SUSE-SU-2024:3591-1

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2021-47387: cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (bsc#1225316).
• CVE-2022-48788: nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1227952).
• CVE-2022-48789: nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1228000).
• CVE-2022-48790: nvme: fix a possible use-after-free in controller reset during load (bsc#1227941).
• CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
• CVE-2022-48799: perf: Fix list corruption in perfcgroupswitch() (bsc#1227953).
• CVE-2022-48844: Bluetooth: hcicore: Fix leaking sentcmd skb (bsc#1228068).
• CVE-2022-48911: kabi: add _nfqueuegetrefs() for kabi compliance. (bsc#1229633).
• CVE-2022-48943: KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1229645).
• CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398).
• CVE-2023-52915: media: dvb-usb-v2: af9035: fix missing unlock (bsc#1230270).
• CVE-2024-38596: afunix: Fix data races in unixreleasesock/unixstream_sendmsg (bsc#1226846).
• CVE-2024-41073: nvme: avoid double free special payload (bsc#1228635).
• CVE-2024-41079: nvmet: always initialize cqe.result (bsc#1228615).
• CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082).
• CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
• CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
• CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
• CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
• CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
• CVE-2024-43890: tracing: Fix overflow in getfreeelt() (bsc#1229764).
• CVE-2024-43898: ext4: sanity check for NULL pointer after ext4forceshutdown (bsc#1229753).
• CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
• CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
• CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
• CVE-2024-44948: x86/mtrr: Check if fixed MTRRs exist before saving them (bsc#1230174).
• CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
• CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178).
• CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176).
• CVE-2024-44969: s390/sclp: Prevent release of buffer in I/O (bsc#1230200).
• CVE-2024-44982: drm/msm/dpu: cleanup FB if dpuformatpopulate_layout fails (bsc#1230204).
• CVE-2024-44987: ipv6: prevent UAF in ip6sendskb() (bsc#1230185).
• CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
• CVE-2024-44999: gtp: pull network headers in gtpdevxmit() (bsc#1230233).
• CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
• CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
• CVE-2024-46675: usb: dwc3: core: Prevent USB core invalid event buffer address access (bsc#1230533).
• CVE-2024-46676: nfc: pn533: Add poll mod list filling check (bsc#1230535).
• CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
• CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
• CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcsgetfunction() (bsc#1230515)
• CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2newread_req() (bsc#1230517).
• CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
• CVE-2024-46707: KVM: arm64: Make ICC*SGI*EL1 undef in the absence of a vGICv3 (bsc#1230582).
• CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700).
• CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
• CVE-2024-46722: drm/amdgpu: fix mc_data out-of-bounds read warning (bsc#1230712).
• CVE-2024-46723: drm/amdgpu: fix ucode out-of-bounds read warning (bsc#1230702).
• CVE-2024-46731: drm/amd/pm: fix the Out-of-bounds read warning (bsc#1230709).
• CVE-2024-46738: VMCI: Fix use-after-free when removing resource in vmciresourceremove() (bsc#1230731).
• CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
• CVE-2024-46744: Squashfs: sanity check symbolic link size (bsc#1230747).
• CVE-2024-46745: Input: uinput - reject requests with unreasonable number of slots (bsc#1230748).
• CVE-2024-46750: PCI: Add missing bridge lock to pcibuslock() (bsc#1230783).
• CVE-2024-46753: btrfs: handle errors from btrfsdecref() properly (bsc#1230796).
• CVE-2024-46759: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (bsc#1230814).
• CVE-2024-46761: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (bsc#1230761).
• CVE-2024-46770: ice: Add netifdeviceattach/detach into PF reset flow (bsc#1230763).
• CVE-2024-46783: tcpbpf: fix return value of tcpbpf_sendmsg() (bsc#1230810).
• CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
• CVE-2024-46822: arm64: acpi: Harden getcpuforacpiid() against missing CPU entry (bsc#1231120).
• CVE-2024-46853: spi: nxp-fspi: fix the KASAN report out-of-bounds bug (bsc#1231083).
• CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
• CVE-2024-46859: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (bsc#1231089).

The following non-security bugs were fixed:

• ACPI / EC: Clean up EC GPE mask flag (git-fixes).
• ACPI: EC: Avoid printing confusing messages in acpiecsetup() (git-fixes).
