SUSE-SU-2024:3591-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20243591-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3591-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:3591-1
Related
Published
2024-10-10T15:34:34Z
Modified
2024-10-10T15:34:34Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2021-47387: cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (bsc#1225316).
  • CVE-2022-48788: nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1227952).
  • CVE-2022-48789: nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1228000).
  • CVE-2022-48790: nvme: fix a possible use-after-free in controller reset during load (bsc#1227941).
  • CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
  • CVE-2022-48799: perf: Fix list corruption in perfcgroupswitch() (bsc#1227953).
  • CVE-2022-48844: Bluetooth: hcicore: Fix leaking sentcmd skb (bsc#1228068).
  • CVE-2022-48911: kabi: add _nfqueuegetrefs() for kabi compliance. (bsc#1229633).
  • CVE-2022-48943: KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1229645).
  • CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398).
  • CVE-2023-52915: media: dvb-usb-v2: af9035: fix missing unlock (bsc#1230270).
  • CVE-2024-38596: afunix: Fix data races in unixreleasesock/unixstream_sendmsg (bsc#1226846).
  • CVE-2024-41073: nvme: avoid double free special payload (bsc#1228635).
  • CVE-2024-41079: nvmet: always initialize cqe.result (bsc#1228615).
  • CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082).
  • CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
  • CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
  • CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
  • CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
  • CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
  • CVE-2024-43890: tracing: Fix overflow in getfreeelt() (bsc#1229764).
  • CVE-2024-43898: ext4: sanity check for NULL pointer after ext4forceshutdown (bsc#1229753).
  • CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
  • CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
  • CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
  • CVE-2024-44948: x86/mtrr: Check if fixed MTRRs exist before saving them (bsc#1230174).
  • CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
  • CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178).
  • CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176).
  • CVE-2024-44969: s390/sclp: Prevent release of buffer in I/O (bsc#1230200).
  • CVE-2024-44982: drm/msm/dpu: cleanup FB if dpuformatpopulate_layout fails (bsc#1230204).
  • CVE-2024-44987: ipv6: prevent UAF in ip6sendskb() (bsc#1230185).
  • CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
  • CVE-2024-44999: gtp: pull network headers in gtpdevxmit() (bsc#1230233).
  • CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
  • CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
  • CVE-2024-46675: usb: dwc3: core: Prevent USB core invalid event buffer address access (bsc#1230533).
  • CVE-2024-46676: nfc: pn533: Add poll mod list filling check (bsc#1230535).
  • CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
  • CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
  • CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcsgetfunction() (bsc#1230515)
  • CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2newread_req() (bsc#1230517).
  • CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
  • CVE-2024-46707: KVM: arm64: Make ICC*SGI*EL1 undef in the absence of a vGICv3 (bsc#1230582).
  • CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700).
  • CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
  • CVE-2024-46722: drm/amdgpu: fix mc_data out-of-bounds read warning (bsc#1230712).
  • CVE-2024-46723: drm/amdgpu: fix ucode out-of-bounds read warning (bsc#1230702).
  • CVE-2024-46731: drm/amd/pm: fix the Out-of-bounds read warning (bsc#1230709).
  • CVE-2024-46738: VMCI: Fix use-after-free when removing resource in vmciresourceremove() (bsc#1230731).
  • CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
  • CVE-2024-46744: Squashfs: sanity check symbolic link size (bsc#1230747).
  • CVE-2024-46745: Input: uinput - reject requests with unreasonable number of slots (bsc#1230748).
  • CVE-2024-46750: PCI: Add missing bridge lock to pcibuslock() (bsc#1230783).
  • CVE-2024-46753: btrfs: handle errors from btrfsdecref() properly (bsc#1230796).
  • CVE-2024-46759: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (bsc#1230814).
  • CVE-2024-46761: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (bsc#1230761).
  • CVE-2024-46770: ice: Add netifdeviceattach/detach into PF reset flow (bsc#1230763).
