SUSE-SU-2024:1645-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1645-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:1645-1
- Related
- Published
- 2024-05-14T14:30:22Z
- Modified
- 2024-05-14T14:30:22Z
- Summary
- Security update for the Linux Kernel
- Details
-
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26840: Fixed a memory leak in cachefilesaddcache() (bsc#1222976).
- CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543).
- CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6routempath_notify() (bsc#1223057).
- CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctpautoasconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where ehentries == 0 and ehdepth > 0 (bsc#1223475).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2024-26906: Disallowed vsyscall page read for copyfromkernel_nofault() (bsc#1223202).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIGXENPV=y by ignoring them (bsc#1222624).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26689: Fixed a use-after-free in encodecapmsg() (bsc#1222503).
- CVE-2021-47041: Don't set skuserdata without write_lock (bsc#1220755).
- CVE-2021-47074: Fixed memory leak in nvmeloopcreate_ctrl() (bsc#1220854).
- CVE-2024-26744: Fixed null pointer dereference in srptserviceguid parameter in rdma/srpt (bsc#1222449).
The following non-security bugs were fixed:
- dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113).
- dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113).
- net/tls: Remove the context from the list in tlsdevicedown (bsc#1221545).
- tls: Fix context leak on tlsdevicedown (bsc#1221545).
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
- https://bugzilla.suse.com/1190576
- https://bugzilla.suse.com/1192145
- https://bugzilla.suse.com/1200313
- https://bugzilla.suse.com/1201489
- https://bugzilla.suse.com/1203906
- https://bugzilla.suse.com/1203935
- https://bugzilla.suse.com/1204614
- https://bugzilla.suse.com/1211592
- https://bugzilla.suse.com/1218562
- https://bugzilla.suse.com/1218917
- https://bugzilla.suse.com/1219169
- https://bugzilla.suse.com/1219170
- https://bugzilla.suse.com/1219264
- https://bugzilla.suse.com/1220513
- https://bugzilla.suse.com/1220755
- https://bugzilla.suse.com/1220854
- https://bugzilla.suse.com/1221113
- https://bugzilla.suse.com/1221299
- https://bugzilla.suse.com/1221543
- https://bugzilla.suse.com/1221545
- https://bugzilla.suse.com/1222449
- https://bugzilla.suse.com/1222482
- https://bugzilla.suse.com/1222503
- https://bugzilla.suse.com/1222559
- https://bugzilla.suse.com/1222624
- https://bugzilla.suse.com/1222666
- https://bugzilla.suse.com/1222709
- https://bugzilla.suse.com/1222790
- https://bugzilla.suse.com/1222792
- https://bugzilla.suse.com/1222829
- https://bugzilla.suse.com/1222876
- https://bugzilla.suse.com/1222881
- https://bugzilla.suse.com/1222883
- https://bugzilla.suse.com/1222894
- https://bugzilla.suse.com/1222976
- https://bugzilla.suse.com/1223016
- https://bugzilla.suse.com/1223057
- https://bugzilla.suse.com/1223111
- https://bugzilla.suse.com/1223187
- https://bugzilla.suse.com/1223202
- https://bugzilla.suse.com/1223475
- https://bugzilla.suse.com/1223482
- https://bugzilla.suse.com/1223509
- https://bugzilla.suse.com/1223513
- https://bugzilla.suse.com/1223522
- https://bugzilla.suse.com/1223824
- https://bugzilla.suse.com/1223921
- https://bugzilla.suse.com/1223923
- https://bugzilla.suse.com/1223931
- https://bugzilla.suse.com/1223941
- https://bugzilla.suse.com/1223948
- https://bugzilla.suse.com/1223952
- https://bugzilla.suse.com/1223963
- https://www.suse.com/security/cve/CVE-2021-46955
- https://www.suse.com/security/cve/CVE-2021-47041
- https://www.suse.com/security/cve/CVE-2021-47074
- https://www.suse.com/security/cve/CVE-2021-47113
- https://www.suse.com/security/cve/CVE-2021-47131
- https://www.suse.com/security/cve/CVE-2021-47184
- https://www.suse.com/security/cve/CVE-2021-47194
- https://www.suse.com/security/cve/CVE-2021-47198
- https://www.suse.com/security/cve/CVE-2021-47201
- https://www.suse.com/security/cve/CVE-2021-47203
- https://www.suse.com/security/cve/CVE-2021-47206
- https://www.suse.com/security/cve/CVE-2021-47207
- https://www.suse.com/security/cve/CVE-2021-47212
- https://www.suse.com/security/cve/CVE-2021-47216
- https://www.suse.com/security/cve/CVE-2022-48631
- https://www.suse.com/security/cve/CVE-2022-48638
- https://www.suse.com/security/cve/CVE-2022-48650
- https://www.suse.com/security/cve/CVE-2022-48651
- https://www.suse.com/security/cve/CVE-2022-48654
- https://www.suse.com/security/cve/CVE-2022-48672
- https://www.suse.com/security/cve/CVE-2022-48686
- https://www.suse.com/security/cve/CVE-2022-48687
- https://www.suse.com/security/cve/CVE-2022-48693
- https://www.suse.com/security/cve/CVE-2022-48695
- https://www.suse.com/security/cve/CVE-2022-48701
- https://www.suse.com/security/cve/CVE-2022-48702
- https://www.suse.com/security/cve/CVE-2024-0639
- https://www.suse.com/security/cve/CVE-2024-23307
- https://www.suse.com/security/cve/CVE-2024-26610
- https://www.suse.com/security/cve/CVE-2024-26688
- https://www.suse.com/security/cve/CVE-2024-26689
- https://www.suse.com/security/cve/CVE-2024-26739
- https://www.suse.com/security/cve/CVE-2024-26744
- https://www.suse.com/security/cve/CVE-2024-26816
- https://www.suse.com/security/cve/CVE-2024-26840
- https://www.suse.com/security/cve/CVE-2024-26852
- https://www.suse.com/security/cve/CVE-2024-26862
- https://www.suse.com/security/cve/CVE-2024-26898
- https://www.suse.com/security/cve/CVE-2024-26903
- https://www.suse.com/security/cve/CVE-2024-26906
- https://www.suse.com/security/cve/CVE-2024-27043
Affected packages
SUSE:Linux Enterprise Micro 5.1 / kernel-rt
Package
- Name
- kernel-rt
- Purl
- purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1
SUSE:Linux Enterprise Micro 5.1 / kernel-source-rt
Package
- Name
- kernel-source-rt
- Purl
- purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1
SUSE:Linux Enterprise Micro 5.2 / kernel-rt
Package
- Name
- kernel-rt
- Purl
- purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2