{"affected":[{"ecosystem_specific":{"binaries":[{"kernel-rt":"5.14.21-150400.15.103.1","kernel-source-rt":"5.14.21-150400.15.103.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.3","name":"kernel-rt","purl":"pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.103.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-rt":"5.14.21-150400.15.103.1","kernel-source-rt":"5.14.21-150400.15.103.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.3","name":"kernel-source-rt","purl":"pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.103.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-rt":"5.14.21-150400.15.103.1","kernel-source-rt":"5.14.21-150400.15.103.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.4","name":"kernel-rt","purl":"pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.103.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-rt":"5.14.21-150400.15.103.1","kernel-source-rt":"5.14.21-150400.15.103.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.4","name":"kernel-source-rt","purl":"pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.14.21-150400.15.103.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThe SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).\n- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)\n- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).\n- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).\n- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).\n- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)\n- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).\n- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).\n- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).\n- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).\n- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).\n- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).\n- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).\n- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).\n- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).\n- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).\n- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).\n- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).\n- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).\n- CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).\n- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).\n- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).\n- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).\n- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).\n\nThe following non-security bugs were fixed:\n\n- Update config files (bsc#1218644).\n- Update config files. Enabled IDPF for ARM64 (bsc#1221309)\n- initramfs: avoid filename buffer overrun (bsc#1232436).\n- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).\n- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).\n- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)\n- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).\n- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).\n","id":"SUSE-SU-2024:4345-1","modified":"2024-12-17T08:31:01Z","published":"2024-12-17T08:31:01Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20244345-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218644"},{"type":"REPORT","url":"https://bugzilla.suse.com/1220382"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221309"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222590"},{"type":"REPORT","url":"https://bugzilla.suse.com/1229345"},{"type":"REPORT","url":"https://bugzilla.suse.com/1229808"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230220"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231646"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232165"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232187"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232224"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232312"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232436"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232860"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232907"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232919"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232928"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233070"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233117"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233214"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233293"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233453"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233456"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233463"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233468"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233479"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233490"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233491"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233555"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233557"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233561"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233977"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-52922"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-26782"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-43854"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-44932"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-44964"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47757"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-49925"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-49945"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50017"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50089"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50115"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50125"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50127"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50154"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50205"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50208"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50259"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50264"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50267"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50274"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50279"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50290"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50301"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50302"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-53061"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-53063"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-53068"}],"related":["CVE-2023-52922","CVE-2024-26782","CVE-2024-43854","CVE-2024-44932","CVE-2024-44964","CVE-2024-47757","CVE-2024-49925","CVE-2024-49945","CVE-2024-50017","CVE-2024-50089","CVE-2024-50115","CVE-2024-50125","CVE-2024-50127","CVE-2024-50154","CVE-2024-50205","CVE-2024-50208","CVE-2024-50259","CVE-2024-50264","CVE-2024-50267","CVE-2024-50274","CVE-2024-50279","CVE-2024-50290","CVE-2024-50301","CVE-2024-50302","CVE-2024-53061","CVE-2024-53063","CVE-2024-53068"],"summary":"Security update for the Linux Kernel","upstream":["CVE-2023-52922","CVE-2024-26782","CVE-2024-43854","CVE-2024-44932","CVE-2024-44964","CVE-2024-47757","CVE-2024-49925","CVE-2024-49945","CVE-2024-50017","CVE-2024-50089","CVE-2024-50115","CVE-2024-50125","CVE-2024-50127","CVE-2024-50154","CVE-2024-50205","CVE-2024-50208","CVE-2024-50259","CVE-2024-50264","CVE-2024-50267","CVE-2024-50274","CVE-2024-50279","CVE-2024-50290","CVE-2024-50301","CVE-2024-50302","CVE-2024-53061","CVE-2024-53063","CVE-2024-53068"]}