators and maybe not assigned to other values, should not be 0. Change their default to 1 so they are never 0. This fixes 10 DIVIDE_BY_ZERO issues reported by Coverity. CVE-2024-49899 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49899.html CVE-2024-49899 https://bugzilla.suse.com/1232358 SUSE Bug 1232358 In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68 ("drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails") where msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); is called on gpu->pdev == NULL, as the GPU device has not been fully initialized yet. Turns out that there's more than just the aforementioned path that causes this to happen (e.g. the case when there's speedbin data in the catalog, but opp-supported-hw is missing in DT). Assigning msm_gpu->pdev earlier seems like the least painful solution to this, therefore do so. Patchwork: https://patchwork.freedesktop.org/patch/602742/ CVE-2024-49901 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49901.html CVE-2024-49901 https://bugzilla.suse.com/1232305 SUSE Bug 1232305 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointer before try to access it [why & how] Change the order of the pipe_ctx->plane_state check to ensure that plane_state is not null before accessing it. CVE-2024-49906 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49906.html CVE-2024-49906 https://bugzilla.suse.com/1232332 SUSE Bug 1232332 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (v2) This commit adds a null check for the 'afb' variable in the amdgpu_dm_update_cursor function. Previously, 'afb' was assumed to be null at line 8388, but was used later in the code without a null check. This could potentially lead to a null pointer dereference. Changes since v1: - Moved the null check for 'afb' to the line where 'afb' is used. (Alex) Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:8433 amdgpu_dm_update_cursor() error: we previously assumed 'afb' could be null (see line 8388) CVE-2024-49908 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49908.html CVE-2024-49908 https://bugzilla.suse.com/1232335 SUSE Bug 1232335 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func This commit adds a null check for the set_output_gamma function pointer in the dcn32_set_output_transfer_func function. Previously, set_output_gamma was being checked for null, but then it was being dereferenced without any null check. This could lead to a null pointer dereference if set_output_gamma is null. To fix this, we now ensure that set_output_gamma is not null before dereferencing it. We do this by adding a null check for set_output_gamma before the call to set_output_gamma. CVE-2024-49909 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49909.html CVE-2024-49909 https://bugzilla.suse.com/1232337 SUSE Bug 1232337 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func This commit adds a null check for the set_output_gamma function pointer in the dcn20_set_output_transfer_func function. Previously, set_output_gamma was being checked for null at line 1030, but then it was being dereferenced without any null check at line 1048. This could potentially lead to a null pointer dereference error if set_output_gamma is null. To fix this, we now ensure that set_output_gamma is not null before dereferencing it. We do this by adding a null check for set_output_gamma before the call to set_output_gamma at line 1048. CVE-2024-49911 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49911.html CVE-2024-49911 https://bugzilla.suse.com/1232366 SUSE Bug 1232366 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' This commit adds a null check for 'stream_status' in the function 'planes_changed_for_existing_stream'. Previously, the code assumed 'stream_status' could be null, but did not handle the case where it was actually null. This could lead to a null pointer dereference. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:3784 planes_changed_for_existing_stream() error: we previously assumed 'stream_status' could be null (see line 3774) CVE-2024-49912 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49912.html CVE-2024-49912 https://bugzilla.suse.com/1232367 SUSE Bug 1232367 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream This commit addresses a null pointer dereference issue in the `commit_planes_for_stream` function at line 4140. The issue could occur when `top_pipe_to_program` is null. The fix adds a check to ensure `top_pipe_to_program` is not null before accessing its stream_res. This prevents a null pointer dereference. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed 'top_pipe_to_program' could be null (see line 3906) CVE-2024-49913 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49913.html CVE-2024-49913 https://bugzilla.suse.com/1232307 SUSE Bug 1232307 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe This commit addresses a null pointer dereference issue in the `dcn20_program_pipe` function. The issue could occur when `pipe_ctx->plane_state` is null. The fix adds a check to ensure `pipe_ctx->plane_state` is not null before accessing. This prevents a null pointer dereference. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn20/dcn20_hwseq.c:1925 dcn20_program_pipe() error: we previously assumed 'pipe_ctx->plane_state' could be null (see line 1877) CVE-2024-49914 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49914.html CVE-2024-49914 https://bugzilla.suse.com/1232369 SUSE Bug 1232369 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw This commit addresses a potential null pointer dereference issue in the `dcn30_init_hw` function. The issue could occur when `dc->clk_mgr` or `dc->clk_mgr->funcs` is null. The fix adds a check to ensure `dc->clk_mgr` and `dc->clk_mgr->funcs` is not null before accessing its functions. This prevents a potential null pointer dereference. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 dcn30_init_hw() error: we previously assumed 'dc->clk_mgr' could be null (see line 628) CVE-2024-49917 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49917.html CVE-2024-49917 https://bugzilla.suse.com/1231965 SUSE Bug 1231965 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer This commit addresses a potential null pointer dereference issue in the `dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue could occur when `head_pipe` is null. The fix adds a check to ensure `head_pipe` is not null before asserting it. If `head_pipe` is null, the function returns NULL to prevent a potential null pointer dereference. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed 'head_pipe' could be null (see line 2681) CVE-2024-49918 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49918.html CVE-2024-49918 https://bugzilla.suse.com/1231967 SUSE Bug 1231967 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer This commit addresses a potential null pointer dereference issue in the `dcn201_acquire_free_pipe_for_layer` function. The issue could occur when `head_pipe` is null. The fix adds a check to ensure `head_pipe` is not null before asserting it. If `head_pipe` is null, the function returns NULL to prevent a potential null pointer dereference. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn201/dcn201_resource.c:1016 dcn201_acquire_free_pipe_for_layer() error: we previously assumed 'head_pipe' could be null (see line 1010) CVE-2024-49919 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49919.html CVE-2024-49919 https://bugzilla.suse.com/1231968 SUSE Bug 1231968 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointers before multiple uses [WHAT & HOW] Poniters, such as stream_enc and dc->bw_vbios, are null checked previously in the same function, so Coverity warns "implies that stream_enc and dc->bw_vbios might be null". They are used multiple times in the subsequent code and need to be checked. This fixes 10 FORWARD_NULL issues reported by Coverity. CVE-2024-49920 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49920.html CVE-2024-49920 https://bugzilla.suse.com/1232313 SUSE Bug 1232313 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointers before using them [WHAT & HOW] These pointers are null checked previously in the same function, indicating they might be null as reported by Coverity. As a result, they need to be checked when used again. This fixes 3 FORWARD_NULL issue reported by Coverity. CVE-2024-49922 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49922.html CVE-2024-49922 https://bugzilla.suse.com/1232374 SUSE Bug 1232374 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags [WHAT & HOW] "dcn20_validate_apply_pipe_split_flags" dereferences merge, and thus it cannot be a null pointer. Let's pass a valid pointer to avoid null dereference. This fixes 2 FORWARD_NULL issues reported by Coverity. CVE-2024-49923 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49923.html CVE-2024-49923 https://bugzilla.suse.com/1232361 SUSE Bug 1232361 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: avoid NULL pointer dereference iwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() verify that the mvmvsta pointer is not NULL. It retrieves this pointer using iwl_mvm_sta_from_mac80211, which is dereferencing the ieee80211_sta pointer. If sta is NULL, iwl_mvm_sta_from_mac80211 will dereference a NULL pointer. Fix this by checking the sta pointer before retrieving the mvmsta from it. If sta is not NULL, then mvmsta isn't either. CVE-2024-49929 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49929.html CVE-2024-49929 https://bugzilla.suse.com/1232253 SUSE Bug 1232253 In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix array out-of-bound access in SoC stats Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a maximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx() function access ath11k_soc_dp_stats::hal_reo_error using the REO destination SRNG ring ID, which is incorrect. SRNG ring ID differ from normal ring ID, and this usage leads to out-of-bounds array access. To fix this issue, modify ath11k_dp_process_rx() to use the normal ring ID directly instead of the SRNG ring ID to avoid out-of-bounds array access. Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 CVE-2024-49930 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49930.html CVE-2024-49930 https://bugzilla.suse.com/1232260 SUSE Bug 1232260 https://bugzilla.suse.com/1232261 SUSE Bug 1232261 In the Linux kernel, the following vulnerability has been resolved: blk_iocost: fix more out of bound shifts Recently running UBSAN caught few out of bound shifts in the ioc_forgive_debts() function: UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38 shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long long') ... UBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30 shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long long') ... Call Trace: <IRQ> dump_stack_lvl+0xca/0x130 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 ? __lock_acquire+0x6441/0x7c10 ioc_timer_fn+0x6cec/0x7750 ? blk_iocost_init+0x720/0x720 ? call_timer_fn+0x5d/0x470 call_timer_fn+0xfa/0x470 ? blk_iocost_init+0x720/0x720 __run_timer_base+0x519/0x700 ... Actual impact of this issue was not identified but I propose to fix the undefined behaviour. The proposed fix to prevent those out of bound shifts consist of precalculating exponent before using it the shift operations by taking min value from the actual exponent and maximum possible number of bits. CVE-2024-49933 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49933.html CVE-2024-49933 https://bugzilla.suse.com/1232368 SUSE Bug 1232368 In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvif_flush_hash() During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is called when the rcu grace period ends during the iteration, UAF occurs when accessing head->next after the entry becomes free. Therefore, to solve this, you need to change it to list_for_each_entry_safe. CVE-2024-49936 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49936.html CVE-2024-49936 https://bugzilla.suse.com/1232424 SUSE Bug 1232424 https://bugzilla.suse.com/1232426 SUSE Bug 1232426 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to add interface to list twice when SER If SER L2 occurs during the WoWLAN resume flow, the add interface flow is triggered by ieee80211_reconfig(). However, due to rtw89_wow_resume() return failure, it will cause the add interface flow to be executed again, resulting in a double add list and causing a kernel panic. Therefore, we have added a check to prevent double adding of the list. list_add double add: new=ffff99d6992e2010, prev=ffff99d6992e2010, next=ffff99d695302628. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:37! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W O 6.6.30-02659-gc18865c4dfbd #1 770df2933251a0e3c888ba69d1053a817a6376a7 Hardware name: HP Grunt/Grunt, BIOS Google_Grunt.11031.169.0 06/24/2021 Workqueue: events_freezable ieee80211_restart_work [mac80211] RIP: 0010:__list_add_valid_or_report+0x5e/0xb0 Code: c7 74 18 48 39 ce 74 13 b0 01 59 5a 5e 5f 41 58 41 59 41 5a 5d e9 e2 d6 03 00 cc 48 c7 c7 8d 4f 17 83 48 89 c2 e8 02 c0 00 00 <0f> 0b 48 c7 c7 aa 8c 1c 83 e8 f4 bf 00 00 0f 0b 48 c7 c7 c8 bc 12 RSP: 0018:ffffa91b8007bc50 EFLAGS: 00010246 RAX: 0000000000000058 RBX: ffff99d6992e0900 RCX: a014d76c70ef3900 RDX: ffffa91b8007bae8 RSI: 00000000ffffdfff RDI: 0000000000000001 RBP: ffffa91b8007bc88 R08: 0000000000000000 R09: ffffa91b8007bae0 R10: 00000000ffffdfff R11: ffffffff83a79800 R12: ffff99d695302060 R13: ffff99d695300900 R14: ffff99d6992e1be0 R15: ffff99d6992e2010 FS: 0000000000000000(0000) GS:ffff99d6aac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000078fbdba43480 CR3: 000000010e464000 CR4: 00000000001506f0 Call Trace: <TASK> ? __die_body+0x1f/0x70 ? die+0x3d/0x60 ? do_trap+0xa4/0x110 ? __list_add_valid_or_report+0x5e/0xb0 ? do_error_trap+0x6d/0x90 ? __list_add_valid_or_report+0x5e/0xb0 ? handle_invalid_op+0x30/0x40 ? __list_add_valid_or_report+0x5e/0xb0 ? exc_invalid_op+0x3c/0x50 ? asm_exc_invalid_op+0x16/0x20 ? __list_add_valid_or_report+0x5e/0xb0 rtw89_ops_add_interface+0x309/0x310 [rtw89_core 7c32b1ee6854761c0321027c8a58c5160e41f48f] drv_add_interface+0x5c/0x130 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc] ieee80211_reconfig+0x241/0x13d0 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc] ? finish_wait+0x3e/0x90 ? synchronize_rcu_expedited+0x174/0x260 ? sync_rcu_exp_done_unlocked+0x50/0x50 ? wake_bit_function+0x40/0x40 ieee80211_restart_work+0xf0/0x140 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc] process_scheduled_works+0x1e5/0x480 worker_thread+0xea/0x1e0 kthread+0xdb/0x110 ? move_linked_works+0x90/0x90 ? kthread_associate_blkcg+0xa0/0xa0 ret_from_fork+0x3b/0x50 ? kthread_associate_blkcg+0xa0/0xa0 ret_from_fork_asm+0x11/0x20 </TASK> Modules linked in: dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc rfcomm cmac uinput algif_hash algif_skcipher af_alg btusb btrtl iio_trig_hrtimer industrialio_sw_trigger btmtk industrialio_configfs btbcm btintel uvcvideo videobuf2_vmalloc iio_trig_sysfs videobuf2_memops videobuf2_v4l2 videobuf2_common uvc snd_hda_codec_hdmi veth snd_hda_intel snd_intel_dspcfg acpi_als snd_hda_codec industrialio_triggered_buffer kfifo_buf snd_hwdep industrialio i2c_piix4 snd_hda_core designware_i2s ip6table_nat snd_soc_max98357a xt_MASQUERADE xt_cgroup snd_soc_acp_rt5682_mach fuse rtw89_8922ae(O) rtw89_8922a(O) rtw89_pci(O) rtw89_core(O) 8021q mac80211(O) bluetooth ecdh_generic ecc cfg80211 r8152 mii joydev gsmi: Log Shutdown Reason 0x03 ---[ end trace 0000000000000000 ]--- CVE-2024-49939 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49939.html CVE-2024-49939 https://bugzilla.suse.com/1232381 SUSE Bug 1232381 In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in ppp_channel_bridge_input() Networking receive path is usually handled from BH handler. However, some protocols need to acquire the socket lock, and packets might be stored in the socket backlog is the socket was owned by a user process. In this case, release_sock(), __release_sock(), and sk_backlog_rcv() might call the sk->sk_backlog_rcv() handler in process context. sybot caught ppp was not considering this case in ppp_channel_bridge_input() : WARNING: inconsistent lock state 6.11.0-rc7-syzkaller-g5f5673607153 #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. ksoftirqd/1/24 [HC0[0]:SC1[1]:HE1:SE0] takes: ffff0000db7f11e0 (&pch->downl){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] ffff0000db7f11e0 (&pch->downl){+.?.