  • CVE-2024-46783: tcpbpf: fix return value of tcpbpf_sendmsg() (bsc#1230810).
  • CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
  • CVE-2024-46822: arm64: acpi: Harden getcpuforacpiid() against missing CPU entry (bsc#1231120).
  • CVE-2024-46853: spi: nxp-fspi: fix the KASAN report out-of-bounds bug (bsc#1231083).
  • CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
  • CVE-2024-46859: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (bsc#1231089).

The following non-security bugs were fixed:

  • ACPI / EC: Clean up EC GPE mask flag (git-fixes).
  • ACPI: EC: Avoid printing confusing messages in acpiecsetup() (git-fixes).
  • ACPI: EC: Fix an EC event IRQ storming issue (git-fixes).
  • ACPI: EC: tweak naming in preparation for GpioInt support (git-fixes).
  • ACPI: SPCR: Consider baud rate 0 as preconfigured state (git-fixes).
  • ACPI: SPCR: Workaround for APM X-Gene 8250 UART 32-alignment errata (git-fixes).
  • ACPI: SPCR: work around clock issue on xgene UART (git-fixes).
  • ACPI: blacklist: fix clang warning for unused DMI table (git-fixes).
  • ACPI: video: Add new hwchangesbrightness quirk, set it on PB Easynote MZ35 (git-fixes).
  • Drivers: hv: vmbus: Fix rescind handling in uiohvgeneric (git-fixes).
  • Fix bsc#1054914 reference.
  • PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes).
  • RDMA/core: Remove unused declaration rdmaresolveip_route() (git-fixes)
  • RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
  • RDMA/iwcm: Fix WARNING:atkernel/workqueue.c:#checkflush_dependency (git-fixes)
  • Revert 'ACPI / EC: Remove old CLEARONRESUME quirk' (git-fixes).
  • afunix: Fix data races around sk->skshutdown (bsc#1226846).
  • afunix: annotate lockless accesses to sk->skerr (bsc#1226846).
  • autofs4: use waiteventkillable (bsc#1207341).
  • ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231184).
  • fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230151).
  • kabi fix for proc/mounts: add cursor (bsc#1207341).
  • kabi/severities: Ignore ppc instruction emulation (bsc#1230826 ltc#205848) These are lowlevel functions not used outside of exception handling and kernel debugging facilities.
  • kthread: Fix task state in kthread worker if being frozen (bsc#1231146).
  • media: vivid: avoid integer overflow (git-fixes).
  • media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes).
  • media: vivid: fix assignment of dev->fbufoutflags (git-fixes).
  • media: vivid: s_fbuf: add more sanity checks (git-fixes).
  • net: mana: Fix error handling in manacreatetxq/rxq's NAPI cleanup (git-fixes).
  • net: mana: Fix race of manahwcpostrxwqe and new hwc response (git-fixes).
  • net: usb: sr9700: fix uninitialized variable use in srmdioread (git-fixes).
  • nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes).
  • nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes).
  • ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
  • ocfs2: fix possible null-ptr-deref in ocfs2setbuffer_uptodate (git-fixes).
  • ocfs2: remove unreasonable unlock in ocfs2readblocks (git-fixes).
  • powerpc sstep: Add support for cnttzw, cnttzd instructions (bsc#1230826 ltc#205848).
  • powerpc sstep: Add support for extswsli instruction (bsc#1230826 ltc#205848).
  • powerpc sstep: Add support for modsd, modud instructions (bsc#1230826 ltc#205848).
  • powerpc sstep: Add support for modsw, moduw instructions (bsc#1230826 ltc#205848).
  • powerpc/32: Move the inline keyword at the beginning of function declaration (bsc#1230826 ltc#205848).
  • powerpc/64: Fix update forms of loads and stores to write 64-bit EA (bsc#1230826 ltc#205848).
  • powerpc/fpu: Drop cvtfd() and cvtdf() (bsc#1230826 ltc#205848).
  • powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).
  • powerpc/imc-pmu: Revert nestinitlock to being a mutex (bsc#1065729).
  • powerpc/iommu: Annotate nested lock for lockdep (bsc#1065729).
  • powerpc/kprobes: Blacklist emulateupdateregs() from kprobes (bsc#1230826 ltc#205848).
  • powerpc/kprobes: Update optprobes to use emulateupdateregs() (bsc#1230826 ltc#205848).
  • powerpc/lib/sstep: Add XER bits introduced in POWER ISA v3.0 (bsc#1230826 ltc#205848).
  • powerpc/lib/sstep: Add bpermd instruction emulation (bsc#1230826 ltc#205848).
  • powerpc/lib/sstep: Add cmpb instruction emulation (bsc#1230826 ltc#205848).
  • powerpc/lib/sstep: Add isel instruction emulation (bsc#1230826 ltc#205848).
  • powerpc/lib/sstep: Add popcnt instruction emulation (bsc#1230826 ltc#205848).
  • powerpc/lib/sstep: Add prty instruction emulation (bsc#1230826 ltc#205848).
  • powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1230826 ltc#205848).
  • powerpc/lib/sstep: Fix count leading zeros instructions (bsc#1230826 ltc#205848).
  • powerpc/lib/sstep: Fix fixed-point arithmetic instructions that set CA32 (bsc#1230826 ltc#205848).
  • powerpc/lib/sstep: Fix fixed-point shift instructions that set CA32 (bsc#1230826 ltc#205848).
  • powerpc/lib/sstep: fix 'ptesync' build error (bsc#1230826 ltc#205848).
  • powerpc/lib: Fix 'integer constant is too large' build failure (bsc#1230826 ltc#205848).
  • powerpc/lib: fix redundant inclusion of quad.o (bsc#1230826 ltc#205848).
  • powerpc/ppc-opcode: Add divde and divdeu opcodes (bsc#1230826 ltc#205848).
  • powerpc/pseries: fix possible memory leak in ibmebusbusinit() (bsc#1065729).
  • powerpc/sstep: Add support for divde[.] and divdeu[.] instructions (bsc#1230826 ltc#205848).
  • powerpc/sstep: Avoid used uninitialized error (bsc#1230826 ltc#205848).
  • powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1230826 ltc#205848).
  • powerpc/sstep: Fix darn emulation (bsc#1230826 ltc#205848).
  • powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1230826 ltc#205848).
  • powerpc/sstep: Fix issues with mcrf (bsc#1230826 ltc#205848).
  • powerpc/sstep: Fix issues with set_cr0() (bsc#1230826 ltc#205848).
  • powerpc/sstep: Fix kernel crash if VSX is not present (bsc#1230826 ltc#205848).
  • powerpc/sstep: Introduce GETTYPE macro (bsc#1230826 ltc#205848).
  • powerpc/sstep: mullw should calculate a 64 bit signed result (bsc#1230826 ltc#205848).
  • powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
  • powerpc: Add emulation for the addpcis instruction (bsc#1230826 ltc#205848).
  • powerpc: Change analyse_instr so it does not modify *regs (bsc#1230826 ltc#205848).
  • powerpc: Do not check MSR FP/VMX/VSX enable bits in analyse_instr() (bsc#1230826 ltc#205848).
  • powerpc: Do not update CR0 in emulation of popcnt, prty, bpermd instructions (bsc#1230826 ltc#205848).
  • powerpc: Emulate FP/vector/VSX loads/stores correctly when regs not live (bsc#1230826 ltc#205848).
  • powerpc: Emulate load/store floating double pair instructions (bsc#1230826 ltc#205848).
  • powerpc: Emulate load/store floating point as integer word instructions (bsc#1230826 ltc#205848).
  • powerpc: Emulate the dcbz instruction (bsc#1230826 ltc#205848).