• ACPI: EC: Fix an EC event IRQ storming issue (git-fixes).
• ACPI: EC: tweak naming in preparation for GpioInt support (git-fixes).
• ACPI: SPCR: Consider baud rate 0 as preconfigured state (git-fixes).
• ACPI: SPCR: Workaround for APM X-Gene 8250 UART 32-alignment errata (git-fixes).
• ACPI: SPCR: work around clock issue on xgene UART (git-fixes).
• ACPI: blacklist: fix clang warning for unused DMI table (git-fixes).
• ACPI: video: Add new hwchangesbrightness quirk, set it on PB Easynote MZ35 (git-fixes).
• Drivers: hv: vmbus: Fix rescind handling in uiohvgeneric (git-fixes).
• Fix bsc#1054914 reference.
• PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes).
• RDMA/core: Remove unused declaration rdmaresolveip_route() (git-fixes)
• RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
• RDMA/iwcm: Fix WARNING:atkernel/workqueue.c:#checkflush_dependency (git-fixes)
• Revert 'ACPI / EC: Remove old CLEARONRESUME quirk' (git-fixes).
• afunix: Fix data races around sk->skshutdown (bsc#1226846).
• afunix: annotate lockless accesses to sk->skerr (bsc#1226846).
• autofs4: use waiteventkillable (bsc#1207341).
• ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231184).
• fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230151).
• kabi fix for proc/mounts: add cursor (bsc#1207341).
• kabi/severities: Ignore ppc instruction emulation (bsc#1230826 ltc#205848) These are lowlevel functions not used outside of exception handling and kernel debugging facilities.
• kthread: Fix task state in kthread worker if being frozen (bsc#1231146).
• media: vivid: avoid integer overflow (git-fixes).
• media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes).
• media: vivid: fix assignment of dev->fbufoutflags (git-fixes).
• media: vivid: s_fbuf: add more sanity checks (git-fixes).
• net: mana: Fix error handling in manacreatetxq/rxq's NAPI cleanup (git-fixes).
• net: mana: Fix race of manahwcpostrxwqe and new hwc response (git-fixes).
• net: usb: sr9700: fix uninitialized variable use in srmdioread (git-fixes).
• nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes).
• nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes).
• ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
• ocfs2: fix possible null-ptr-deref in ocfs2setbuffer_uptodate (git-fixes).
• ocfs2: remove unreasonable unlock in ocfs2readblocks (git-fixes).
• powerpc sstep: Add support for cnttzw, cnttzd instructions (bsc#1230826 ltc#205848).
• powerpc sstep: Add support for extswsli instruction (bsc#1230826 ltc#205848).
• powerpc sstep: Add support for modsd, modud instructions (bsc#1230826 ltc#205848).
• powerpc sstep: Add support for modsw, moduw instructions (bsc#1230826 ltc#205848).
• powerpc/32: Move the inline keyword at the beginning of function declaration (bsc#1230826 ltc#205848).
• powerpc/64: Fix update forms of loads and stores to write 64-bit EA (bsc#1230826 ltc#205848).
• powerpc/fpu: Drop cvtfd() and cvtdf() (bsc#1230826 ltc#205848).
• powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).
• powerpc/imc-pmu: Revert nestinitlock to being a mutex (bsc#1065729).
• powerpc/iommu: Annotate nested lock for lockdep (bsc#1065729).
• powerpc/kprobes: Blacklist emulateupdateregs() from kprobes (bsc#1230826 ltc#205848).
• powerpc/kprobes: Update optprobes to use emulateupdateregs() (bsc#1230826 ltc#205848).
• powerpc/lib/sstep: Add XER bits introduced in POWER ISA v3.0 (bsc#1230826 ltc#205848).
• powerpc/lib/sstep: Add bpermd instruction emulation (bsc#1230826 ltc#205848).
• powerpc/lib/sstep: Add cmpb instruction emulation (bsc#1230826 ltc#205848).
• powerpc/lib/sstep: Add isel instruction emulation (bsc#1230826 ltc#205848).
• powerpc/lib/sstep: Add popcnt instruction emulation (bsc#1230826 ltc#205848).
• powerpc/lib/sstep: Add prty instruction emulation (bsc#1230826 ltc#205848).
• powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1230826 ltc#205848).
• powerpc/lib/sstep: Fix count leading zeros instructions (bsc#1230826 ltc#205848).