}-{2:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline] ffff0000db7f11e0 (&pch->downl){+.?.}-{2:2}, at: ppp_input+0x16c/0x854 drivers/net/ppp/ppp_generic.c:2304 {SOFTIRQ-ON-W} state was registered at: lock_acquire+0x240/0x728 kernel/locking/lockdep.c:5759 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x48/0x60 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline] ppp_input+0x16c/0x854 drivers/net/ppp/ppp_generic.c:2304 pppoe_rcv_core+0xfc/0x314 drivers/net/ppp/pppoe.c:379 sk_backlog_rcv include/net/sock.h:1111 [inline] __release_sock+0x1a8/0x3d8 net/core/sock.c:3004 release_sock+0x68/0x1b8 net/core/sock.c:3558 pppoe_sendmsg+0xc8/0x5d8 drivers/net/ppp/pppoe.c:903 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x374/0x4f4 net/socket.c:2204 __do_sys_sendto net/socket.c:2216 [inline] __se_sys_sendto net/socket.c:2212 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2212 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 irq event stamp: 282914 hardirqs last enabled at (282914): [<ffff80008b42e30c>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] hardirqs last enabled at (282914): [<ffff80008b42e30c>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194 hardirqs last disabled at (282913): [<ffff80008b42e13c>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (282913): [<ffff80008b42e13c>] _raw_spin_lock_irqsave+0x2c/0x7c kernel/locking/spinlock.c:162 softirqs last enabled at (282904): [<ffff8000801f8e88>] softirq_handle_end kernel/softirq.c:400 [inline] softirqs last enabled at (282904): [<ffff8000801f8e88>] handle_softirqs+0xa3c/0xbfc kernel/softirq.c:582 softirqs last disabled at (282909): [<ffff8000801fbdf8>] run_ksoftirqd+0x70/0x158 kernel/softirq.c:928 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&pch->downl); <Interrupt> lock(&pch->downl); *** DEADLOCK *** 1 lock held by ksoftirqd/1/24: #0: ffff80008f74dfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:325 stack backtrace: CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.11.0-rc7-syzkaller-g5f5673607153 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call trace: dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:319 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:326 __dump_sta ---truncated--- CVE-2024-49946 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49946.html CVE-2024-49946 https://bugzilla.suse.com/1232164 SUSE Bug 1232164 In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO After commit 7c6d2ecbda83 ("net: be more gentle about silly gso requests coming from user") virtio_net_hdr_to_skb() had sanity check to detect malicious attempts from user space to cook a bad GSO packet. Then commit cf9acc90c80ec ("net: virtio_net_hdr_to_skb: count transport header in UFO") while fixing one issue, allowed user space to cook a GSO packet with the following characteristic : IPv4 SKB_GSO_UDP, gso_size=3, skb->len = 28. When this packet arrives in qdisc_pkt_len_init(), we end up with hdr_len = 28 (IPv4 header + UDP header), matching skb->len Then the following sets gso_segs to 0 : gso_segs = DIV_ROUND_UP(skb->len - hdr_len, shinfo->gso_size); Then later we set qdisc_skb_cb(skb)->pkt_len to back to zero :/ qdisc_skb_cb(skb)->pkt_len += (gso_segs - 1) * hdr_len; This leads to the following crash in fq_codel [1] qdisc_pkt_len_init() is best effort, we only want an estimation of the bytes sent on the wire, not crashing the kernel. This patch is fixing this particular issue, a following one adds more sanity checks for another potential bug. [1] [ 70.724101] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 70.724561] #PF: supervisor read access in kernel mode [ 70.724561] #PF: error_code(0x0000) - not-present page [ 70.724561] PGD 10ac61067 P4D 10ac61067 PUD 107ee2067 PMD 0 [ 70.724561] Oops: Oops: 0000 [#1] SMP NOPTI [ 70.724561] CPU: 11 UID: 0 PID: 2163 Comm: b358537762 Not tainted 6.11.0-virtme #991 [ 70.724561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.724561] RIP: 0010:fq_codel_enqueue (net/sched/sch_fq_codel.c:120 net/sched/sch_fq_codel.c:168 net/sched/sch_fq_codel.c:230) sch_fq_codel [ 70.724561] Code: 24 08 49 c1 e1 06 44 89 7c 24 18 45 31 ed 45 31 c0 31 ff 89 44 24 14 4c 03 8b 90 01 00 00 eb 04 39 ca 73 37 4d 8b 39 83 c7 01 <49> 8b 17 49 89 11 41 8b 57 28 45 8b 5f 34 49 c7 07 00 00 00 00 49 All code ======== 0: 24 08 and $0x8,%al 2: 49 c1 e1 06 shl $0x6,%r9 6: 44 89 7c 24 18 mov %r15d,0x18(%rsp) b: 45 31 ed xor %r13d,%r13d e: 45 31 c0 xor %r8d,%r8d 11: 31 ff xor %edi,%edi 13: 89 44 24 14 mov %eax,0x14(%rsp) 17: 4c 03 8b 90 01 00 00 add 0x190(%rbx),%r9 1e: eb 04 jmp 0x24 20: 39 ca cmp %ecx,%edx 22: 73 37 jae 0x5b 24: 4d 8b 39 mov (%r9),%r15 27: 83 c7 01 add $0x1,%edi 2a:* 49 8b 17 mov (%r15),%rdx <-- trapping instruction 2d: 49 89 11 mov %rdx,(%r9) 30: 41 8b 57 28 mov 0x28(%r15),%edx 34: 45 8b 5f 34 mov 0x34(%r15),%r11d 38: 49 c7 07 00 00 00 00 movq $0x0,(%r15) 3f: 49 rex.WB Code starting with the faulting instruction =========================================== 0: 49 8b 17 mov (%r15),%rdx 3: 49 89 11 mov %rdx,(%r9) 6: 41 8b 57 28 mov 0x28(%r15),%edx a: 45 8b 5f 34 mov 0x34(%r15),%r11d e: 49 c7 07 00 00 00 00 movq $0x0,(%r15) 15: 49 rex.WB [ 70.724561] RSP: 0018:ffff95ae85e6fb90 EFLAGS: 00000202 [ 70.724561] RAX: 0000000002000000 RBX: ffff95ae841de000 RCX: 0000000000000000 [ 70.724561] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 70.724561] RBP: ffff95ae85e6fbf8 R08: 0000000000000000 R09: ffff95b710a30000 [ 70.724561] R10: 0000000000000000 R11: bdf289445ce31881 R12: ffff95ae85e6fc58 [ 70.724561] R13: 0000000000000000 R14: 0000000000000040 R15: 0000000000000000 [ 70.724561] FS: 000000002c5c1380(0000) GS:ffff95bd7fcc0000(0000) knlGS:0000000000000000 [ 70.724561] CS: 0010 DS: 0000 ES: 0000 C ---truncated--- CVE-2024-49949 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49949.html CVE-2024-49949 https://bugzilla.suse.com/1232160 SUSE Bug 1232160 In the Linux kernel, the following vulnerability has been resolved: static_call: Replace pointless WARN_ON() in static_call_module_notify() static_call_module_notify() triggers a WARN_ON(), when memory allocation fails in __static_call_add_module(). That's not really justified, because the failure case must be correctly handled by the well known call chain and the error code is passed through to the initiating userspace application. A memory allocation fail is not a fatal problem, but the WARN_ON() takes the machine out when panic_on_warn is set. Replace it with a pr_warn(). CVE-2024-49954 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49954.html CVE-2024-49954 https://bugzilla.suse.com/1232155 SUSE Bug 1232155 In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash. Fix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister(). CVE-2024-49955 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49955.html CVE-2024-49955 https://bugzilla.suse.com/1232154 SUSE Bug 1232154 In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn output showed the below corruption [EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record, but fsck believes the largest valid value is 227. Clamp the next record value? n The stat output from the debugfs.ocfs2 showed the following corruption where the "Next Free Rec:" had overshot the "Count:" in the root metadata block. Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856) FS Generation: 904309833 (0x35e6ac49) CRC32: 00000000 ECC: 0000 Type: Regular Attr: 0x0 Flags: Valid Dynamic Features: (0x16) HasXattr InlineXattr Refcounted Extended Attributes Block: 0 Extended Attributes Inline Size: 256 User: 0 (root) Group: 0 (root) Size: 281320357888 Links: 1 Clusters: 141738 ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024 atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024 mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024 dtime: 0x0 -- Wed Dec 31 17:00:00 1969 Refcount Block: 2777346 Last Extblk: 2886943 Orphan Slot: 0 Sub Alloc Slot: 0 Sub Alloc Bit: 14 Tree Depth: 1 Count: 227 Next Free Rec: 230 ## Offset Clusters Block# 0 0 2310 2776351 1 2310 2139 2777375 2 4449 1221 2778399 3 5670 731 2779423 4 6401 566 2780447 ....... .... ....... ....... .... ....... The issue was in the reflink workfow while reserving space for inline xattr. The problematic function is ocfs2_reflink_xattr_inline(). By the time this function is called the reflink tree is already recreated at the destination inode from the source inode. At this point, this function reserves space for inline xattrs at the destination inode without even checking if there is space at the root metadata block. It simply reduces the l_count from 243 to 227 thereby making space of 256 bytes for inline xattr whereas the inode already has extents beyond this index (in this case up to 230), thereby causing corruption. The fix for this is to reserve space for inline metadata at the destination inode before the reflink tree gets recreated. The customer has verified the fix. CVE-2024-49958 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49958.html CVE-2024-49958 https://bugzilla.suse.com/1232151 SUSE Bug 1232151 In the Linux kernel, the following vulnerability has been resolved: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail() to recover some journal space. But if an error occurs while executing jbd2_cleanup_journal_tail() (e.g., an EIO), we don't stop waiting for free space right away, we try other branches, and if j_committing_transaction is NULL (i.e., the tid is 0), we will get the following complain: ============================================ JBD2: I/O error when updating journal superblock for sdd-8. __jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available __jbd2_log_wait_for_space: no way to get more journal space in sdd-8 ------------[ cut here ]------------ WARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0 Modules linked in: CPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1 RIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0 Call Trace: <TASK> add_transaction_credits+0x5d1/0x5e0 start_this_handle+0x1ef/0x6a0 jbd2__journal_start+0x18b/0x340 ext4_dirty_inode+0x5d/0xb0 __mark_inode_dirty+0xe4/0x5d0 generic_update_time+0x60/0x70 [...] ============================================ So only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to clean up at the moment, continue to try to reclaim free space in other ways. Note that this fix relies on commit 6f6a6fda2945 ("jbd2: fix ocfs2 corrupt when updating journal superblock fails") to make jbd2_cleanup_journal_tail return the correct error code. CVE-2024-49959 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49959.html CVE-2024-49959 https://bugzilla.suse.com/1232149 SUSE Bug 1232149 In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4_fill_super The del_timer_sync function cancels the s_err_report timer, which reminds about filesystem errors daily. We should guarantee the timer is no longer active before kfree(sbi). When filesystem mounting fails, the flow goes to failed_mount3, where an error occurs when ext4_stop_mmpd is called, causing a read I/O failure. This triggers the ext4_handle_error function that ultimately re-arms the timer, leaving the s_err_report timer active before kfree(sbi) is called. Fix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd. CVE-2024-49960 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49960.html CVE-2024-49960 https://bugzilla.suse.com/1232395 SUSE Bug 1232395 https://bugzilla.suse.com/1232803 SUSE Bug 1232803 In the Linux kernel, the following vulnerability has been resolved: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() ACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 ACPI_ALLOCATE_ZEROED() may fail, elements might be NULL and will cause NULL pointer dereference later. [ rjw: Subject and changelog edits ] CVE-2024-49962 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49962.html CVE-2024-49962 https://bugzilla.suse.com/1232314 SUSE Bug 1232314 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-49967 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49967.html CVE-2024-49967 https://bugzilla.suse.com/1232140 SUSE Bug 1232140 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, the function returns false to indicate an error. drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max CVE-2024-49969 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49969.html CVE-2024-49969 https://bugzilla.suse.com/1232519 SUSE Bug 1232519 https://bugzilla.suse.com/1232524 SUSE Bug 1232524 In the Linux kernel, the following vulnerability has been resolved: r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated memory area is big enough to hold all of the tally counter values, even if we use only parts of it. CVE-2024-49973 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49973.html CVE-2024-49973 https://bugzilla.suse.com/1232105 SUSE Bug 1232105 In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimited number of 4MB chunks, so can run for a long time. Thus IMO async COPY can become a DoS vector. Add a restriction mechanism that bounds the number of concurrent background COPY operations. Start simple and try to be fair -- this patch implements a per-namespace limit. An async COPY request that occurs while this limit is exceeded gets NFS4ERR_DELAY. The requesting client can choose to send the request again after a delay or fall back to a traditional read/write style copy. If there is need to make the mechanism more sophisticated, we can visit that in future patches. CVE-2024-49974 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49974.html CVE-2024-49974 https://bugzilla.suse.com/1232383 SUSE Bug 1232383 https://bugzilla.suse.com/1232384 SUSE Bug 1232384 In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ, although this doesn't really matter, debugger can read this memory anyway. CVE-2024-49975 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49975.html CVE-2024-49975 https://bugzilla.suse.com/1232104 SUSE Bug 1232104 In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb->dev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb->dev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue. CVE-2024-49982 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49982.html CVE-2024-49982 https://bugzilla.suse.com/1232097 SUSE Bug 1232097 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set to NULL, this could cause use-after-free bug. CVE-2024-49991 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49991.html CVE-2024-49991 https://bugzilla.suse.com/1232282 SUSE Bug 1232282 https://bugzilla.suse.com/1232284 SUSE Bug 1232284 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-49993 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49993.html CVE-2024-49993 https://bugzilla.suse.com/1232316 SUSE Bug 1232316 In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs. Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge") Compile tested only. CVE-2024-49995 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49995.html CVE-2024-49995 https://bugzilla.suse.com/1232432 SUSE Bug 1232432 https://bugzilla.suse.com/1232433 SUSE Bug 1232433 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseDataLength. Function cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer at position after the end of the buffer because it does not subtract InodeType size from the length. Fix this problem and correctly subtract variable len. Member InodeType is present only when reparse buffer is large enough. Check for ReparseDataLength before accessing InodeType to prevent another invalid memory access. Major and minor rdev values are present also only when reparse buffer is large enough. Check for reparse buffer size before calling reparse_mkdev(). CVE-2024-49996 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-49996.html CVE-2024-49996 https://bugzilla.suse.com/1232089 SUSE Bug 1232089 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() In mlx5e_tir_builder_alloc() kvzalloc() may return NULL which is dereferenced on the next line in a reference to the modify field. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-50000 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50000.html CVE-2024-50000 https://bugzilla.suse.com/1232085 SUSE Bug 1232085 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix error path in multi-packet WQE transmit Remove the erroneous unmap in case no DMA mapping was established The multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This could fail, e.g. under memory pressure, when the IOMMU driver just can't allocate more memory for page tables. While the code tries to handle this in the path below the err_unmap label it erroneously unmaps one entry from the sq's FIFO list of active mappings. Since the current map attempt failed this unmap is removing some random DMA mapping that might still be required. If the PCI function now presents that IOVA, the IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI function in error state. The erroneous behavior was seen in a stress-test environment that created memory pressure. CVE-2024-50001 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50001.html CVE-2024-50001 https://bugzilla.suse.com/1232084 SUSE Bug 1232084 In the Linux kernel, the following vulnerability has been resolved: static_call: Handle module init failure correctly in static_call_del_module() Module insertion invokes static_call_add_module() to initialize the static calls in a module. static_call_add_module() invokes __static_call_init(), which allocates a struct static_call_mod to either encapsulate the built-in static call sites of the associated key into it so further modules can be added or to append the module to the module chain. If that allocation fails the function returns with an error code and the module core invokes static_call_del_module() to clean up eventually added static_call_mod entries. This works correctly, when all keys used by the module were converted over to a module chain before the failure. If not then static_call_del_module() causes a #GP as it blindly assumes that key::mods points to a valid struct static_call_mod. The problem is that key::mods is not a individual struct member of struct static_call_key, it's part of a union to save space: union { /* bit 0: 0 = mods, 1 = sites */ unsigned long type; struct static_call_mod *mods; struct static_call_site *sites; }; key::sites is a pointer to the list of built-in usage sites of the static call. The type of the pointer is differentiated by bit 0. A mods pointer has the bit clear, the sites pointer has the bit set. As static_call_del_module() blidly assumes that the pointer is a valid static_call_mod type, it fails to check for this failure case and dereferences the pointer to the list of built-in call sites, which is obviously bogus. Cure it by checking whether the key has a sites or a mods pointer. If it's a sites pointer then the key is not to be touched. As the sites are walked in the same order as in __static_call_init() the site walk can be terminated because all subsequent sites have not been touched by the init code due to the error exit. If it was converted before the allocation fail, then the inner loop which searches for a module match will find nothing. A fail in the second allocation in __static_call_init() is harmless and does not require special treatment. The first allocation succeeded and converted the key to a module chain. That first entry has mod::mod == NULL and mod::next == NULL, so the inner loop of static_call_del_module() will neither find a module match nor a module chain. The next site in the walk was either already converted, but can't match the module, or it will exit the outer loop because it has a static_call_site pointer and not a static_call_mod pointer. CVE-2024-50002 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50002.html CVE-2024-50002 https://bugzilla.suse.com/1232083 SUSE Bug 1232083 In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate() Fuzzing reports a possible deadlock in jbd2_log_wait_commit. This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require synchronous updates because the file descriptor is opened with O_SYNC. This can lead to the jbd2_journal_stop() function calling jbd2_might_wait_for_commit(), potentially causing a deadlock if the EXT4_IOC_MIGRATE call races with a write(2) system call. This problem only arises when CONFIG_PROVE_LOCKING is enabled. In this case, the jbd2_might_wait_for_commit macro locks jbd2_handle in the jbd2_journal_stop function while i_data_sem is locked. This triggers lockdep because the jbd2_journal_start function might also lock the same jbd2_handle simultaneously. Found by Linux Verification Center (linuxtesting.org) with syzkaller. Rule: add CVE-2024-50006 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50006.html CVE-2024-50006 https://bugzilla.suse.com/1232442 SUSE Bug 1232442 In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled: INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ #11 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x66/0x90 register_lock_class+0x759/0x7d0 __lock_acquire+0x85/0x2630 ? __find_get_block+0xb4/0x380 lock_acquire+0xd1/0x2d0 ? __ext4_journal_get_write_access+0xd5/0x160 _raw_spin_lock+0x33/0x40 ? __ext4_journal_get_write_access+0xd5/0x160 __ext4_journal_get_write_access+0xd5/0x160 ext4_reserve_inode_write+0x61/0xb0 __ext4_mark_inode_dirty+0x79/0x270 ? ext4_ext_replay_set_iblocks+0x2f8/0x450 ext4_ext_replay_set_iblocks+0x330/0x450 ext4_fc_replay+0x14c8/0x1540 ? jread+0x88/0x2e0 ? rcu_is_watching+0x11/0x40 do_one_pass+0x447/0xd00 jbd2_journal_recover+0x139/0x1b0 jbd2_journal_load+0x96/0x390 ext4_load_and_init_journal+0x253/0xd40 ext4_fill_super+0x2cc6/0x3180 ... In the replay path there's an attempt to lock sbi->s_bdev_wb_lock in function ext4_check_bdev_write_error(). Unfortunately, at this point this spinlock has not been initialized yet. Moving it's initialization to an earlier point in __ext4_fill_super() fixes this splat. CVE-2024-50014 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50014.html CVE-2024-50014 https://bugzilla.suse.com/1232446 SUSE Bug 1232446 In the Linux kernel, the following vulnerability has been resolved: kthread: unpark only parked kthread Calling into kthread unparking unconditionally is mostly harmless when the kthread is already unparked. The wake up is then simply ignored because the target is not in TASK_PARKED state. However if the kthread is per CPU, the wake up is preceded by a call to kthread_bind() which expects the task to be inactive and in TASK_PARKED state, which obviously isn't the case if it is unparked. As a result, calling kthread_stop() on an unparked per-cpu kthread triggers such a warning: WARNING: CPU: 0 PID: 11 at kernel/kthread.c:525 __kthread_bind_mask kernel/kthread.c:525 <TASK> kthread_stop+0x17a/0x630 kernel/kthread.c:707 destroy_workqueue+0x136/0xc40 