  • powerpc: Emulate vector element load/store instructions (bsc#1230826 ltc#205848).
  • powerpc: Fix emulation of the isel instruction (bsc#1230826 ltc#205848).
  • powerpc: Fix handling of alignment interrupt on dcbz instruction (bsc#1230826 ltc#205848).
  • powerpc: Fix kernel crash in emulation of vector loads and stores (bsc#1230826 ltc#205848).
  • powerpc: Handle most loads and stores in instruction emulation code (bsc#1230826 ltc#205848).
  • powerpc: Handle opposite-endian processes in emulation code (bsc#1230826 ltc#205848).
  • powerpc: Make load/store emulation use larger memory accesses (bsc#1230826 ltc#205848).
  • powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).
  • powerpc: Separate out load/store emulation into its own function (bsc#1230826 ltc#205848).
  • powerpc: Set regs->dar if memory access fails in emulate_step() (bsc#1230826 ltc#205848).
  • powerpc: Use instruction emulation infrastructure to handle alignment faults (bsc#1230826 ltc#205848).
  • powerpc: Wrap register number correctly for string load/store instructions (bsc#1230826 ltc#205848).
  • powerpc: sstep: Add support for darn instruction (bsc#1230826 ltc#205848).
  • powerpc: sstep: Add support for maddhd, maddhdu, maddld instructions (bsc#1230826 ltc#205848).
  • proc/mounts: add cursor (bsc#1207341).
  • profiling: fix shift too large makes kernel panic (git-fixes).
  • tracing: Avoid possible softlockup in tracingiterreset() (git-fixes).
  • uiohvgeneric: Fix kernel NULL pointer dereference in hvuiorescind (git-fixes).
  • usbnet: fix cyclical race on disconnect with work queue (git-fixes).
  • usbnet: modern method to get random MAC (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Server 12 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.200.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.200.1",
            "kernel-azure-devel": "4.12.14-16.200.1",
            "kernel-devel-azure": "4.12.14-16.200.1",
            "kernel-syms-azure": "4.12.14-16.200.1",
            "kernel-azure-base": "4.12.14-16.200.1",
            "kernel-source-azure": "4.12.14-16.200.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.200.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.200.1",
            "kernel-azure-devel": "4.12.14-16.200.1",
            "kernel-devel-azure": "4.12.14-16.200.1",
            "kernel-syms-azure": "4.12.14-16.200.1",
            "kernel-azure-base": "4.12.14-16.200.1",
            "kernel-source-azure": "4.12.14-16.200.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.200.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.200.1",
            "kernel-azure-devel": "4.12.14-16.200.1",
            "kernel-devel-azure": "4.12.14-16.200.1",
            "kernel-syms-azure": "4.12.14-16.200.1",
            "kernel-azure-base": "4.12.14-16.200.1",
            "kernel-source-azure": "4.12.14-16.200.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.200.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.200.1",
            "kernel-azure-devel": "4.12.14-16.200.1",
            "kernel-devel-azure": "4.12.14-16.200.1",
            "kernel-syms-azure": "4.12.14-16.200.1",
            "kernel-azure-base": "4.12.14-16.200.1",
            "kernel-source-azure": "4.12.14-16.200.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.200.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.200.1",
            "kernel-azure-devel": "4.12.14-16.200.1",
            "kernel-devel-azure": "4.12.14-16.200.1",
            "kernel-syms-azure": "4.12.14-16.200.1",
            "kernel-azure-base": "4.12.14-16.200.1",
            "kernel-source-azure": "4.12.14-16.200.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.200.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.200.1",
            "kernel-azure-devel": "4.12.14-16.200.1",
            "kernel-devel-azure": "4.12.14-16.200.1",
            "kernel-syms-azure": "4.12.14-16.200.1",
            "kernel-azure-base": "4.12.14-16.200.1",
            "kernel-source-azure": "4.12.14-16.200.1"
        }
    ]
}