SUSE-SU-2024:2011-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20242011-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:2011-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:2011-1
Related
Published
2024-06-12T16:39:51Z
Modified
2024-06-12T16:39:51Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctpautoasconf_init in net/sctp/socket.c (bsc#1218917).
  • CVE-2024-26828: Fixed underflow in parseserverinterfaces() (bsc#1223084).
  • CVE-2024-26840: Fixed a memory leak in cachefilesaddcache() (bsc#1222976).
  • CVE-2024-26852: Fixed use-after-free in ip6routempath_notify() (bsc#1223057).
  • CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
  • CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
  • CVE-2024-26925: Release mutex after nftgcseq_end from abort path (bsc#1223390).
  • CVE-2024-26928: Fixed potential UAF in cifsdebugfilesprocshow() (bsc#1223532).
  • CVE-2024-26929: Fixed double free of fcport (bsc#1223715).
  • CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626).
  • CVE-2024-27398: Fixed use-after-free bugs caused by scosocktimeout (bsc#1224174).
  • CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438).
  • CVE-2024-35817: Set gtt bound flag in amdgputtmgart_bind (bsc#1224736).
  • CVE-2024-35863: Fixed potential UAF in isvalidoplock_break() (bsc#1224763).
  • CVE-2024-35867: Fixed potential UAF in cifsstatsproc_show() (bsc#1224664).
  • CVE-2024-35868: Fixed potential UAF in cifsstatsproc_write() (bsc#1224678).
  • CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494).
  • CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
  • CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011).

The following non-security bugs were fixed:

  • afunix: annote lockless accesses to unixtotinflight & gcin_progress (bsc#1223384).
  • afunix: Do not use atomic ops for unixsk(sk)->inflight (bsc#1223384).
  • afunix: Replace BUGON() with WARNONONCE() (bsc#1223384).
  • filemap: remove use of wait bookmarks (bsc#1224085).
  • idpf: extend tx watchdog timeout (bsc#1224137).
  • ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
  • powerpc: Avoid nmienter/nmiexit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
  • powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
  • powerpc/powernv: Add a null pointer check in opaleventinit() (bsc#1065729).
  • powerpc/powernv: Add a null pointer check to scomdebuginit_one() (bsc#1194869).
  • powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
  • powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
  • powerpc: Refactor verification of MSR_RI (bsc#1223191).
  • supported.conf: support tcp_dctcp module (jsc#PED-8111)
References

Affected packages

SUSE:Linux Enterprise Micro 5.3 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.82.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.82.1",
            "kernel-rt": "5.14.21-150400.15.82.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.82.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.82.1",
            "kernel-rt": "5.14.21-150400.15.82.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.82.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.82.1",
            "kernel-rt": "5.14.21-150400.15.82.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.82.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.82.1",
            "kernel-rt": "5.14.21-150400.15.82.1"
        }
    ]
}

openSUSE:Leap Micro 5.3 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.82.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.14.21-150400.15.82.1"
        }
    ]
}

openSUSE:Leap Micro 5.4 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.82.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.14.21-150400.15.82.1"
        }
    ]
}