kernel/workqueue.c:5810 wg_destruct+0x1e2/0x2e0 drivers/net/wireguard/device.c:257 netdev_run_todo+0xe1a/0x1000 net/core/dev.c:10693 default_device_exit_batch+0xa14/0xa90 net/core/dev.c:11769 ops_exit_list net/core/net_namespace.c:178 [inline] cleanup_net+0x89d/0xcc0 net/core/net_namespace.c:640 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Fix this with skipping unecessary unparking while stopping a kthread. CVE-2024-50019 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50019.html CVE-2024-50019 https://bugzilla.suse.com/1231990 SUSE Bug 1231990 In the Linux kernel, the following vulnerability has been resolved: net: Fix an unsafe loop on the list The kernel may crash when deleting a genetlink family if there are still listeners for that family: Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0 LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0 Call Trace: __netlink_clear_multicast_users+0x74/0xc0 genl_unregister_family+0xd4/0x2d0 Change the unsafe loop on the list to a safe one, because inside the loop there is an element removal from this list. CVE-2024-50024 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50024.html CVE-2024-50024 https://bugzilla.suse.com/1231954 SUSE Bug 1231954 In the Linux kernel, the following vulnerability has been resolved: thermal: core: Reference count the zone in thermal_zone_get_by_id() There are places in the thermal netlink code where nothing prevents the thermal zone object from going away while being accessed after it has been returned by thermal_zone_get_by_id(). To address this, make thermal_zone_get_by_id() get a reference on the thermal zone device object to be returned with the help of get_device(), under thermal_list_lock, and adjust all of its callers to this change with the help of the cleanup.h infrastructure. CVE-2024-50028 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50028.html CVE-2024-50028 https://bugzilla.suse.com/1231950 SUSE Bug 1231950 In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the size of the packet was at least 20, which is not good enough. We need to make sure the packet includes the IPv4 and TCP header that are supposed to be carried. Add iph and th pointers to make the code more readable. [1] BUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666 slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666 ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455 ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline] ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212 ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327 pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113 __release_sock+0x1da/0x330 net/core/sock.c:3072 release_sock+0x6b/0x250 net/core/sock.c:3626 pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 ____sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __do_sys_sendmmsg net/socket.c:2771 [inline] __se_sys_sendmmsg net/socket.c:2768 [inline] __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4091 [inline] slab_alloc_node mm/slub.c:4134 [inline] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678 alloc_skb include/linux/skbuff.h:1322 [inline] sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732 pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 ____sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __do_sys_sendmmsg net/socket.c:2771 [inline] __se_sys_sendmmsg net/socket.c:2768 [inline] __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 CVE-2024-50033 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50033.html CVE-2024-50033 https://bugzilla.suse.com/1231914 SUSE Bug 1231914 In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is called with an empty skb. BUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline] BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675 ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline] ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675 ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline] ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304 pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113 __release_sock+0x1da/0x330 net/core/sock.c:3072 release_sock+0x6b/0x250 net/core/sock.c:3626 pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 ____sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __do_sys_sendmmsg net/socket.c:2771 [inline] __se_sys_sendmmsg net/socket.c:2768 [inline] __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4092 [inline] slab_alloc_node mm/slub.c:4135 [inline] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678 alloc_skb include/linux/skbuff.h:1322 [inline] sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732 pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 ____sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __do_sys_sendmmsg net/socket.c:2771 [inline] __se_sys_sendmmsg net/socket.c:2768 [inline] __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 CVE-2024-50035 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50035.html CVE-2024-50035 https://bugzilla.suse.com/1232392 SUSE Bug 1232392 In the Linux kernel, the following vulnerability has been resolved: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash This patch addresses a macvlan leak issue in the i40e driver caused by concurrent access to vsi->mac_filter_hash. The leak occurs when multiple threads attempt to modify the mac_filter_hash simultaneously, leading to inconsistent state and potential memory leaks. To fix this, we now wrap the calls to i40e_del_mac_filter() and zeroing vf->default_lan_addr.addr with spin_lock/unlock_bh(&vsi->mac_filter_hash_lock), ensuring atomic operations and preventing concurrent access. Additionally, we add lockdep_assert_held(&vsi->mac_filter_hash_lock) in i40e_add_mac_filter() to help catch similar issues in the future. Reproduction steps: 1. Spawn VFs and configure port vlan on them. 2. Trigger concurrent macvlan operations (e.g., adding and deleting portvlan and/or mac filters). 3. Observe the potential memory leak and inconsistent state in the mac_filter_hash. This synchronization ensures the integrity of the mac_filter_hash and prevents the described leak. CVE-2024-50041 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50041.html CVE-2024-50041 https://bugzilla.suse.com/1231907 SUSE Bug 1231907 In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb Fix a kernel panic in the br_netfilter module when sending untagged traffic via a VxLAN device. This happens during the check for fragmentation in br_nf_dev_queue_xmit. It is dependent on: 1) the br_netfilter module being loaded; 2) net.bridge.bridge-nf-call-iptables set to 1; 3) a bridge with a VxLAN (single-vxlan-device) netdevice as a bridge port; 4) untagged frames with size higher than the VxLAN MTU forwarded/flooded When forwarding the untagged packet to the VxLAN bridge port, before the netfilter hooks are called, br_handle_egress_vlan_tunnel is called and changes the skb_dst to the tunnel dst. The tunnel_dst is a metadata type of dst, i.e., skb_valid_dst(skb) is false, and metadata->dst.dev is NULL. Then in the br_netfilter hooks, in br_nf_dev_queue_xmit, there's a check for frames that needs to be fragmented: frames with higher MTU than the VxLAN device end up calling br_nf_ip_fragment, which in turns call ip_skb_dst_mtu. The ip_dst_mtu tries to use the skb_dst(skb) as if it was a valid dst with valid dst->dev, thus the crash. This case was never supported in the first place, so drop the packet instead. PING 10.0.0.2 (10.0.0.2) from 0.0.0.0 h1-eth0: 2000(2028) bytes of data. [ 176.291791] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000110 [ 176.292101] Mem abort info: [ 176.292184] ESR = 0x0000000096000004 [ 176.292322] EC = 0x25: DABT (current EL), IL = 32 bits [ 176.292530] SET = 0, FnV = 0 [ 176.292709] EA = 0, S1PTW = 0 [ 176.292862] FSC = 0x04: level 0 translation fault [ 