• powerpc/lib/sstep: Fix fixed-point arithmetic instructions that set CA32 (bsc#1230826 ltc#205848).
• powerpc/lib/sstep: Fix fixed-point shift instructions that set CA32 (bsc#1230826 ltc#205848).
• powerpc/lib/sstep: fix 'ptesync' build error (bsc#1230826 ltc#205848).
• powerpc/lib: Fix 'integer constant is too large' build failure (bsc#1230826 ltc#205848).
• powerpc/lib: fix redundant inclusion of quad.o (bsc#1230826 ltc#205848).
• powerpc/ppc-opcode: Add divde and divdeu opcodes (bsc#1230826 ltc#205848).
• powerpc/pseries: fix possible memory leak in ibmebusbusinit() (bsc#1065729).
• powerpc/sstep: Add support for divde[.] and divdeu[.] instructions (bsc#1230826 ltc#205848).
• powerpc/sstep: Avoid used uninitialized error (bsc#1230826 ltc#205848).
• powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1230826 ltc#205848).
• powerpc/sstep: Fix darn emulation (bsc#1230826 ltc#205848).
• powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1230826 ltc#205848).
• powerpc/sstep: Fix issues with mcrf (bsc#1230826 ltc#205848).
• powerpc/sstep: Fix issues with set_cr0() (bsc#1230826 ltc#205848).
• powerpc/sstep: Fix kernel crash if VSX is not present (bsc#1230826 ltc#205848).
• powerpc/sstep: Introduce GETTYPE macro (bsc#1230826 ltc#205848).
• powerpc/sstep: mullw should calculate a 64 bit signed result (bsc#1230826 ltc#205848).
• powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
• powerpc: Add emulation for the addpcis instruction (bsc#1230826 ltc#205848).
• powerpc: Change analyse_instr so it does not modify *regs (bsc#1230826 ltc#205848).
• powerpc: Do not check MSR FP/VMX/VSX enable bits in analyse_instr() (bsc#1230826 ltc#205848).
• powerpc: Do not update CR0 in emulation of popcnt, prty, bpermd instructions (bsc#1230826 ltc#205848).
• powerpc: Emulate FP/vector/VSX loads/stores correctly when regs not live (bsc#1230826 ltc#205848).
• powerpc: Emulate load/store floating double pair instructions (bsc#1230826 ltc#205848).
• powerpc: Emulate load/store floating point as integer word instructions (bsc#1230826 ltc#205848).
• powerpc: Emulate the dcbz instruction (bsc#1230826 ltc#205848).
• powerpc: Emulate vector element load/store instructions (bsc#1230826 ltc#205848).
• powerpc: Fix emulation of the isel instruction (bsc#1230826 ltc#205848).
• powerpc: Fix handling of alignment interrupt on dcbz instruction (bsc#1230826 ltc#205848).
• powerpc: Fix kernel crash in emulation of vector loads and stores (bsc#1230826 ltc#205848).
• powerpc: Handle most loads and stores in instruction emulation code (bsc#1230826 ltc#205848).
• powerpc: Handle opposite-endian processes in emulation code (bsc#1230826 ltc#205848).
• powerpc: Make load/store emulation use larger memory accesses (bsc#1230826 ltc#205848).
• powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).
• powerpc: Separate out load/store emulation into its own function (bsc#1230826 ltc#205848).
• powerpc: Set regs->dar if memory access fails in emulate_step() (bsc#1230826 ltc#205848).
• powerpc: Use instruction emulation infrastructure to handle alignment faults (bsc#1230826 ltc#205848).
• powerpc: Wrap register number correctly for string load/store instructions (bsc#1230826 ltc#205848).
• powerpc: sstep: Add support for darn instruction (bsc#1230826 ltc#205848).
• powerpc: sstep: Add support for maddhd, maddhdu, maddld instructions (bsc#1230826 ltc#205848).
• proc/mounts: add cursor (bsc#1207341).
• profiling: fix shift too large makes kernel panic (git-fixes).
• tracing: Avoid possible softlockup in tracingiterreset() (git-fixes).
• uiohvgeneric: Fix kernel NULL pointer dereference in hvuiorescind (git-fixes).
• usbnet: fix cyclical race on disconnect with work queue (git-fixes).
• usbnet: modern method to get random MAC (git-fixes).