176.293013] Data abort info: [ 176.293104] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 176.293488] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 176.293787] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 176.293995] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000043ef5000 [ 176.294166] [0000000000000110] pgd=0000000000000000, p4d=0000000000000000 [ 176.294827] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 176.295252] Modules linked in: vxlan ip6_udp_tunnel udp_tunnel veth br_netfilter bridge stp llc ipv6 crct10dif_ce [ 176.295923] CPU: 0 PID: 188 Comm: ping Not tainted 6.8.0-rc3-g5b3fbd61b9d1 #2 [ 176.296314] Hardware name: linux,dummy-virt (DT) [ 176.296535] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 176.296808] pc : br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter] [ 176.297382] lr : br_nf_dev_queue_xmit+0x2ac/0x4ec [br_netfilter] [ 176.297636] sp : ffff800080003630 [ 176.297743] x29: ffff800080003630 x28: 0000000000000008 x27: ffff6828c49ad9f8 [ 176.298093] x26: ffff6828c49ad000 x25: 0000000000000000 x24: 00000000000003e8 [ 176.298430] x23: 0000000000000000 x22: ffff6828c4960b40 x21: ffff6828c3b16d28 [ 176.298652] x20: ffff6828c3167048 x19: ffff6828c3b16d00 x18: 0000000000000014 [ 176.298926] x17: ffffb0476322f000 x16: ffffb7e164023730 x15: 0000000095744632 [ 176.299296] x14: ffff6828c3f1c880 x13: 0000000000000002 x12: ffffb7e137926a70 [ 176.299574] x11: 0000000000000001 x10: ffff6828c3f1c898 x9 : 0000000000000000 [ 176.300049] x8 : ffff6828c49bf070 x7 : 0008460f18d5f20e x6 : f20e0100bebafeca [ 176.300302] x5 : ffff6828c7f918fe x4 : ffff6828c49bf070 x3 : 0000000000000000 [ 176.300586] x2 : 0000000000000000 x1 : ffff6828c3c7ad00 x0 : ffff6828c7f918f0 [ 176.300889] Call trace: [ 176.301123] br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter] [ 176.301411] br_nf_post_routing+0x2a8/0x3e4 [br_netfilter] [ 176.301703] nf_hook_slow+0x48/0x124 [ 176.302060] br_forward_finish+0xc8/0xe8 [bridge] [ 176.302371] br_nf_hook_thresh+0x124/0x134 [br_netfilter] [ 176.302605] br_nf_forward_finish+0x118/0x22c [br_netfilter] [ 176.302824] br_nf_forward_ip.part.0+0x264/0x290 [br_netfilter] [ 176.303136] br_nf_forward+0x2b8/0x4e0 [br_netfilter] [ 176.303359] nf_hook_slow+0x48/0x124 [ 176.303 ---truncated--- CVE-2024-50045 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50045.html CVE-2024-50045 https://bugzilla.suse.com/1231903 SUSE Bug 1231903 In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() On the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server. Accidentally, the nfs42_complete_copies() got a NULL-pointer dereference crash with the following syslog: [232064.838881] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116 [232064.839360] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116 [232066.588183] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058 [232066.588586] Mem abort info: [232066.588701] ESR = 0x0000000096000007 [232066.588862] EC = 0x25: DABT (current EL), IL = 32 bits [232066.589084] SET = 0, FnV = 0 [232066.589216] EA = 0, S1PTW = 0 [232066.589340] FSC = 0x07: level 3 translation fault [232066.589559] Data abort info: [232066.589683] ISV = 0, ISS = 0x00000007 [232066.589842] CM = 0, WnR = 0 [232066.589967] user pgtable: 64k pages, 48-bit VAs, pgdp=00002000956ff400 [232066.590231] [0000000000000058] pgd=08001100ae100003, p4d=08001100ae100003, pud=08001100ae100003, pmd=08001100b3c00003, pte=0000000000000000 [232066.590757] Internal error: Oops: 96000007 [#1] SMP [232066.590958] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm vhost_net vhost vhost_iotlb tap tun ipt_rpfilter xt_multiport ip_set_hash_ip ip_set_hash_net xfrm_interface xfrm6_tunnel tunnel4 tunnel6 esp4 ah4 wireguard libcurve25519_generic veth xt_addrtype xt_set nf_conntrack_netlink ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_bitmap_port ip_set_hash_ipport dummy ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs iptable_filter sch_ingress nfnetlink_cttimeout vport_gre ip_gre ip_tunnel gre vport_geneve geneve vport_vxlan vxlan ip6_udp_tunnel udp_tunnel openvswitch nf_conncount dm_round_robin dm_service_time dm_multipath xt_nat xt_MASQUERADE nft_chain_nat nf_nat xt_mark xt_conntrack xt_comment nft_compat nft_counter nf_tables nfnetlink ocfs2 ocfs2_nodemanager ocfs2_stackglue iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_ssif nbd overlay 8021q garp mrp bonding tls rfkill sunrpc ext4 mbcache jbd2 [232066.591052] vfat fat cas_cache cas_disk ses enclosure scsi_transport_sas sg acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler ip_tables vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio dm_mirror dm_region_hash dm_log dm_mod nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc fuse xfs libcrc32c ast drm_vram_helper qla2xxx drm_kms_helper syscopyarea crct10dif_ce sysfillrect ghash_ce sysimgblt sha2_ce fb_sys_fops cec sha256_arm64 sha1_ce drm_ttm_helper ttm nvme_fc igb sbsa_gwdt nvme_fabrics drm nvme_core i2c_algo_bit i40e scsi_transport_fc megaraid_sas aes_neon_bs [232066.596953] CPU: 6 PID: 4124696 Comm: 10.253.166.125- Kdump: loaded Not tainted 5.15.131-9.cl9_ocfs2.aarch64 #1 [232066.597356] Hardware name: Great Wall .\x93\x8e...RF6260 V5/GWMSSE2GL1T, BIOS T656FBE_V3.0.18 2024-01-06 [232066.597721] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [232066.598034] pc : nfs4_reclaim_open_state+0x220/0x800 [nfsv4] [232066.598327] lr : nfs4_reclaim_open_state+0x12c/0x800 [nfsv4] [232066.598595] sp : ffff8000f568fc70 [232066.598731] x29: ffff8000f568fc70 x28: 0000000000001000 x27: ffff21003db33000 [232066.599030] x26: ffff800005521ae0 x25: ffff0100f98fa3f0 x24: 0000000000000001 [232066.599319] x23: ffff800009920008 x22: ffff21003db33040 x21: ffff21003db33050 [232066.599628] x20: ffff410172fe9e40 x19: ffff410172fe9e00 x18: 0000000000000000 [232066.599914] x17: 0000000000000000 x16: 0000000000000004 x15: 0000000000000000 [232066.600195] x14: 0000000000000000 x13: ffff800008e685a8 x12: 00000000eac0c6e6 [232066.600498] x11: 00000000000000 ---truncated--- CVE-2024-50046 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50046.html CVE-2024-50046 https://bugzilla.suse.com/1231902 SUSE Bug 1231902 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt # dd if=/mnt/largefile of=/dev/null ... [ 194.196391] ================================================================== [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110 [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899 [ 194.197707] [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43 [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014 [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs] [ 194.200032] Call Trace: [ 194.200191] <TASK> [ 194.200327] dump_stack_lvl+0x4e/0x70 [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110 [ 194.200809] print_report+0x174/0x505 [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 194.201352] ? srso_return_thunk+0x5/0x5f [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0 [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110 [ 194.202128] kasan_report+0xc8/0x150 [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110 [ 194.202616] gf128mul_4k_lle+0xc1/0x110 [ 194.202863] ghash_update+0x184/0x210 [ 194.203103] shash_ahash_update+0x184/0x2a0 [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10 [ 194.203651] ? srso_return_thunk+0x5/0x5f [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340 [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140 [ 194.204434] crypt_message+0xec1/0x10a0 [cifs] [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs] [ 194.208507] ? srso_return_thunk+0x5/0x5f [ 194.209205] ? srso_return_thunk+0x5/0x5f [ 194.209925] ? srso_return_thunk+0x5/0x5f [ 194.210443] ? srso_return_thunk+0x5/0x5f [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs] [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs] [ 194.214670] ? srso_return_thunk+0x5/0x5f [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs] This is because TFM is being used in parallel. Fix this by allocating a new AEAD TFM for async decryption, but keep the existing one for synchronous READ cases (similar to what is done in smb3_calc_signature()). Also remove the calls to aead_request_set_callback() and crypto_wait_req() since it's always going to be a synchronous operation. CVE-2024-50047 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50047.html CVE-2024-50047 https://bugzilla.suse.com/1232418 SUSE Bug 1232418 https://bugzilla.suse.com/1232576 SUSE Bug 1232576 https://bugzilla.suse.com/1232638 SUSE Bug 1232638 In the Linux kernel, the following vulnerability has been resolved: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer: struct param { uint8_t type; struct tiocl_selection ts; }; int main() { struct fb_con2fbmap con2fb; struct param param; int fd = open("/dev/fb1", 0, 0); con2fb.console = 0x19; con2fb.framebuffer = 0; ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb); param.type = 2; param.ts.xs = 0; param.ts.ys = 0; param.ts.xe = 0; param.ts.ye = 0; param.ts.sel_mode = 0; int fd1 = open("/dev/tty1", O_RDWR, 0); ioctl(fd1, TIOCLINUX, &param); con2fb.console = 1; con2fb.framebuffer = 0; ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb); return 0; } After calling ioctl(fd1, TIOCLINUX, &param), the subsequent ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb) causes the kernel to follow a different execution path: set_con2fb_map -> con2fb_init_display -> fbcon_set_disp -> redraw_screen -> hide_cursor -> clear_selection -> highlight -> invert_screen -> do_update_region -> fbcon_putcs -> ops->putcs Since ops->putcs is a NULL pointer, this leads to a kernel panic. To prevent this, we need to call set_blitting_type() within set_con2fb_map() to properly initialize ops->putcs. CVE-2024-50048 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50048.html CVE-2024-50048 https://bugzilla.suse.com/1232310 SUSE Bug 1232310 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointer before dereferencing se [WHAT & HOW] se is null checked previously in the same function, indicating it might be null; therefore, it must be checked when used again. This fixes 1 FORWARD_NULL issue reported by Coverity. CVE-2024-50049 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50049.html CVE-2024-50049 https://bugzilla.suse.com/1232309 SUSE Bug 1232309 In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API bus_register() For bus_register(), any error which happens after kset_register() will cause that @priv are freed twice, fixed by setting @priv with NULL after the first free. CVE-2024-50055 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50055.html CVE-2024-50055 https://bugzilla.suse.com/1232329 SUSE Bug 1232329 In the Linux kernel, the following vulnerability has been resolved: serial: protect uart_port_dtr_rts() in uart_shutdown() too Commit af224ca2df29 (serial: core: Prevent unsafe uart port access, part 3) added few uport == NULL checks. It added one to uart_shutdown(), so the commit assumes, uport can be NULL in there. But right after that protection, there is an unprotected "uart_port_dtr_rts(uport, false);" call. That is invoked only if HUPCL is set, so I assume that is the reason why we do not see lots of these reports. Or it cannot be NULL at this point at all for some reason :P. Until the above is investigated, stay on the safe side and move this dereference to the if too. I got this inconsistency from Coverity under CID 1585130. Thanks. CVE-2024-50058 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50058.html CVE-2024-50058 https://bugzilla.suse.com/1232285 SUSE Bug 1232285 In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition In the switchtec_ntb_add function, it can call switchtec_ntb_init_sndev function, then &sndev->check_link_status_work is bound with check_link_status_work. switchtec_ntb_link_notification may be called to start the work. If we remove the module which will call switchtec_ntb_remove to make cleanup, it will free sndev through kfree(sndev), while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | check_link_status_work switchtec_ntb_remove | kfree(sndev); | | if (sndev->link_force_down) | // use sndev Fix it by ensuring that the work is canceled before proceeding with the cleanup in switchtec_ntb_remove. CVE-2024-50059 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50059.html CVE-2024-50059 https://bugzilla.suse.com/1232345 SUSE Bug 1232345 https://bugzilla.suse.com/1232348 SUSE Bug 1232348 In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call cnds_i3c_master_demux_ibis function to start the work. If we remove the module which will call cdns_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | cdns_i3c_master_hj cdns_i3c_master_remove | i3c_master_unregister(&master->base) | device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in cdns_i3c_master_remove. CVE-2024-50061 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50061.html CVE-2024-50061 https://bugzilla.suse.com/1232263 SUSE Bug 1232263 In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tail call between progs attached to different hooks bpf progs can be attached to kernel functions, and the attached functions can take different parameters or return different return values. If prog attached to one kernel function tail calls prog attached to another kernel function, the ctx access or return value verification could be bypassed. For example, if prog1 is attached to func1 which takes only 1 parameter and prog2 is attached to func2 which takes two parameters. Since verifier assumes the bpf ctx passed to prog2 is constructed based on func2's prototype, verifier allows prog2 to access the second parameter from the bpf ctx passed to it. The problem is that verifier does not prevent prog1 from passing its bpf ctx to prog2 via tail call. In this case, the bpf ctx passed to prog2 is constructed from func1 instead of func2, that is, the assumption for ctx access verification is bypassed. Another example, if BPF LSM prog1 is attached to hook file_alloc_security, and BPF LSM prog2 is attached to hook bpf_lsm_audit_rule_known. Verifier knows the return value rules for these two hooks, e.g. it is legal for bpf_lsm_audit_rule_known to return positive number 1, and it is illegal for file_alloc_security to return positive number. So verifier allows prog2 to return positive number 1, but does not allow prog1 to return positive number. The problem is that verifier does not prevent prog1 from calling prog2 via tail call. In this case, prog2's return value 1 will be used as the return value for prog1's hook file_alloc_security. That is, the return value rule is bypassed. This patch adds restriction for tail call to prevent such bypasses. CVE-2024-50063 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50063.html CVE-2024-50063 https://bugzilla.suse.com/1232435 SUSE Bug 1232435 In the Linux kernel, the following vulnerability has been resolved: blk-mq: setup queue ->tag_set before initializing hctx Commit 7b815817aa58 ("blk-mq: add helper for checking if one CPU is mapped to specified hctx") needs to check queue mapping via tag set in hctx's cpuhp handler. However, q->tag_set may not be setup yet when the cpuhp handler is enabled, then kernel oops is triggered. Fix the issue by setup queue tag_set before initializing hctx. CVE-2024-50081 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_76-rt-1-150500.11.3.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.76.1 SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.76.1 openSUSE Leap Micro 5.5:kernel-rt-5.14.21-150500.13.76.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/ https://www.suse.com/security/cve/CVE-2024-50081.html CVE-2024-50081 https://bugzilla.suse.com/1232501 SUSE Bug 1232501